Friday 21 September 2018

UK Regulator Fines Equifax £500,000

The Equifax Data Breach 2017

Image result for EQUIFAX LOGO
Equifax suffered a massive data breach last year between mid-May and the end of July, exposing highly sensitive data of as many as 145 million people globally.
The stolen information included victims' names, dates of birth, phone numbers, driver's license details, addresses, and social security numbers, along with credit card information and personally identifying information (PII) for hundreds of thousands of its consumers.
The data breach occurred because the company failed to patch a critical Apache Struts 2 vulnerability (CVE-2017-5638) on time, for which patches were already issued by the respected companies.

Why U.K. Has Fined a US Company?

The UK's Information Commissioner's Office (ICO), who launched a joint investigation into the breach with the Financial Conduct Authority, has now issued its largest possible monetary penalty under the country's Data Protection Act for the massive data breach—£500,000, which equals to around $665,000.
The ICO said that although the cyber attack compromised Equifax systems in the United States, the company "failed to take appropriate steps" to protect the personal information of its 15 million UK customers.

Breach Was Result of Multiple Failures at Equifax

The ICO said that Equifax had also been warned about a critical Apache Struts 2 vulnerability in its systems by the United States Department of Homeland Security (DHS) in March 2017, but the company did not take appropriate steps to fix the issue.

More info and source: The Hacker News

ΕΔΑΔ: Τα προσωπικά μηνύματα, κατά την εργασία, μπορούν να ελεγχθούν από τους εργοδότες

Απόφαση του ΕΔΑΔ, δημιουργεί νέα δεδομένα στο χώρο εργασίας


Σύμφωνα με νέα απόφαση του Ευρωπαϊκού Δικαστηρίου (ΕΔΑΔ) οι εργοδότες μπορούν να διαβάσουν την αλληλογραφία των εργαζομένων, όταν αυτή αποστέλλεται μέσω chat λογισμικού και email, κατά τη διάρκεια των ωρών εργασίας τους.

Η υπόθεση έφτασε στο Ευρωπαϊκό Δικαστήριο Ανθρωπίνων Δικαιωμάτων μετά από προσφυγή υπαλλήλου το 2008, ο οποίος ισχυρίστηκε ότι η απόφαση απόλυσής του βασίστηκε σε στοιχεία που απέκτησε ο εργοδότης του,  παραβιάζοντας τα προσωπικά του δεδομένα και το απόρρητο της αλληλογραφίας του, αφού απέκτησε πρόσβαση σε αυτήν.  Ως υπεύθυνος πωλήσεων στη συγκεκριμένη εταιρεία, από το 2004 έως το 2007, άνοιξε λογαριασμό στο Yahoo Messenger κατόπιν υπόδειξης του εργοδότη του, ώστε να απαντά στις απορίες των πελατών. Τον Ιούλιο του 2007, ενημερώθηκε ότι η εταιρεία παρακολουθούσε τις συνομιλίες του και τον κατηγόρησε ότι είχε παραβιάσει τους κανονισμούς της, αφού χρησιμοποιούσε το chat και για προσωπική του χρήση.  

Σύμφωνα όμως με τους Δικαστές του Ευρωπαϊκού Δικαστηρίου Ανθρωπίνων Δικαιωμάτων, σε αυτή την περίπτωση ο εργαζόμενος παραβιάζει τους κανόνες της εταιρείας του και συνεπώς ο εργοδότης του έχει το δικαίωμα πρόσβασης και ελέγχου των σχετικών δραστηριοτήτων.

Με την απόφαση του Δικαστηρίου το αίτημα του Ρουμάνου υπαλλήλου απερρίφθη καθώς δεν είναι "παράλογο ο εργοδότης να θέλει να εξακριβώσει αν οι εργαζόμενοι ολοκληρώνουν τα επαγγελματικά τους καθήκοντα κατά τη διάρκεια των ωρών εργασίας".

