I know this is #infosec exchange (not #privacy exchange), but this will be interesting to watch...especially once the #GDPR hammer drops in a month. They seem to have cherry-picked a few provisions from GDPR without going full omnibus privacy law. It strikes me that there might be some challenging technical issues with disclosing every bit of data you pick up with a cookie on someone else's site, e.g. how sure do you need to be of the identity? https://slate.com/technology/2018/04/the-new-bill-to-regulate-facebook-and-googles-data-might-actually-do-the-trick.html
@rainmaker I think compromised Open Source dependencies (libraries, packages, etc.) will go from interesting infosec research to common attack vector. I think build system APTs will become more common and be a major source of this problem.
@rainmaker Vendors, and not just the ones that make little bullshit noise machines. Entire markets like Cyber Insurance have the enterprise shifting resources away from monitoring and remediation processes in favor of fallout shelters.
@rainmaker 1) worms and chained, automated exploits (ala nonpetya), 2) hardware vulnerabilities, 3) software supply chain
I'll use anything as an excuse to have people change their passwords, but...
A bug does NOT equal a data breach.
Cyber Security Advisor,
Hacker, Father, Road-Warrior
A Mastodon instance for info/cyber security-minded people.