TechLetters #108 - GDPR will kill bad passwords? Cyberattacks on Russian public institutions. And cybersurveillance.
Security
GDPR fine for bad password policy. French DPA CNIL issued 300k euros fine, including for bad password approach. “guide relating to the security of personal data and the ANSSI's technical note relating to the passwords cited in the rapporteur's writings are certainly not mandatory, but they do set out the basic security precautions corresponding to the state of the art”. It is another such a decision in a row. Chances are that the GDPR and France will contribute to good password policy at a scale. They are creating a major precedent.
Cyberattack on Russian public institutions. Previously unknown malware deletes the data. Disguised as ransomware, the tool's intention is destruction and paralysis. Uses Mersenne Twister to overwrite data with pseudorandom numbers.
Google’s Confidential Spaces. “Confidential Space is designed to let parties share confidential data (for example, regulated data or personal identifiable information (PII)) with a workload while they retain the confidentiality and ownership of the data”.
Apple releases additional security and privacy features. Some of them are in the hardened mode. Those vulnerable "can choose to further verify that they are messaging only with the people they intend. The vast majority of users will never be targeted by highly sophisticated cyberattacks". No details yet.
Other
Business is business, switching from privacy to cybersurveillance. Here.
In case you feel it's worth it to forward this content further:
If you’d like to share: