Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
 
  • Post
  • Reply
The Fool
Oct 16, 2003


Rust Martialis posted:

Or don't use Azure because it's noncompliant with GDPR.

what

Adbot
ADBOT LOVES YOU

Sickening
Jul 16, 2007

Black summer was the best summer.

Rust Martialis posted:

Or don't use Azure because it's noncompliant with GDPR.

Keep going

BonHair
Apr 28, 2007

Rust Martialis posted:

Or don't use Azure because it's noncompliant with GDPR.

Allegedly noncompliant.

I'm on team "yeah, it's all noncompliant with GDPR", but it's not entirely settled, especially since Microsoft has a functioning monopoly on AD and basic office software. As I see it, it's legally clear but politically impossible that all the big American cloud providers are noncompliant due to USA not being a safe third country.

There's a German state/Bundesland moving to LibreOffice and Linux for this reason, but I doubt many will follow before Schrems V at the earliest.

spankmeister
Jun 15, 2008






Germany still uses fax extensively. I'm not sure they are a great example.

MustardFacial
Jun 20, 2011

Fucker in charge of you fucking fucks



Subjunctive posted:

Why is that? I’m curious.

This is just my opinion and I realize that it might be a really hot take (with a touch of greybeard linux nerd):

MS seems to be making a push to make as many of their tools as possible GUI-focused, browser-based, with the best experience in Edge (especially if you pony up for the copilot licenses). Not only does this feel like the shittiest kind of vendor lock-in, but they change UX, naming conventions, and menu structures so often that it's almost impossible to get used to the tools they do provide. Take KQL queries, for example:
 


Who wants to write code in a tiny pane in a browser? These queries can get long and complex. I want to write them in an actual IDE and then run them from a terminal and output to a file. This outputs to the bottom pane and has to be separately exported as a csv. Also, because it's all browser-based and written in Ajax and JS, it's really slow. Nothing feels snappy or performant. I would estimate that a good chunk of my day is spent just waiting for the page to load and give me the data. If I could write out a simple query in a terminal and get back only text, all of this would be way faster.

This part is more :tinfoil: speculation on my part, but I feel that these pushes toward making more easy-to-use GUI interfaces and more "AI-powered" tools while minimizing (or outright depricating) CLI/powershell are an attempt to de-skill and disempower skilled tech labour. If everything is a single-pane of glass pretty dashboard and you can ask an AI to find all of the high-risk sign-ins for you, then you can hire any rando off the street for minimum wage to do the job. It's not like they need to actually know anything beyond "make sure line doesn't go into the red zone. If it does, ask Copilot to fix it."

[edit] I know that Graph and Azure Bicep exist. They may be the saving grace, I just haven't looked into them too much yet.

MustardFacial fucked around with this message at 19:07 on Apr 11, 2024

BonHair
Apr 28, 2007

spankmeister posted:

Germany still uses fax extensively. I'm not sure they are a great example.

This is true, and bad, but from a security perspective, it's at least more transparent than the alternatives? I don't know about the encryption on faxes though, but I assume it's either absent or crackable with a Gameboy.

And less jokingly, the transition from fax to Linux is probably easier than Microsoft to Linux.

MustardFacial
Jun 20, 2011

Fucker in charge of you fucking fucks



BonHair posted:

This is true, and bad, but from a security perspective, it's at least more transparent than the alternatives? I don't know about the encryption on faxes though, but I assume it's either absent or crackable with a Gameboy.

And less jokingly, the transition from fax to Linux is probably easier than Microsoft to Linux.

It's an analogue phone line. You can crack it with a tape recorder.

Thanks Ants
May 21, 2004

#essereFerrari


Wasn't fax sticking around more to do with being able to pull phone company records that show a call being placed from your fax number to someone else's and that it lasted long enough for a fax to have been sent? Maybe some people are still insisting that a digitally signed document with the IP addresses recorded wouldn't stand up in court.

The only thing fax has going for it is that someone can slap a document down and dial a number and the document appears at the other side, something that all scan-to-email type solutions or proprietary internet fax services managed to not achieve.

BonHair
Apr 28, 2007

Apparently, faxes also give you receipts for delivery, meaning you can be sure that it did indeed reach someone on the other end (and misdialing a valid fax number is considered unlikely).

spankmeister
Jun 15, 2008






Email has all those things. Germany is just old fashioned and resistant to change.

bull3964
Nov 18, 2000

DO YOU HEAR THAT? THAT'S THE SOUND OF ME PATTING MYSELF ON THE BACK.


