Playing with toilet paper

 

Image from Pixabay

If you are eating right now and have a bit of a delicate soul, you better save this blog for after dinner. It has an, uh, sanitary approach. I try to keep it as neat as possible.

About five years ago, Dutch comedian Kasper van der Laan appeared on a couple of tv shows. He made an interesting suggestion there to save toilet paper. When you wipe your bottom, you continue until you see a clean piece of paper, that's how his argument begins. But, according to Van der Laan, then your buttocks were already clean. You could have stopped one wiping round earlier. The big question now is: do you dare to gamble on it? Like, “I think I’m done here,” in the comedian's words. Do you remember the sudden, unfounded fear that toilet paper would run out during the covid pandemic? Perhaps there were more people then who put Van der Laan's thought experiment into practice.

Using toilet paper is – if I'm being a bit broad – a kind of security measure. It protects you from skid marks, skin irritation and unpleasant odors. This immediately raises the question of how other animal species deal with this, especially with the second risk (the first does not apply and they will not have to deal with the third as much). But come on, let me not digress. What Van der Laan did here was a genuine risk analysis. And in view of the summer holidays, in which many people have to go to a camping toilet, whether pleasant or not, with a roll of toilet paper under their arm, and others will encounter hotel paper in various qualities, it is urgent to work this out in more detail.

The basic formula for risk analyses is: risk = likelihood × impact. In this toilet case we play with likelihood: if you keep going until you produce a clean piece of paper, the likelihood of skid marks is practically zero. If you put the idea described above into practice, the likelihood will always be greater than zero. But how much greater? That's difficult to determine, because you have to deal with another variable: the, er, output. If it were always of the same quality, you would know after a few swipes: after so many swipes it's done, so I can switch to that many swipes minus one. But we all know that our biological output can vary over time. For example, because of what you have eaten, because of a different climate or because you are ill or nervous. The chance of an incorrect assessment, and therefore also the chance that the risk will become reality, is variable.

Estimating the probability of an event which damages information security is in itself difficult. We usually do a qualitative risk analysis, which means we use terms such as low, medium and high. The counterpart is quantitative risk analysis, which involves calculating with numbers - for example with statistical data for the likelihood and with amounts for the damage. In all these analyses, the probability is not a fixed factor, nor is it in the sanitary example. However, most of the time we pretend that this is the case. And I don't think that should be a problem with quantitative analyses, because the necessary margin is already built into the terms used such as high and low.

However, if you are in a situation where the odds can go either way, you will have to assume worst case. This may mean that the measures you take to deal with the risk are 'too good' some of the time. After all, we do not strive for maximum, but for optimal security – not too little, but also not too much. If you are allowed to drive 30 km/h somewhere because of road works, that is fine, but if no one is working at that moment, that measure feels unnecessarily strict.

What to do? Do you tailor your measures to what the average is? Then you run the risk that the measures are too weak at times. How bad that is depends on the impact it may have. If the expected impact is acceptable, then you can do with a bit less. But if that temporary speed limit is not only there to protect road workers, but also because there is a large hole in the road, things are different.

In Japan they have toilets that make toilet paper redundant. You will be sprayed clean and blown dry from within the bowl. And sometimes you can even play a sound via the control panel to disguise certain typical bathroom sounds. They have taken all risks into account and implemented smart measures.

The Security (b)log will return after the summer holidays.

And in the big bad world...

• There is currently (Friday) a worldwide computer outage due to an incorrect update from a security company.
• there are also problems in the Microsoft cloud.
• it is a bad idea to connect a traffic light to the internet without security.
• The Trump shooter's phone was cracked within 40 minutes.
• we now know which phones Cellebrite can crack.
• the US Postal Service shared their customers' addresses with advertising and tech companies.
• the Dutch Data Protection Authority foresees a rat race around artificial intelligence. [DUTCH]
• a mistake of € 29,000 to your disadvantage will be corrected. [DUTCH]
• you also need to have your security in order if your name is Hackney (which, to Dutch people, sounds a bit like “don’t hack”).
• many Dutch government domains are still insufficiently secure. [DUTCH]

 

I see, I see what you don't see

 

Image from Pixabay

It was a warm Tuesday afternoon in one of those summers that just won't break loose. Then you take what you can get, and so they sat in their Utrecht backyard enjoying that one beautiful day. Suddenly the peace was cruelly disturbed by shouting and banging on the garden gate. They jumped up in alarm.

