data protection – SSL and internet security news

More Log4j News

Log4j is being exploited by all sorts of attackers, all over the Internet:

At that point it was reported that there were over 100 attempts to exploit the vulnerability every minute. “Since we started to implement our protection we prevented over 1,272,000 attempts to allocate the vulnerability, over 46% of those attempts were made by known malicious groups,” said cybersecurity company Check Point.

And according to Check Point, attackers have now attempted to exploit the flaw on over 40% of global networks.

And a second vulnerability was found, in the patch for the first vulnerability. This is likely not to be the last.

Powered by WPeMatico

infossl December 16, 2021 data protection, patching, Security technology, Uncategorized, vulnerabilities, zero-day Read more >

ProtonMail Now Keeps IP Logs

After being compelled by a Swiss court to monitor IP logs for a particular user, ProtonMail no longer claims that “we do not keep any IP logs.”

Powered by WPeMatico

infossl September 10, 2021 anonymity, courts, data collection, data protection, e-mail, privacy, Security technology, Uncategorized Read more >

Colorado Passes Consumer Privacy Law

First California. Then Virginia. Now Colorado.

Here’s a good comparison of the three states’ laws.

Powered by WPeMatico

infossl July 15, 2021 data collection, data protection, privacy, Security technology, Uncategorized Read more >

The Problem with Treating Data as a Commodity

Excellent Brookings paper: “Why data ownership is the wrong approach to protecting privacy.”

From the introduction:

Treating data like it is property fails to recognize either the value that varieties of personal information serve or the abiding interest that individuals have in their personal information even if they choose to “sell” it. Data is not a commodity. It is information. Any system of information rights — whether patents, copyrights, and other intellectual property, or privacy rights — presents some tension with strong interest in the free flow of information that is reflected by the First Amendment. Our personal information is in demand precisely because it has value to others and to society across a myriad of uses.

From the conclusion:

Privacy legislation should empower individuals through more layered and meaningful transparency and individual rights to know, correct, and delete personal information in databases held by others. But relying entirely on individual control will not do enough to change a system that is failing individuals, and trying to reinforce control with a property interest is likely to fail society as well. Rather than trying to resolve whether personal information belongs to individuals or to the companies that collect it, a baseline federal privacy law should directly protect the abiding interest that individuals have in that information and also enable the social benefits that flow from sharing information.

Powered by WPeMatico

infossl February 26, 2021 data protection, laws, privacy, reports, Security technology, Uncategorized Read more >

Virginia Data Privacy Law

Virginia is about to get a data privacy law, modeled on California’s law.

Powered by WPeMatico

infossl February 18, 2021 courts, data protection, laws, privacy, Security technology, Uncategorized Read more >