Thanks Ants posted:

Wasn't fax sticking around more to do with being able to pull phone company records that show a call being placed from your fax number to someone else's and that it lasted long enough for a fax to have been sent? Maybe some people are still insisting that a digitally signed document with the IP addresses recorded wouldn't stand up in court.





That's not really 'proof' though. All someone would have to do is tap the analog line (which could be done outside of the perimeter) to be able to send and recieve from soneone else's number. Also, many places that still use fax often use digital fax services which have all the usual security issues with internet connected stuff along with the last mile analog hole.

It's really just old laws and procedures that entities are afraid to update due to lack of knowledge technology along with the low cost of just buying a fax machine and an analog phone line as opposed to supporting some other technology.

Something to mull over. PHI data can be (and IS) trasmitted over SMTP through automated means and is fully secure (look up HISP and Direct Secure Messaging). You can build these solutions to be far more secure and audited than FAX, but no one wants to do it because the current laws say fax is good enough and it's cheap.

Boris Galerkin
Dec 17, 2011

I don't understand why I can't harass people online. Seriously, somebody please explain why I shouldn't be allowed to stalk others on social media!

spankmeister posted:

Email has all those things. Germany is just old fashioned and resistant to change.

Look you can't sign your signature and triple stamp an email with ink like you can with a faxed paper. It's just not the same.

Rust Martialis
May 8, 2007

At night, Bavovnyatko quietly comes to the occupiers’ bases, depots, airfields, oil refineries and other places full of flammable items and starts playing with fire there

BonHair posted:

Allegedly noncompliant.

I'm on team "yeah, it's all noncompliant with GDPR", but it's not entirely settled, especially since Microsoft has a functioning monopoly on AD and basic office software. As I see it, it's legally clear but politically impossible that all the big American cloud providers are noncompliant due to USA not being a safe third country.

There's a German state/Bundesland moving to LibreOffice and Linux for this reason, but I doubt many will follow before Schrems V at the earliest.

The EDPB has already ruled that use of Office365 is illegal under a related privacy law applicable to EU organizations.

https://www.edps.europa.eu/press-pu...s-and-bodies_en

This isn't GDPR, but it's going to come in time, because there is simply no way that the USA offers equivalent rights as GDPR. As you say, politicians like to pretend there is, but the courts keep overturning their patchwork.

The EDPB put out guidance some months ago that states clearly there are simply *no* contractual terms that can make the use of any hyperscale cloud provider compliant with EU-GDPR. Likewise there really are no technical controls short of fully encrypting data at all times that allow use of a US-linked cloud.

EDPB - European Data Privacy Board

Rust Martialis fucked around with this message at 21:03 on Apr 11, 2024

Diva Cupcake
Aug 15, 2005

“Acceptable risk, imo” -literally every multinational corporation in existence.

Subjunctive
Sep 12, 2006

✨sparkle and shine✨

I thought Microsoft had a Germany data center set that was totally independent of and disconnected from their US assets, for exactly the “the data must not leave Europe” scenario, complete with some ownership cutout that put them outside US warrant jurisdiction

but I might have imagined that

Thanks Ants
May 21, 2004

#essereFerrari


It will be one of those laws that nobody enforces and gets repealed, it would make things like Intune management of laptop fleets impossible.

spankmeister
Jun 15, 2008






Subjunctive posted:

I thought Microsoft had a Germany data center set that was totally independent of and disconnected from their US assets, for exactly the “the data must not leave Europe” scenario, complete with some ownership cutout that put them outside US warrant jurisdiction

but I might have imagined that

They do! But depending on the interpretation of the Patriot Act, it doesn't make a difference.

Rust Martialis
May 8, 2007

At night, Bavovnyatko quietly comes to the occupiers’ bases, depots, airfields, oil refineries and other places full of flammable items and starts playing with fire there

Thanks Ants posted:

It will be one of those laws that nobody enforces and gets repealed, it would make things like Intune management of laptop fleets impossible.

Allow me to introduce you to Max Schrems and his quite successful history in the EU court system enforcing GDPR rights, overturning Safe Harbor and Privacy Shield.

The inability of some (primarily American) computer security people to comprehend the fact that the EU actually is serious about data privacy is always striking.

Rust Martialis fucked around with this message at 21:44 on Apr 11, 2024

Thanks Ants
May 21, 2004

#essereFerrari


I get it, but if you tell every EU company they cannot legally use M365 then nobody is going to comply. Either it bounces MS into splitting their EU cloud services out into a separate company or there's a backlash against all the privacy laws.

Subjunctive
Sep 12, 2006

✨sparkle and shine✨

spankmeister posted:

They do! But depending on the interpretation of the Patriot Act, it doesn't make a difference.

yeah I thought that’s why the ownership cutout thing was done and honestly the Patriot act and FISA courts really mean whatever the US govt wants them to

I guess the risk is that the beneficial ownership would let Satya force the operators to snoop?

Defenestrategy
Oct 24, 2010

Thanks Ants posted:

I get it, but if you tell every EU company they cannot legally use M365 then nobody is going to comply. Either it bounces MS into splitting their EU cloud services out into a separate company or there's a backlash against all the privacy laws.

I mean they already have gov cloud, why not spin out into EU Cloud increase the cost by like 10% and make it be compliant?

Thanks Ants
May 21, 2004

#essereFerrari


Rust Martialis posted:

Allow me to introduce you to Max Schrems and his quite successful history in the EU court system enforcing GDPR rights, overturning Safe Harbor and Privacy Shield.

The inability of some (primarily American) computer security people to comprehend the fact that the EU actually is serious about data privacy is always striking.

I understand how serious the EU are about data privacy, but the EU is a political body that people vote for. If they decide that you can be prosecuted for putting your data in SharePoint Online while there are zero serious non-American competitors in this space (especially when you consider Windows endpoint management, argue it's antitrust if you want) then it will take very little for political operators who already don't like the EU to run an entire campaign around "the EU are making your five-person business rent datacentre space, buy a server and employ someone to manage it, did you vote for that??".

Rust Martialis
May 8, 2007

At night, Bavovnyatko quietly comes to the occupiers’ bases, depots, airfields, oil refineries and other places full of flammable items and starts playing with fire there

Thanks Ants posted:

I get it, but if you tell every EU company they cannot legally use M365 then nobody is going to comply. Either it bounces MS into splitting their EU cloud services out into a separate company or there's a backlash against all the privacy laws.

While I've long been expecting the EU to blink first, the EU courts as yet do not give a gently caress about Microsoft's business model. At some point unless the US repeals the Patriot Act, a new Schrems court case will hit the CJEU again about private use of M365. And Microsoft will lose, because the US does not meet and has never met the requirements set out in GDPR. And no waffling by trade negotiators can bridge that fundamental gap in US law.

As pointed out the European Data Privacy Board has already prohibited in the last month the use of M365 by the EU itself. It's subject to a more stringent law than GDPR, but the suits will come.

Rust Martialis
May 8, 2007

At night, Bavovnyatko quietly comes to the occupiers’ bases, depots, airfields, oil refineries and other places full of flammable items and starts playing with fire there

Defenestrategy posted:

I mean they already have gov cloud, why not spin out into EU Cloud increase the cost by like 10% and make it be compliant?

I really think MS has been betting on the EU folding. Like others I frankly expected the EU business sector to lean on the regulators to stop kicking over the EU/US data sharing regimes... but the courts keep enforcing GDPR and also Vestager keeps fining Facebook or Google a billion dollars periodically for anticompetitive behavior. They made me a convert - they're really serious about enforcing the laws.

Having fought with MS to reveal all their data sub-processors outside the EU and what they do in Azure - they won't, by the way - my suspicion is that the number of features you can provide in an EU-only Azure stack might be so limited that MS couldn't sell it.

Everything MS says about GDPR compliance should be taken as absolute lies, incidentally.

Plus it's not like Azure is *inexpensive* ffs

Rust Martialis fucked around with this message at 22:15 on Apr 11, 2024

Sickening
Jul 16, 2007

Black summer was the best summer.

Rust Martialis posted:

Allow me to introduce you to Max Schrems and his quite successful history in the EU court system enforcing GDPR rights, overturning Safe Harbor and Privacy Shield.

The inability of some (primarily American) computer security people to comprehend the fact that the EU actually is serious about data privacy is always striking.

I get the impression its more for show than for practical purpose.