Through the cracks in the gate they saw bits of a woman with a wild-eyed look. “Let me in, this is my house!” she screamed. Well, they weren't going to do that. Explaining that the woman was really at the wrong house, even in the wrong street, had no effect on this lady, who was clearly under the influence of something. She kept banging on the gate. Well, 'gate' sounds very solid, but in fact it was a construction of windmill wood that hung on inferior hinges, and the rightful owners feared that it would not last very long.

Time to call the police. They arrived quickly, and they soon realized that it was best to take the person with them, because in her current state reasoning with her was impossible. They stuffed her into the back of the car and drove away. The street regained its calm.

The local residents were of course both shocked and curious. Most were not at home at the time, or they were vacuuming, so they didn't hear anything. The neighbors across the street had a security camera. Maybe it recorded something? Bingo! It was all there. When the woman walked up, she even looked straight into the camera. The police action was also beautifully depicted. The video was shared in the neighborhood app group - not for sensation, but because everybody knew that that lady would be walking around freely again in no time, and because the neighborhood would like to be prepared.

If I lived on that street, I would want that information too. You want to protect your family and your property, don't you? As an ordinary citizen, I would not hesitate to share the images with neighbors. But at the same time, from my profession, I wonder: is that actually allowed? What about privacy? People who do something wrong are also entitled to their privacy. The General Data Protection Regulation (GDPR) is European legislation that regulates our privacy. Every country has a GDPR supervisor; in the Netherlands this is the Dutch Data Protection Authority (AP). The AP is the perfect source to look for the answer to my question.

I read there that you may not share images in which people are recognizable without their permission. So do not put it on the internet and do not share it via social media. But there is an exception for personal or household use: “The condition here is that this person keeps the photos and videos private or at most shares them in a very limited circle. For example in a small app group.” That 'small app group' is a bit strange, because any member of that group could further distribute the images.

There's more going on. The GDPR states that you are not allowed to film public roads. Because that would constitute an infringement of the privacy of every passer-by. They understand that sometimes there is no other option than for your camera to film a part of the street. But even then there are rules. The most obvious: zoom in on your property as much as possible, in other words: make the violation of the rules as small as possible. There is actually no need to keep images, but there appear to be no concrete rules for this, because the AP says: “Delete the images as soon as you no longer need them. For example, after 24 hours.” You also have to inform people about your camera and secure the images properly - because if you are hacked, it means a data breach.

There is a double standard in the rule that you are not allowed to film public spaces. Because if something happens on your street, the police would love to have the images from your 'illegal' camera - they can even demand those images, in other words: you are obliged to hand them over. So it's not allowed, but if you do it anyway, it might help in fighting crime.

 

And in the big bad world...

• it is not helpful to make a warning of a hack look like phishing.
• AI companies are a gold mine for hackers.
• MFA should not be an option.
• International police cooperation has led to the takedown of a bot farm spreading Russian propaganda.
• Europol has collaborated with private parties to tackle the criminal use of a pentesting tool.
• Google will now pay out much higher bug bounties.
• test accounts should also have strong passwords [article contains advertising, but it's still interesting].
• the AI Act has come into effect. [DUTCH]
• Three-quarters of all trading sites and apps worldwide use dark patterns.
• you will not always be reimbursed for the damage caused by bank help desk fraud. [DUTCH]

 

Crime from the holodeck

 

Image from Pixabay

You walk through a corridor that looks like all the other corridors, but eventually you stand in front of that one door. It whizzes open with that typical sound and you enter the room behind it. But no, you are no longer in a room at all. You are in a lush forest, hearing birds chirping and a stream babbling. And yet you really haven't walked outside, for the simple reason that you are on board a spaceship.

Some of the readers fully understand what I am talking about, others will hopefully also continue to read with curiosity. For the latter group, an explanation: you are on board a spaceship from Star Trek, the still popular science fiction series from deep into the last century, where in the 24th century they have the holodeck: a room in which holograms and force fields generate simulations of people, objects and environments. It all looks, feels, sounds and smells completely realistic and you can even touch things. The holodecks are mainly used for recreation and training purposes. The simulated environment can appear much larger than the space occupied by the holodeck. That's why you can walk through that forest for hours. But you could just as easily sit in a virtual cafe or play a game of tennis.

In the 1980s, when the holodeck appeared in Star Trek, this was an example of virtual reality avant la lettre. Only in the following decade did consumer versions of VR headsets become widespread – you know, those ski goggles with built-in screens and preferably speakers on the side, which immerse you in a sometimes frighteningly realistic illusion. You have to experience it to understand it.

