Infosecurity.US

Information Security & Occasional Forays Into Adjacent Realms

  • Web Log

Black Hat USA 2019, James Pavur's 'GDPArrrrr: Using Privacy Laws To Steal Identities' →

September 29, 2019 by Marc Handelman in Black Hat USA 2019, Conferences, Education, Information Security, GDPR

Thanks to Black Hat for publishing the Black Hat 2019

tremendous conference videos on their YouTube Channel

September 29, 2019 /Marc Handelman
Black Hat USA 2019, Conferences, Education, Information Security, GDPR

The €50,000,000 Fine Is Now Due

January 22, 2019 by Marc Handelman in Death of Privacy, GDPR, Information Security

Google (NASDAQ: GOOG)... ordered to cough it up...

January 22, 2019 /Marc Handelman
Death of Privacy, GDPR, Information Security

Stasi, GDPR and You

September 14, 2018 by Marc Handelman in GDPR

Perhaps understanding the former East German Stasi can also help non-European countries in their effort to understand GDPR - at least, that's what Rob Pegoraro - writing at The Parallax would suggest, whilst cautioning us on government overreach.

"East Germany’s Ministerium für Staatssicherheit—”Ministry for State Security” in English, “Stasi” for short—employed a network of civilian informers to spy on the communications and even inside the residences of its subjects, to enforce conformity with that communist regime. The Stasi Museum, housed in the agency’s former headquarters in the onetime East Berlin, reveals its methods to anyone willing to pay that admission fee." - via Rob Pegoraro - writing at **The Parallax


via Wikipedia: :The Ministry for State Security (German: Ministerium für Staatssicherheit, MfS) or State Security Service (Staatssicherheitsdienst, SSD), commonly known as the Stasi was the official state security service of the German Democratic Republic (East Germany). It has been described as one of the most effective and repressive intelligence and secret police agencies to have ever existed.

And, of course, via Wikipedia, defining the GDPR: The General Data Protection Regulation (EU) 2016/679 ("GDPR") is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA). It also addresses the export of personal data outside the EU and EEA areas. The GDPR aims primarily to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.5

September 14, 2018 /Marc Handelman
GDPR

Late Summer Facebookery

August 28, 2018 by Marc Handelman in Facebookery, GDPR, Privacy, Information Security

via Rebecca Hill, crafting superlative reportage at our favorite security related news outlet - El Reg - comes the latest evidence that Facebookery is still alive and well: A non-Facebook user in the Republic of Ireland requested his data... Here's what happened:

"Facebook's refusal to hand over the data it holds on users' web activity is to be probed by the Irish Data Protection Commissioner after a complaint from a UK-based academic. Under the General Data Protection Regulation, which came into force on 25 May, people can demand that organisations hand over the data they hold on them." - via Rebecca Hill, writing at The Register

August 28, 2018 /Marc Handelman
Facebookery, GDPR, Privacy, Information Security

Securosis: Firestarter, 'It's A GDPR Thing'

August 07, 2018 by Marc Handelman in GDPR, Privacy

Securoris' inimitable Rich Mogull and Mike Rothman sit down and discuss GDPR. Enjoy!

August 07, 2018 /Marc Handelman
GDPR, Privacy

ShowMeCon 2018, Cliff Smith's 'The Sky Isn't Falling, But the Earth May be Shifting: How GDPR Could Change The Face of InfoSec' →

August 03, 2018 by Marc Handelman in ShowMeCon, Conferences, Education, Information Security, Privacy, GDPR
August 03, 2018 /Marc Handelman
ShowMeCon, Conferences, Education, Information Security, Privacy, GDPR

EDPB To ICANN: No Can Do

July 24, 2018 by Marc Handelman in Bureaucracy, GDPR, EDPB, Privacy, Privacy Prophylaxis

In one of the more amusing (El Reg is more often than not, amusing...) article titles to date: Kieren McCarthy's 'ICANN't get no respect: Europe throws Whois privacy plan in the trash' let's us know - whilst mincing few words - of the apparent ineptitude of current ICANN efforts to align WHOIS with European privacy concerns (via a correspondence from the European Data Protection Board (EDPB)). I Say, it's timee to create another study ICANN! ICANN's repsonse? See ICANN 's General Counsel and Secretary John O. Jeffrey's blog post. Perhaps it's time for an ICANNexit...

'Despite existing solely to develop rules for the internet's underlying infrastructure and possessing a $100m annual budget, ICANN has put itself in the position where it has effectively outsourced decisions over the critical Whois service to a group of bureaucrats in Brussels.' - via Kieren McCarthy, writing at El Reg

July 24, 2018 /Marc Handelman
Bureaucracy, GDPR, EDPB, Privacy, Privacy Prophylaxis

Hommage à Marcel Marceau [b. 1923 - d. 2007]

Google, Apple, Linkedin, Amazon, Facebook Under EU Investigation, The GDPR Chronicles

May 31, 2018 by Marc Handelman in Le Gouvernement, GDPR, Privacy, Must Read

Predictable news via ZDNet's David Meyer, of the big tech players (Google, Facebook) fall from privacy-grace has appeared, with word of Apple, Amazon and let's not forget LinkedIn added to the privacy-perp-walk now de rigueur on sur lé continent. Certainement le jour doit lire!

May 31, 2018 /Marc Handelman
Le Gouvernement, GDPR, Privacy, Must Read

OWASP APPSEC Cali 2018, Anthony Trummer's 'European Vacation: Leveraging GDPR For Security' →

April 17, 2018 by Marc Handelman in OWASP, Information Security, Education, Conferences, Application Security, GDPR
April 17, 2018 /Marc Handelman
OWASP, Information Security, Education, Conferences, Application Security, GDPR

Arthur Dent and His Towel

Eurononsense: Hitchhikers Guide To The End Of Planet WHOIS →

March 19, 2018 by Marc Handelman in Eurononsense, Privacy, Blatant Stupidity, GDPR

Pending Evidence to the Contrary, the end of Planet WHOIS is slated for 2018/05/25 ostensibly due to nonsensical GPDR legislation, crafted by those Braniacs in Brussels. Better find that copy of Doug Adam's mantra to mankind - The Hitchhikers Guide to the Galaxy, your towel, and perhaps some stout as it shall be a bumptious ride when traveling with Arthur Dent, Esq. ICANN attempted with amusing futility to fix things rightup, but failed to acquire consensus on WHOIS usage in the Wacky Age of EU Mandated Privacy. Via the outstanding reportage of Kieren McCarthy writing at El Reg. Discombobulated? You and me both, Pal!

March 19, 2018 /Marc Handelman
Eurononsense, Privacy, Blatant Stupidity, GDPR

The WHOIS Enfeeblement →

March 17, 2018 by Marc Handelman in Government, Information Security, Privacy, Whois, Must Read, GDPR

Brian Krebs, writing at his eponymous KrebsOnSecurity, reiterates the debacle of the new EU data privacy regulations, and the affect on legitmate utility in the information security space. Today's MustRead.

March 17, 2018 /Marc Handelman
Government, Information Security, Privacy, Whois, Must Read, GDPR

The Confusion❊ →

September 19, 2017 by Marc Handelman in Information Security, GDPR

The GPDR confusion factor is escalating rapidly in the United States. What a bother, eh?

❊With Apologies to Neal Stephenson!

September 19, 2017 /Marc Handelman
Information Security, GDPR