SlowBloke
Aug 14, 2017
The number of people that care more about the schrems lawsuit compared to functionality could fit in a storage locker, and every "Germany is moving to linux because it's better for privacy" fsf fan forgets that they always go back to windows+office eventually, once the optics make it convenient. I routinely have to witness the homegrown alternatives brought by the desire to make a stand against the big services and it's always amateur hour. Every time i hear gaia-x i start shaking.

Wibla
Feb 16, 2011

Testing out KASM as a poor man's PAW solution. For the whopping two hours I spent setting it up, it works well. Latency and performance is nowhere near citrix vdi though...

Diva Cupcake
Aug 15, 2005

SlowBloke posted:

The number of people that care more about the schrems lawsuit compared to functionality could fit in a storage locker, and every "Germany is moving to linux because it's better for privacy" fsf fan forgets that they always go back to windows+office eventually, once the optics make it convenient. I routinely have to witness the homegrown alternatives brought by the desire to make a stand against the big services and it's always amateur hour. Every time i hear gaia-x i start shaking.

Our Munich office houses our risk and compliance org and while they’re relatively more attuned to privacy implications, absolutely none of our overall IT leadership is banging the drum to move away from E5. We’re leaning in further.

I assume almost most orgs are the same.

Sickening
Jul 16, 2007

Black summer was the best summer.

SlowBloke posted:

The number of people that care more about the schrems lawsuit compared to functionality could fit in a storage locker, and every "Germany is moving to linux because it's better for privacy" fsf fan forgets that they always go back to windows+office eventually, once the optics make it convenient. I routinely have to witness the homegrown alternatives brought by the desire to make a stand against the big services and it's always amateur hour. Every time i hear gaia-x i start shaking.

And for that I can't just take it seriously. I have loving uk software devs who can't all agree on what "rights" they have on their work computer (not even GDPR related) and I am at my loving limit. I am all for real concerns of privacy, but this is loving theater.

Boris Galerkin
Dec 17, 2011

I don't understand why I can't harass people online. Seriously, somebody please explain why I shouldn't be allowed to stalk others on social media!
https://techcrunch.com/2024/04/10/apple-warning-mercenary-spyware-attacks/

https://appleinsider.com/articles/24/04/11/apple-warns-of-a-mercenary-spyware-attack-on-iphones

Is there any context as to why people are suddenly(?) getting warnings from Apple about being explicitly targeted?

MustardFacial
Jun 20, 2011

Fucker in charge of you fucking fucks




They’ve done it before, and the article pretty much says so

quote:


Apple also sent an identical warning to a number of journalists and politicians in India in October last year. Later, nonprofit advocacy group Amnesty International reported that it had found Israeli spyware maker NSO Group’s invasive spyware Pegasus on the iPhones of prominent journalists in India. (Users in India are among those who have received Apple’s latest threat notifications, according to people familiar with the matter.)

The spyware alerts arrive at a time when many nations are preparing for elections. In recent months, many tech firms have cautioned about rising state-sponsored efforts to sway certain electoral outcomes. Apple’s alerts, however, did not remark on their timing.

Accipiter
Jan 24, 2004
Probation
Can't post for 4 hours!
https://security.paloaltonetworks.com/CVE-2024-3400

Have a good day, everyone. :D

Rust Martialis
May 8, 2007

At night, Bavovnyatko quietly comes to the occupiers’ bases, depots, airfields, oil refineries and other places full of flammable items and starts playing with fire there

Only affects PAN-OS systems running GlobalProtect VPN software *with* telemetry enabled, running 10.2, 11.0 or 11.1.

Also:

quote:

Recommended Mitigation: Customers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 95187 (introduced in Applications and Threats content version 8833-8682).

In addition to enabling Threat ID 95187, customers must ensure vulnerability protection has been applied to their GlobalProtect interface to prevent exploitation of this issue on their device. Please see https://live.paloaltonetworks.com/t5/globalprotect-articles/applying-vulnerability-protection-to-globalprotect-interfaces/ta-p/340184 for more information.

Ahhh, just heard a customer has given us a 3-day window next year to upgrade SAP/HANA for them and that every day over three days will cost them $200M. Love to feel that instant tension in the air and the squeak of tightening arseholes.

Rust Martialis fucked around with this message at 14:00 on Apr 12, 2024

MustardFacial
Jun 20, 2011

Fucker in charge of you fucking fucks



Rust Martialis posted:

Only affects PAN-OS systems running GlobalProtect VPN software *with* telemetry enabled, running 10.2, 11.0 or 11.1.