As often happens with inventions that advance humanity, the technology to create virtual realities (a contradiction in terms if you ask me) has also been put to bad use. Because nowadays we have artificial intelligence (also a term with a built-in contradiction). AI is used by cybercriminals to present a false reality to their victims. Like that mother I was talking about a while ago, who really thought she heard her son on the phone saying that he had had an accident. You don't always have to set up a complete environment like a holodeck to get someone to believe something. Sometimes it's just a matter of showing, making it heard, felt or smelled what fits in a certain context. And criminals are particularly useful at this.
I call that AI crime.

If you regularly read the articles in the And in the big bad world... section below, you will have seen many events lately that will promote AI crime: a Brit who - if elected to the House of Commons – lets himself be controlled by AI, a student who has applied AI to cheat, 'intelligent' toothbrushes and other household appliances, and especially not to forget AI functions that are increasingly being built into everyday software.

Will you still be able to distinguish between fake and real? Is your perception complete? Already in the era of chemical photography (film, darkroom, chemicals) the truth was violated by retouching photos. Often to make them more attractive, but there are also group photos of important Soviet Union people in which disgraced comrades have been erased. They have been cancelled, we would say nowadays. With digital photos, photoshopping is a piece of cake. And you've probably seen portraits that claim to be AI-generated. Had you not been given that information, you probably would have thought you were looking at a real human being. And the same goes with sound: the criminal obtains a recording of someone saying something and then his AI application can make the same voice say something different. This can also be achieved analogously: in presentations I often show a video in which you think you see and hear the actor Morgan Freeman - the visual part is indeed made with AI, but the voice is 'simply' deepfaked by a voice actor.

Virtual reality and artificial intelligence form a fertile couple. If you put their abbreviations together, you get vrai. That is the French word for truth, or reality. Isn’t that bizarre?

 

And in the big bad world...

... unfortunately I didn't have time to fill this section this time due to a day off.

Who can harm you?

 

Image from Pixabay

Brrr-iiiing ... According to ChatGPT, that's a good onomatopoeia of a passing scooter. But that's besides the point; I will definitely write more about artificial intelligence, but for now it's about that scooter. Because it shouldn't pass me at all in that place.

I’ll explain. Our neighborhood is intersected by various cycle paths, which offer you a shorter route than if you used the normal road network. A large part of these cycle paths have a rectangular blue sign with the text 'cycle path'. That is traffic sign G13 of the Dutch traffic regulations, and it means that you can walk and cycle there. You have no business there with a scooter with a combustion engine (unless the engine is off). You guess where this is going: that sign is ignored en masse by scooterists. When another one of those cracked by recently and we were talking about it, my wife said: “Well, who's going to hurt you?” And indeed: the police and the municipality point the finger at each other and it’s already six years ago that the Cyclists' Union mentioned a municipal trial elsewhere in the city with signs reading 'prohibited for scooters', which we would have to wait for. I am still waiting.

Who can actually harm you if you do things that are not allowed in the cyber domain? Many things happen there that are a lot more intense than riding your scooter on a G13 cycle path. We are talking about cyber criminals who use their technical knowledge and/or skills to dishonestly obtain money or goods. These are the people who send you a text message about a package that could not be delivered, with a link that takes you to a fake website, where they ask for data with which they then digitally rob you. Or those that shut down hospitals with ransomware, putting healthcare services at serious risk, as recently happened in London. That appears to be a case of hacktivism, by the way: Qilin , the gang behind this attack, claims the attack is revenge for British government activities in an unspecified war (but we all know it's about Ukraine). Qilin also says they are sorry that patients are suffering from the attack but that it is not their fault. That stupid statement makes me angry.

Whether someone can harm the cybercriminal depends on two factors: how good they are at digital hide-and-seek, and where they live. Both of these factors are also linked. If you live in a civilized world, you have to erase your digital traces very carefully to prevent the police from showing up on your doorstep sooner or later. On the other hand, if you live in a country where they see cybercrime as normal work, as long as you do not target citizens of your own country, then you have little to fear. Yes, occasionally reports come out about the arrest of a Russian hacker, but the vast majority can go about their business freely and live in luxury. Some Russian malware even checks whether a computer to be attacked has a Cyrillic keyboard installed and if so, they leave it alone.

State actors (a fancy term for cybercriminals who work on behalf of a government) are also joining the fray. You can carry out a ransomware attack and make it look like you're in it for money, while the actual goal of that government is to take a company or agency offline for a while, or to steal their secrets - because that has been an additional function of ransomware for several years. It is often used as an additional threat: we will publish the captured data if you do not pay. But perhaps that data is also intended for their own use. There are also state actors who commit cybercrime to obtain foreign exchange. According to the UN, North Korea has raked in three billion dollars in six years.

And then there is that newspaper headline in the Dutch newspaper Het Parool from early last year: “Very young hackers did not come from Russia or North Korea, but from Zandvoort” (which is a town on the North Sea coast). They didn’t hide well enough, whilst living in a country where the police do go after cyber criminals and also play a leading role internationally.

Young people can playfully drift into crime, sometimes not even realizing that they are crossing a line. Parents often think that their teenager is just gaming. Both parents and their offspring must be made more aware of legislation in this area, and see to it that the available talents are used in a legal manner. If you don't know that something is not allowed, you don't feel guilty.

Which brings me back to those scooters. Older generations, who received their scooter license for free with their car driver license, may never have learned that G13 sign and therefore do not know that they are not allowed to drive there. But all those young people, they have to know that sign because they had to study for their license, right? Do they not see the sign along the road, or do they simply ignore it? Because, who can harm you?

 

And in the big bad world...

• this accusation will also be pointless.
• Chinese spies also use ransomware as a tool.
• Of course, bad things also happen in the south of the Korean peninsula.
• an ID verification company leaked data from TikTok, Uber and Twitter users, among others.
• client-side scanning (chat control) has been banned for the time being in the EU and Australia.
• Telegram employs far too few people to guarantee your security and privacy.
• security specialist is a long-term promising profession. [DUTCH]
• Temu's shopping app is accused of serious privacy violations in the US.

 

Explosive

 

Image from Pixabay

Boom! A loud bang shattered the silence in the living room. My wife, who was there alone, looked around in shock. What was that? A few seconds later she heard splashing. Her eyes followed her ears and found the source of the sound. Then she shouted upstairs, with strong urgency in her voice, “Stop what you're doing and come help now!”

Five heartbeats later I saw pink liquid dripping from the display case. There, in that cupboard, we started a modest collection of Beautiful Bottles a few years ago, when I pointed out to the children on holiday in the south of France a bottle of wine on which the gendarme of Saint-Tropez was depicted - a frenetic film role by the French comedian Louis de Funès from my youth (well, the film itself is older than me, but I have seen several films with this actor in the past – remember Fantomâs?). Even though I don't like alcoholic drinks, my son gave me that bottle as a gift because he understood the sentimental value. Since a recent stay in Croatia, there is also a beautiful bottle of vodka from Old Pilots, decorated with aviation symbols – we bought that for our son, the aspiring pilot.

My daughter also contributed a little while ago. She had a school trip to Spain and brought back a bottle with bright pink contents. For the display cabinet. It was this bottle which had exploded. Well, exploded – the cap had popped off and all but an inch of its contents had spilled out. Please note: the bottle was still upright. The liquid found its way into lower parts of the cabinet. Armed with towels and cleaning cloths, we tackled the stuff. I even had to unscrew a cupboard door to get to some spots. Ultimately, the damage was limited to that one deformed screw cap. What on earth had happened here?

The 250 ml (8.5 fl oz) bottle label says kombucha. Wikipedia says about this: “a drink resulting from fermentation of sweetened tea by acetic acid bacteria and yeast cultures”. And on the label I read that you should always keep the stuff in the refrigerator, between two and eight degrees centigrade (35-46 degrees Fahrenheit). These are circumstances that our display case cannot meet. And so those bacteria woke up, conspired with the yeast and formed gas. And about two months later, the pressure became too much for that poor screw cap, who saw only one way out: up. After which almost all the contents bubbled out of the bottle.

A few blogs ago I advocated reading manuals. I would now like to add labels to that advice. Although I wonder if that would have helped. If you're not planning on consuming something anyway, why would you refrigerate it? And if I had already read the ingredients list, would I have realized that I had something explosive in my hands? I do not think so. In retrospect, I am surprised that the stuff is allowed to be sold at all, or that there is not at least a clear warning on the label. The substance also seems to be controversial due to unproven health benefits. In fact, there can even be very dangerous molds in the drink. Maybe it's a good thing the stuff is gone now. The empty bottle is back in the display case, as a reminder of the school trip and the explosion.

Sometimes it is useful to dose manuals and instructions, because otherwise they can be overwhelming. This week I saw a clever example of that. I recently started taking out a new service from a company. After a few days they sent me an email saying: secure your account even better, enable two-factor authentication (2FA). I like that. In this way they help people who do not read manuals and labels to make a step forward. By the way, I had already enabled 2FA as soon as I saw that they supported it. Do you also have it turned on everywhere? It protects you if one of your passwords ever leaks, for example due to a hack at an organization where you have an account. Without 2FA you are the sucker, and if you use the same password elsewhere without 2FA (ugh!), then you have to change those passwords immediately.

I've said it before: use a password manager, which not only stores your passwords, but also generates them for you. Make them at least twelve characters long, and because you rarely have to type in those passwords yourself, fifteen is even better. Even the best password cannot withstand a hack at an organization that does not properly protect your password; That's why you enable 2FA wherever possible.

 

And in the big bad world...

• the EU may be on the verge of requiring client side scanning in chat apps.
• the boss of one of the chat apps strongly opposes these EU plans.
• North American cyber insurance companies processed significantly more claims in 2023.
• Dutch politicians advocate a Governmental Mail Service and a Governmental Chat Service. [DUTCH]
• this article completely ignores the security aspects of AI. [DUTCH]
• cybercrime can be deadly.
• that email from Microsoft may not be from Microsoft at all.
• The Netherlands must brace itself for criminals with cloned voices. [DUTCH]
• Google wants to train its AI with your Chrome history.
• Cyber Dad argues why you shouldn't publish photos of your young children.
• the US military conducted an anti-vax campaign in the Philippines with fake social media accounts.

Pimp your computer

 

Image from Pixabay

For many people, the car is an extension of their identity, even of their ego. They want to give their car something of their own, so that their faithful four-wheeler reflects  its owner. Others have a car that, when they bought it, was missing certain features. Both groups are served by an extensive accessories and services market, where they can find a whole range of extras, from a simple phone holder to completely pimping your car.

Computers van also be personalized. I consider stickers on a laptop or setting a different screen background to be personality-enhancing activities, but just like a car, you can also provide a PC with all kinds of extra functionality. The most obvious thing is of course installing software. At work you are often limited in this - not only because of security considerations, but also because of manageability and licenses. So this blog is particularly nice for home use.

Not only can you install additional programs, you can also install add-ons for existing programs. These so-called plug-ins are especially popular with internet browsers (and then they are called browser extensions). There are far more than a hundred thousand extensions available for Google Chrome alone. Available from both the official stores of the browser manufacturers and elsewhere on the Internet. Popular extensions are available, for example, for blocking advertisements, for password managers and for expanding Office functions. Extensions for ChatGPT have also been popular lately.

There are quite a few bad apples in the basket. Just like apps on your phone, extensions are based on permissions, which ought to limit what they are capable of. For example, an ad blocker does not need to know where you are, but a password manager must be able to see when you type a password (otherwise the question "Shall I save this for you?" is not useful). However, many extensions are not very picky about requesting permissions, and you as a user may not be very strict in managing those permissions - did you even know that you can? Extensions may be completely bona fide at the time of installation, but they can subsequently acquire malicious functions via an automatic update. Maybe because there was a criminal behind it from the start, maybe because the creator of the extension was hacked and his product was modified without his knowledge.

As always, there are two types of bad apples. One species thrives on indolence, the other on malice. If a developer doesn't feel like finding out exactly what his extension needs, he can just check everything. In doing so, he unintentionally makes his extension vulnerable. His criminal colleague is deliberately trying to get his extension to do things that have nothing to do with the reason for which you, the user, install his extension. For example, collecting all kinds of data, such as passwords, emails and documents. Or adjusting search results so that you end up on unsafe websites. Or changing your privacy settings. Your browser was already the window to your world, but it is increasingly becoming the window to the inside as more and more applications are accessed via the browser. It is therefore quite important that the security of your browser is not undermined. Whether it is Chrome, Edge, Safari, Firefox or a more exotic browser does not matter: all browsers that work with extensions face this risk.