"Ο εργοδότης ενήργησε εντός των πειθαρχικών εξουσιών του, καθώς, όπως διαπιστώθηκε και στα εθνικά δικαστήρια, απέκτησε πρόσβαση στο λογαριασμό Yahoo Messenger πεπεισμένος ότι οι εν λόγω πληροφορίες είχαν σχέση με την επαγγελματική δραστηριότητα και ότι, επομένως, η πρόσβαση αυτή ήταν νόμιμη. Το δικαστήριο δεν βλέπει το λόγο να αμφισβητήσει τις διαπιστώσεις αυτές. "

Πηγές: ΚΑΘΗΜΕΡΙΝΗ, LAWNET, ΕΔΑΔ

Tuesday 7 August 2018

Installing veracrypt on Ubuntu/Mint (Linux)

Open a console (terminal) and run the following commands to add the repository for veracrypt:

sudo add-apt-repository ppa:unit193/encryption sudo apt update sudo apt install veracrypt


Sunday 5 August 2018

Schizophrenic robot

Researchers at the University of Texas at Austin and Yale University used a neural network called DISCERN to teach the system certain stories. To simulate an excess of dopamine and a process called hyperlearning, they told the system to not forget as many details. The results were that the system displayed schizophrenic-like symptoms and began inserting itself into the stories. It even claimed responsibility for a terrorist bombing in one of the stories.

Computer networks that can't forget fast enough can show symptoms of a kind of virtual schizophrenia, giving researchers further clues to the inner workings of schizophrenic brains, researchers at The University of Texas at Austin and Yale University have found.

The researchers used a virtual computer model, or "neural network," to simulate the excessive release of dopamine in the brain. They found that the network recalled memories in a distinctly schizophrenic-like fashion.

After being re-trained with the elevated learning rate, DISCERN began putting itself at the center of fantastical, delusional stories that incorporated elements from other stories it had been told to recall. In one answer, for instance, DISCERN claimed responsibility for a terrorist bombing.

Source & more info: The University of Texas

Sunday 29 July 2018

Enable "God Mode" in Windows 10

Enable 'God Mode'

Are you a power user who wants access to your PC's nitty gritty? "God mode" is for you. Right-click on the desktop > New > Folder. Re-name the new folder with this bit of code:

GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}

To enter the "God Mode" window, double-click the folder and go nuts.


Tuesday 10 July 2018

Malware vs Viruses: What’s the Difference?

Image result for virus and malware pictureUnderstanding the difference between malware and viruses is very important. A virus is just one type of malware, but the term is more widely used by the public. The term malware refers to any malicious software, including a computer virus. For example, between 2000 and 2005, spyware and adware emerged as types of malware that protection systems had to deal with.

Malware is infecting computers and mobile devices at an increasingly greater pace.


What is a Malware?

Malware is software written specifically to harm and infect the host system. Malware includes viruses along with other types of software such as trojan horses, worms, spyware, and adware. Advanced malware such as ransomware are used to commit financial fraud and extort money from computer users.

Common types of malware:


    Virus: As discussed, Virus is a specific type of malware by itself. It is a contagious piece of code that infects the other software on the host system and spreads itself once it is run. It is mostly known to spread when software is shared between computers. This acts more like a parasite.

    Adware: Adware is also known as advertising-supported software. It is software which renders advertisements for the purpose of generating revenue for its author. The advertisements are published on the screen presented to the user at the time of installation. Adware is programmed to examine which Internet sites, the user visits frequently and to present and feature related advertisements. Not all adware has malicious intent, but it becomes a problem anyway because it harms computer performance and can be annoying.

    Spyware: This type of malicious software, spies on you, tracks your internet activities. It helps the hacker in gathering information about the victim’s system, without the consent of the victim. This spyware’s presence is typically hidden from the host and it is very difficult to detect. Some spyware like keyloggers may be installed intentionally in a organization to monitor activities of employees.

    Worms: This type of malware will replicate itself  and destroys information and files saved on the host PC. It works to eat up all the system operating files and data files on a drive.

    Trojan:  Trojans are a type of virus that are designed to make a user think they are a safe program and run them. They may be  programmed to steal personal and  financial information, and later take over the resources of the host computer’s system files.  In large systems it may attempt to make a host system or network resource unavailable to those attempting to reach it. Example: you business network becoming unavailable.

    Ransomware: Ransomware is an advanced type of malware that restricts access to the computer system until the user pays a fee.  Your screen might show a pop up warning that your have been locked out of your computer and  that you can access only after paying the cyber criminal. The cyber criminal demands a ransom to be paid in order for the restriction to be removed. The infamous Cryptolocker is one type of ransomware.

It is very difficult to live without computers or mobile devices and we have come to depend on them for many activities – communication, online purchases and payments, etc.., In order to protect our devices and data against the different types of malware mentioned above, an effective anti-malware solution is required.

Saturday 19 May 2018

Azure Sphere OS: built with Linux kernel

Microsoft realized that Linux was better suited than Windows for IoT devices. Azure Sphere OS is built with a custom Linux kernel and security monitor for "defense in-depth" with multiple layers of security, according to Smith. The company had previously announced SQL Server support for Linux, but a non-Windows OS is a first.

Read more at  PCMag 


Thursday 15 March 2018

Frequently Asked Questions about the incoming GDPR

When is the GDPR coming into effect?
 The GDPR was approved and adopted by the EU Parliament in April 2016. The regulation will take effect after a two-year transition period and, unlike a Directive it does not require any enabling legislation to be passed by government; meaning it will be in force May 2018. 

In light of a uncertain 'Brexit' -  I represent a data controller in the UK and want to know if I should still continue with GDPR planning and preparation?
  If you process data about individuals in the context of selling goods or services to citizens in other EU countries then you will need to comply with the GDPR, irrespective as to whether or not you the UK retains the GDPR post-Brexit. If your activities are limited to the UK, then the position (after the initial exit period) is much less clear. The UK Government has indicated it will implement an equivalent or alternative legal mechanisms. Our expectation is that any such legislation will largely follow the GDPR, given the support previously provided to the GDPR by the ICO and UK Government as an effective privacy standard, together with the fact that the GDPR provides a clear baseline against which UK business can seek continued access to the EU digital market. (Ref: http://www.lexology.com/library/detail.aspx?g=07a6d19f-19ae-4648-9f69-44ea289726a0)

Who does the GDPR affect?

 The GDPR not only applies to organisations located within the EU but it will also apply to organisations located outside of the EU if they offer goods or services to, or monitor the behaviour of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.

What are the penalties for non-compliance?

 Organizations can be fined up to 4% of annual global turnover for breaching GDPR or €20 Million. This is the maximum fine that can be imposed for the most serious infringements e.g.not having sufficient customer consent to process data or violating the core of Privacy by Design concepts. There is a tiered approach to fines e.g. a company can be fined 2% for not having their records in order (article 28), not notifying the supervising authority and data subject about a breach or not conducting impact assessment. It is important to note that these rules apply to both controllers and processors -- meaning 'clouds' will not be exempt from GDPR enforcement.

What constitutes personal data?
 Any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.

What is the difference between a data processor and a data controller?

 A controller is the entity that determines the purposes, conditions and means of the processing of personal data, while the processor is an entity which processes personal data on behalf of the controller.

Do data processors need 'explicit' or 'unambiguous' data subject consent - and what is the difference?

 The conditions for consent have been strengthened, as companies will no longer be able to utilise long illegible terms and conditions full of legalese, as the request for consent must be given in an intelligible and easily accessible form, with the purpose for data processing attached to that consent - meaning it must be unambiguous. Consent must be clear and distinguishable from other matters and provided in an intelligible and easily accessible form, using clear and plain language. It must be as easy to withdraw consent as it is to give it.​  Explicit consent is required only for processing sensitive personal data - in this context, nothing short of “opt in” will suffice. However, for non-sensitive data, “unambiguous” consent will suffice.

What about Data Subjects under the age of 16?
 Parental consent will be required to process the personal data of children under the age of 16 for online services; member states may legislate for a lower age of consent but this will not be below the age of 13.

What is the difference between a regulation and a directive?

 A regulation is a binding legislative act. It must be applied in its entirety across the EU, while a directive is a legislative act that sets out a goal that all EU countries must achieve. However, it is up to the individual countries to decide how. It is important to note that the GDPR is a regulation, in contrast the the previous legislation, which is a directive.

Does my business need to appoint a Data Protection Officer (DPO)?

 DPOs mustbe appointed in the case of: (a) public authorities, (b) organizations that engage in large scale systematic monitoring, or (c) organizations that engage in large scale processing of sensitive personal data (Art. 37).  If your organization doesn’t fall into one of these categories, then you do not need to appoint a DPO.

How does the GDPR affect policy surrounding data breaches?

 Proposed regulations surrounding data breaches primarily relate to the notification policies of companies that have been breached. Data breaches which may pose a risk to individuals must be notified to the DPA within 72 hours and to affected individuals without undue delay.

Will the GDPR set up a one-stop-shop for data privacy regulation?The discussions surrounding the one-stop-shop principle are among the most highly debated and are still unclear as the standing positions are highly varied. The Commission text has a fairly simple and concise ruling in favor of the principle, the Parliament also promotes a lead DPA and adds more involvement from other concerned DPAs, the Council’s view waters down the ability of the lead DPA even further. A more in depth analysis of the one-stop-shop policy debate can be found here.




Source: https://www.eugdpr.org/gdpr-faqs.html

Thursday 8 February 2018

Lenovo ThinkPad X1 Carbon 5th Gen Laptop Recall - IMPORTANT for owners

Lenovo is voluntarily recalling some ThinkPad X1 Carbon 5th Generation laptops.

Lenovo has determined that a limited number of such laptops may have an unfastened screw that could damage the laptop’s battery causing overheating, potentially posing a fire hazard.

ThinkPad X1 Carbon 5th Generation laptops manufactured on or after November 1, 2017 are not affected.

To confirm if your ThinkPad X1 Carbon 5th Generation laptop (Machine Types: 20HQ, 20HR, 20K3, 20K4) is affected, follow the instructions below in the "Determine if my laptop is being recalled" section.


Lenovo is offering a free service inspection program for all affected ThinkPad X1 Carbon 5th Generation laptops. If your laptop is confirmed to be affected, follow the instructions below in the "My laptop is affected" section.



Sunday 21 January 2018

HP Notebook Computer and Mobile Workstation voluntary Battery Safety Recall and Replacement Program

In January 2018, in cooperation with various government regulatory agencies, HP announced a worldwide voluntary safety recall and replacement program for certain notebook computer and mobile workstation batteries. These batteries have the potential to overheat, posing a fire and burn hazard to customers. For this reason, it is extremely important to check whether your battery is affected.
Batteries affected by this program were shipped with specific HP Probook 64x (G2 and G3), HP ProBook 65x (G2 and G3), HP x360 310 G2, HP ENVY m6, HP Pavilion x360, HP 11 notebook computers and HP ZBook (17 G3, 17 G4, and Studio G3) mobile workstations sold worldwide from December 2015 through December 2017. They were also sold as accessories or provided as replacements through HP or an authorized HP Service Provider.
Many of these batteries are internal to the system, which means they are not customer replaceable. HP is providing battery replacement services by an authorized technician at no cost. HP is also providing a BIOS update that places the battery in "Battery Safety Mode" so that the notebook or workstation can be safely used without the battery by connecting to an HP power adaptor. Batteries affected by this recall should immediately be put into "Battery Safety Mode".
Battery Safety Mode is only applicable to HP products affected by this recall. If the validation process identifies a battery as being eligible for replacement, the BIOS update should be applied and the system should be rebooted. During the reboot process, an option will be presented to enable Battery Safety Mode. Accepting Battery Safety Mode causes the battery to discharge and to cease future charging until Battery Safety Mode is disabled. HP strongly recommends accepting Battery Safety Mode so that the notebook or mobile workstation can be safely used by connecting to an HP power adaptor. For more information please refer to the FAQs tab on this website.
HP's primary concern is for the safety of our customers. HP is proactively notifying customers, and will provide replacement battery services for each verified, eligible battery, at no cost. For customers with 5 or more potentially affected batteries, HP has put in place a process to assist with validation and ordering . For details please refer to the FAQs tab on this website.
Note: Not all batteries in all HP ProBook 64x and 65x, HP x360 310 G2, HP ENVY, HP Pavilion x360, HP 11 notebooks and HP Zbook mobile workstations are affected by this recall.
 
For more information please refer to the Frequently asked questions at this website https://batteryprogram687.ext.hp.com

Πρόγραμμα οικειοθελούς ανάκλησης και αντικατάστασης ασφαλείας μπαταρίας φορητού υπολογιστή και φορητού σταθμού εργασίας HP