Telemetry is enabled by default on PAN-OS 11 and up.

rafikki
Mar 8, 2008

I see what you did there. (It's pretty easy, since ducks have a field of vision spanning 340 degrees.)

~SMcD


MustardFacial posted:

Telemetry is enabled by default on PAN-OS 11 and up.

And only useful to you if you’re using AIOps. Not production impacting to turn it off.

Partycat
Oct 25, 2004

bull3964 posted:

That's not really 'proof' though. All someone would have to do is tap the analog line (which could be done outside of the perimeter) to be able to send and recieve from soneone else's number. Also, many places that still use fax often use digital fax services which have all the usual security issues with internet connected stuff along with the last mile analog hole.

It's really just old laws and procedures that entities are afraid to update due to lack of knowledge technology along with the low cost of just buying a fax machine and an analog phone line as opposed to supporting some other technology.

Something to mull over. PHI data can be (and IS) trasmitted over SMTP through automated means and is fully secure (look up HISP and Direct Secure Messaging). You can build these solutions to be far more secure and audited than FAX, but no one wants to do it because the current laws say fax is good enough and it's cheap.

Part of the idea is that it would be very difficult to modify a fax in transit. Assuming that you had some method to validate the document that'd been sent, you would know that you didn't get sent a replay, or something someone sent via tapping your line. Then again this is also the idea with ISDN that you can't easily tap and modify that, and it is also a dead technology. Phone company took my BRI some years ago now. Faxes are dying the slow death, and anyone maintaining them would behoove themselves to spend the time to find a paper in-and-out solution using a MFP or something.

bull3964
Nov 18, 2000

DO YOU HEAR THAT? THAT'S THE SOUND OF ME PATTING MYSELF ON THE BACK.


Partycat posted:

Part of the idea is that it would be very difficult to modify a fax in transit. Assuming that you had some method to validate the document that'd been sent, you would know that you didn't get sent a replay, or something someone sent via tapping your line. Then again this is also the idea with ISDN that you can't easily tap and modify that, and it is also a dead technology. Phone company took my BRI some years ago now. Faxes are dying the slow death, and anyone maintaining them would behoove themselves to spend the time to find a paper in-and-out solution using a MFP or something.

Yeah, but we solved that ages ago for electronic documents with various encryption technologies.

Validation in the low resolution analog realm is a little tough. Beyond that you are just relying on phone company records and the time/dates that are manually set in the cheap quartz clocks of these fax devices.

That's also the rub, you only start investigating and maybe uncovering evidence of a replay/alterations after you discover something that doesn't look right. So, there's an additional failure point.

Besides, you don't even have to alter documents for this to be an issue. You could just silently capture all documents that could be retrieved wirelessly and skim whatever data you find since encryption is non-existent.

Canuck-Errant
Oct 28, 2003

MOOD: BURNING - MUSIC: DISCO INFERNO BY THE TRAMMPS
Grimey Drawer
My employer (a Government of Canada agency) paid for me to take CISSP training, and I passed the exam two weeks ago.

I'm just not sure what to do next, as I'm T1 help desk and I'm not sure how to map my work into the 5 year experience requirement - and the greybeards in Networks have been reluctant to let anyone at lower levels get any access to even view basic security functions in Defender.

Anyone have any insights on how the work experience thing works for CISSP, or how to map job responsibilities to the domains?

Adbot
ADBOT LOVES YOU

Potato Salad
Oct 23, 2014

nobody cares


Thanks Ants posted:

I understand how serious the EU are about data privacy, but the EU is a political body that people vote for. If they decide that you can be prosecuted for putting your data in SharePoint Online while there are zero serious non-American competitors in this space (especially when you consider Windows endpoint management, argue it's antitrust if you want) then it will take very little for political operators who already don't like the EU to run an entire campaign around "the EU are making your five-person business rent datacentre space, buy a server and employ someone to manage it, did you vote for that??".

I respectfully think that you are fundamentally misreading just how popular data privacy is with European voters, and how serious they are about it.

The courts and administrators feel comfortable telling Microsoft to gently caress off right now because they know where public sentiment heavily leans here.

Potato Salad fucked around with this message at 01:41 on Apr 13, 2024

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply