Tag Archives: France

Security News for the Week Ending December 4, 2020

France Says it is Going Ahead with Digital Tax

France has been complaining that U.S. companies (mostly) have not been paying their fair share of French taxes since they are not selling widgets that delivered in France, so they came up with this digital tax, a 3% tax on digital services delivered in France. They held off for a while trying to get some sort of international tax agreement, but that does not appear to be happening, so they are moving forward with the tax. Only affects companies doing business in France with revenue more than 25 million Euros. Is this the wave of the future? Credit: Cybernews

FCC Chairman Pai to Step Down on Jan 20

Ajit Pai announced that he will step down from the FCC on inauguration day rather than having the new President fire him, which is almost guaranteed. Pai, a former telecom industry lawyer and lobbyist, said that he may try to create some rules in his remaining two months in support of the President’s efforts to hurt Facebook, Twitter and similar companies. Those rules would likely be reversed on the day after inauguration, so it is not clear why he would waste taxpayer money doing that, but that is Washington for you. Credit: CNBC

How Many Phishing Sites?

Since the beginning of this year, Google has flagged 46,000 web sites EACH WEEK as phishing sites. That is over 2 million so far, this year. This is a 20% increase over last year and the year is not over. Hackers can buy as many sites as they want, but, in part, they are looking for “look alike” sites – sites with a zero swapped for an Oh or an “L” swapped for a “1”. But also, they just take over sites with bad security. There is almost no way to track that, but I can say from personal analysis, that there are way more of the second kind than the first kind. Credit: KnowBe4

Docker Malware – Its a Thing

Docker containers are the darling of the development world – light weight and easy to deploy; self contained and OS agnostic, supported in the cloud – everything that developers want.

Three years after the first Docker malware showed up, it is now common. Malware gangs are now targeting Docker and Kubernetes.

Many of the attacks – surprise – are due to misconfigured Docker servers, leaving them exposed to attack. It appears that we in IT never learn. Just because tech is delivered slightly differently, the basics still apply.

To make a point, researchers looked at images publicly available in the Docker Hub. 51% had critical vulnerabilities and 6,500 of the images tested could be considered malicious.

You can wait until you are compromised or you can get ahead of the freight train. Credit: ZDNet and Dark Reading

Even Before Dust Settles on Swiss/CIA Deal to Subvert Encryption …. Another One

Even before all of the investigations are complete of the CIA’s compromise of Crypto AG and selling compromised encryption hardware to both our friends and enemies so we could spy on them, another story surfaces. Apparently Crypto AG was not the only one. Now the Swiss media is reporting that the CIA controlled another Swiss crypto company, Omnisec. The Swiss politicians are going crazy and calling for executions in the public square. Stay tuned, but assume your crypto has been compromised. By someone. Credit: Security Week

Bill Would Imprison Tech Execs For Not Unlocking Data

A bill being considered in the French Parliament would penalize tech executives that do not provide access to encrypted communications in terrorism related investigations.  5 years in jail and a 350,000 Euro fine.

The lower house of Parliament cleared the bill 474 to 32.

Parliament wants phone makers to unlock phones.  Period.

Of course, most legislators don’t understand tech, but that doesn’t stop them from creating laws regarding them.

Lawmakers said that it will be up to the manufacturer to use whatever technique is necessary to unlock the phone.

One technique is to write off France.  After all, in the grad scheme of things it is not a very large market.  Given Tim Cook’s attitude at the moment, I would not be completely surprised if he does just that if the bill passes.

The Senate still needs to approve it in the next few months.

There could be changes to the bill to make it compatible with the French penal code – so that it would not be challenged in constitutional grounds, but not to change the plan.

What the legislators don’t understand is that they cannot legislate math.  Math doesn’t care.

Riddle me this –

If Apple creates a back door to let French police into an iPhone but the data is encrypted by an app distributed by Daesh (the terrorist group also known as ISIS), will the police be able to figure out what is going on inside the phone?

The answer is no.  And I don’t think Daesh really cares that the French police will be upset.

What is unclear is whether Apple cares.  Stay tuned for that answer.

This genie can not be put back in the bottle.  Even if legislators think it can.

Information for this article came from IAPP.