Τον Ιανουάριο του 2018, σε συνεργασία με διάφορες δημόσιες ρυθμιστικές υπηρεσίες, η HP ανακοίνωσε ένα παγκόσμιο πρόγραμμα οικειοθελούς ανάκλησης και αντικατάστασης ασφαλείας για ορισμένες μπαταρίες φορητού υπολογιστή και φορητού σταθμού εργασίας. Για τις μπαταρίες αυτές υπάρχει το ενδεχόμενο υπερθέρμανσης, γεγονός που εκθέτει τους πελάτες σε κίνδυνο πυρκαγιάς και εγκαύματος. Για τον λόγο αυτό, είναι εξαιρετικά σημαντικό να ελέγξετε εάν η μπαταρία σας εμπίπτει στο πρόγραμμα.
Μπαταρίες που εμπίπτουν σε αυτό το πρόγραμμα έχουν σταλεί με συγκεκριμένα μοντέλα υπολογιστών HP Probook 64x (G2 και G3), HP ProBook 65x (G2 και G3), HP x360 310 G2, HP ENVY m6, HP Pavilion x360, HP 11 και φορητών σταθμών εργασίας HP ZBook (17 G3, 17 G4 και Studio G3), που έχουν πωληθεί παγκοσμίως από τον Δεκέμβριο του 2015 έως τον Δεκέμβριο του 2017. Έχουν πουληθεί επίσης ως εξάρτημα ή παρασχεθεί ως ανταλλακτικά μέσω της HP ή ενός εξουσιοδοτημένου παρόχου σέρβις της HP.
Πολλές από αυτές τις μπαταρίες βρίσκονται στο εσωτερικό του συστήματος, το οποίο σημαίνει ότι δεν επιτρέπεται η αντικατάστασή τους από τον πελάτη. Η HP παρέχει υπηρεσίες αντικατάστασης μπαταρίας από εξουσιοδοτημένο τεχνικό, χωρίς καμία επιβάρυνση. Η HP παρέχει επίσης μια ενημέρωση του BIOS που θέτει την μπαταρία στη «Λειτουργία ασφαλείας μπαταρίας», έτσι ώστε ο φορητός υπολογιστής ή φορητός σταθμός εργασίας να μπορεί να χρησιμοποιηθεί με ασφάλεια χωρίς την μπαταρία, με σύνδεση σε τροφοδοτικό HP. Οι μπαταρίες που εμπίπτουν σε αυτό το πρόγραμμα ανάκλησης θα πρέπει να τεθούν αμέσως σε «Λειτουργία ασφαλείας μπαταρίας».
Η Λειτουργία ασφαλείας μπαταρίας ισχύει μόνο για προϊόντα HP που εμπίπτουν σε αυτό το πρόγραμμα ανάκλησης. Εάν η διαδικασία επιβεβαίωσης αναγνωρίσει ότι μια μπαταρία πληροί τις προϋποθέσεις αντικατάστασης, θα πρέπει να εφαρμόσετε την ενημέρωση του BIOS και να γίνει επανεκκίνηση του συστήματος. Κατά τη διαδικασία επανεκκίνησης, θα παρουσιαστεί μια επιλογή ενεργοποίησης της Λειτουργίας ασφαλείας μπαταρίας. Η αποδοχή της Λειτουργίας ασφαλείας μπαταρίας προκαλεί εκφόρτιση της μπαταρίας και διακοπή μελλοντικών φορτίσεων μέχρι να απενεργοποιηθεί η Λειτουργία ασφαλείας μπαταρίας. Η HP συνιστά ιδιαιτέρως την αποδοχή της Λειτουργίας ασφαλείας μπαταρίας, έτσι ώστε ο φορητός υπολογιστής ή φορητός σταθμός εργασίας να μπορεί να χρησιμοποιείται με ασφάλεια με σύνδεση σε ένα τροφοδοτικό HP. Για περισσότερες πληροφορίες, ανατρέξτε στην καρτέλα Συχνές ερωτήσεις σε αυτόν τον ιστότοπο.
Κύριο μέλημα της HP είναι η ασφάλεια των πελατών μας. Η HP ειδοποιεί προληπτικά τους πελάτες και θα παράσχει υπηρεσίες αντικατάστασης μπαταρίας για κάθε επιβεβαιωμένη μπαταρία που πληροί τις προϋποθέσεις χωρίς επιβάρυνση. Για πελάτες με 5 ή περισσότερες μπαταρίες που ενδέχεται να εμπίπτουν στο πρόγραμμα, η HP έχει εφαρμόσει μια διαδικασία για να βοηθήσει την επαλήθευση και παραγγελία. Για λεπτομέρειες, ανατρέξτε στην καρτέλα Συχνές ερωτήσεις σε αυτό τον ιστότοπο.
Σημείωση: Δεν εμπίπτουν στο πρόγραμμα ανάκλησης όλες οι μπαταρίες σε όλους τους φορητούς υπολογιστές HP ProBook 64x και 65x, HP x360 310 G2, HP ENVY, HP Pavilion x360, HP 11 και τους φορητούς σταθμούς εργασίας HP Zbook.
Για περισσότερες πληροφορίες, ανατρέξτε στην καρτέλα Συχνές ερωτήσεις σε αυτόν τον ιστιοτόπο https://batteryprogram687.ext.hp.com