How can you protect yourself against this while still benefiting from the joys that extensions have to offer? I have put together a number of tips and the most common is this one: only install extensions from your browser manufacturer's store (you can find them in the menu of your browser). That certainly offers no guarantees, but extensions from elsewhere are less reliable anyway. If you are looking for an extension (for example for your password manager) and you are shown multiple products, make sure you choose the right one, in this case from the makers of your password manager. Also look at the number of downloads and the reviews, and don't be fooled by glowing reviews that seem too good to be true. Also check whether independent articles have been written about it. And, very important: check whether the permissions an extension requests make sense.

The safest way to pimp your computer still involves stickers, but if you want something more functional, make sure you maintain control over what happens on your computer.

 

And in the big bad world...

• Meta will train its AI systems with our social media posts - but in Europe you can refuse.
• the British parliament may soon have a member controlled by AI.
• a student was arrested for using a self-made cheating system with AI.
• Biometrics is also not without errors.
• points the accusing finger of the MIVD at China.
• young cybercriminals are arming themselves. [DUTCH]
• London hospitals turn to the sneaker network after a cyber attack.
• Scammers already dare to pose as the American security organization CISA.
• Microsoft's Recall AI function is under fire.
• this article is certainly not positive about Microsoft's security posture.
• the US Congress is also angry with Microsoft.

 

Capture the flag

 

Image from Pixabay

Click. The door closes behind you. The light flickers. A timer indicates that you have exactly one hour left to find a way out. You look around you. You are in a fully furnished room, or perhaps in a laboratory. The atmosphere is mysterious. You’ll have to find a solution to get out of here. Welcome to the escape room.

Have you ever been locked up for fun? There are more than a thousand escape rooms in the Netherlands (and about 1500 in the UK, three thousand in the US and over fifty thousand worldwide). You usually go there with a self-composed group of people and try to find the exit within the allotted time. To do this you have to solve all kinds of puzzles; every solution takes you one step further. For example, you have to figure out the code of a combination lock, after which you can open a chest that contains the next clue. Or you have to find a hidden message, perhaps by wetting a painting. Escape rooms contain all kinds of challenges in different levels of difficulty.

Security technicians also like to solve puzzles and their game is called capture the flag. Not real flags of course, but text strings that are hidden in a computer program or on a website. The players' task is to capture as many flags as possible. The game can be played in roughly two ways: in one variant, teams play against each other, in the other against the organizer. Each flag earns you points and the person who has the most points at the end of the day wins.

Just like with the escape room, a CTF comprises multiple puzzles. In one you may have to analyze a program to understand what it does (reverse engineering), in another you may have to consult information on public sources (open source intelligence, OSINT) and in yet another you may have to perform forensic research. Another similarity with escape rooms is that the whole thing is wrapped up in a story. If you enjoyed word problems at school, then you are already on the right track to participate in a CTF.

A few of my teammates organized a CTF for colleagues earlier this week. I would have liked to take a look, but since covid it is not done to appear in the office coughing and sneezing and that is why I unfortunately cannot give you a first-hand account. We are certainly not the only organization that does CTFs for their personnel. But why exactly, I asked the organizers. Participating in a CTF increases the knowledge and skills of the participants; this could be anyone who deals with security and wants to learn more about it – also highly recommended for developers! In the CTF you see all kinds of ways in which something can go wrong. If you later encounter a similar situation in your work, hopefully it will ring a bell: hey, this is dangerous, it makes us vulnerable, this has to change! CTF’s are usually played in small teams, which adds some team building for free. Commercial companies also organize CTFs for outsiders. This provides publicity and talent scouting opportunities.

There are websites where you can do finger exercises in this area. The PortSwigger site provides fairly accessible explanations for all topics. And there’s HackShield for children aged 8-12, in different languages. For the record: there’s no intention to breed small criminals, it’s about making everyone cyber aware. Escape rooms can also be played at home: you can buy them in a box at the toy store. There will of course be much less tangible surprises, but it is still surprisingly fun. [DUTCH]

 

And in the big bad world...

• Webex leaked meeting data. [DUTCH]
• the Dutch government is angry with Cisco because of the Webex leak. [DUTCH]
• political fears about the American cloud are growing. [DUTCH]
• Many companies are already turning their backs on the cloud (due to security, costs and too high expectations).
• Google appears not to have been honest about its data collection.
• a German political party has been hacked.
• this malware asks you to cut and paste malicious code and execute it yourself.
• the Dutch government is tackling disinformation. [DUTCH]
• PostNL wants to outsmart phishers with the anti- phishing code. [DUTCH]
• Of course, your toothbrush does not necessarily have to be connected to the internet or have AI.