Re: Confidential?
So, if I link a person to a unique identifier, and then attach other personal data to it, its not a privacy concern? I must be stupid.
265 posts • joined 31 Jul 2008
If I found your door unlocked, walked into your house, put PewDiePie grafitti on the wall, and left muttering, "that'll teach you not to lock your door..." I'd expect there to be legal consequences. And I'd expect someone to give me a right Gibbs on the back side of my head for liking PewDiePie.
> "And, therein lies the problem.... the "miscreants" would probably never know anything about this let alone exploit it if these issues were never made public to begin with."
Snowden told me that the US Govm't were doing it. There was one bunch of miscreants using unpublicised zero-days.
Actually, "At Bing, the task of creating programmatic tests was moved onto developers, instead of dedicated testers."
The failure was *moving* programmatic tests and not *collaborating on*.
Suggests the developers had a culture of not testing themselves (In the Bing team - This may or may not be true) and that would certainly help if they started doing some basic unit/integration tests.
... I get that. But tweets from people raging that they 'lost 3 clients' etc, also really annoy me. Especially in London. If your business relies on stable internet... ensure you have at least one failover. Even if its a mobile phone dongle. Although why it takes ISPs so long to route around problems is beyond me, especially when this is what routers were literally designed for.
https://www.vg.no/nyheter/innenriks/i/1k9EQK/forsvarsdepartementet-kjoepte-utstyr-for-533-000-droppes-etter-kina-avsloering
"Norske Nasjonal sikkerhetsmyndighet har imidlertid bekreftet overfor VG at de har vært kjent med «problemstillingen» knyttet til produsenten siden juni i år. "
"However, the Norwegian National Security Authority has confirmed to VG that they have been familiar with the "problem" associated with the manufacturer since June this year."
Oh really?
Much as I enjoy a good MS bashing, the .Net Core is actually pretty good, open source and on point. And I'd much rather neophyte IoT developers use a framework than reroll security defences ad nauseam, because otherwise we end up with, well, the sh** we have now.
"What happens when an organization gets so reliant on Cloud"
The 'cloud' is just another deployment target. If you can't switch deployment targets, you're tooled incorrectly. Locking yourself into services (Azure-specific APIs etc) are more of an issue, but if your code is decoupled and agnostic, switching to another provider isn't immediate and free, but it shouldn't be an exorbitant burden either.
This is 2018. Digital-aware businesses should know their estate and domain much better than the hide-bound days. And most 'big' business has already faced that pain enough times to have adapted. Or died trying.
Harold Shipman changed medical records in a murder spree. There's one use case. Anywhere where you can't allow changes to a document, but to *supersede it* (and keep a time-retained copy) has a use case. Financial contracts are one of these. Can't go and change the SLAs after the fact...
Am curious how this works with a GDPR subject-delete request.
But its enrichment data that can be used to identify someone. salesmanager101@anymailprovider.com may not be a direct identifier, nor is ipaddress of smallcompany.com, but if you reverse lookup the ip to small company, then ring and ask to speak to the sales manager, you just personally identified someone from two pieces of enrichment data. And this happens with most pre-GDPR lead management systems.