From iPhone to NT AUTHORITYSYSTEM – exploit ‘Printconfig’ dll with a real-world example

Security Affairs

From iPhone to NT AUTHORITYSYSTEM – As promised in my previous post , I will show you how to exploit the “Printconfig” dll with a real world example.

GDPR: lawful bases for processing, with examples

IT Governance

For tasks carried out in the public interest or exercise of authority vested in the data controller. For example, when you process staff data for payroll purposes, contractual obligations will apply, as staff will have signed a contract of employment.


This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Digital transformation threats and opportunities in travel and transportation

DXC Technology

In travel and transportation most companies today don’t look at customer journeys as a collaborative exercise. A railway, for example, may only care that it has moved passengers safely from station A to station B.

Man Behind Fatal ‘Swatting’ Gets 20 Years

Krebs on Security

For example, perpetrators of swatting often call non-emergency numbers at state and local police departments to carry out their crimes precisely because they are not local to the region and cannot reach the target’s police department by calling 911.

Kids and Code: Object Oriented Programming with Code Combat

Troy Hunt

Clearly, they enjoy it (this vid is a good example of where the touch screen and convertibility of the Lenovo Yoga is really handy too): Got my 5 year old daughter coding up a storm on her school holidays, she loves it! Geez time flies.

IT 96

Intelligent Information Management - Learning from CHOCOLATE?!


Everyone participated and was engaged throughout - livened up with a few good stories and examples of lessons learned that they shared. One of the exercises I developed was called "The Taxonomy of Salad".

Key Skills for Records Managers: How RIM Professionals Can Best Work With CPOs


For example, you may be able to assist CPOs in matters regarding the metadata that describes customer data. Using role reversal exercises , records managers and CPOs can briefly assume the other’s position to understand one another better. For example, where the CPO understands the current privacy climate and the needs and demands of the customer, the records manager knows how end-of-life deletion of customer data avoids exposure for affected customers.

How to prepare for the California Consumer Privacy Act

Thales eSecurity

For example, data collected by an entity may not be associated with an individual but could identify a household. Also, entities under the CCPA must post a “Do Not Sell My Personal Information” link on their websites allowing consumers to easily exercise their right of opting-out. (4)

One String to Rule Them All

Rocket Software

As a final exercise for the reader and as an example of the power of template literals, I’ll demonstrate a limitation of template literals and how a tagged template function can fix it. Again, writing such a function is left as an exercise for the reader.

EDPB Stakeholder Event Highlights Continued Confusion over Data Subject Rights Compliance under the GDPR

Data Matters

At the event, various stakeholders including e.g., corporates and NGOs, raised a number of issues including, for example: Overall confusion around the scope and applicability of data subject rights. Stakeholders noted some requests were too broad, in turn, making it difficult to identify which data subject right was being exercised (e.g.,

What is data protection by design and default

IT Governance

In this blog, we explain how data protection by design and by default works, and provide examples of the steps you should take to achieve it. Examples of data protection by design. Examples of data protection by default.

Is Co-Authoring the Right Prescription for You?


My doctor wrote a prescription for a stronger analgesic, advised me to get more exercise, and sent me on my way. Pharmaceutical and Life Science are good examples of industries that are feeling the pain. Submissions to the Food and Drug Administration, for example, can total hundreds, if not thousands, of pages. Several months ago, I developed a nagging pain in my right shoulder. Nothing much at first, but over time, it got worse.

What is ‘privacy by design’?

IT Governance

This method also enables you to assess the risks in your data processing activities and identify where controls are required, for example, assessing privacy and data security risks.

The Customer Journey Digital Transformation Workbook

Bill Schmarzo - Dell EMC

To support this training, we created a methodology that guided the students through a digital transformation exercise. For example, digital renders distribution intermediaries obsolete (with limitless choice and price transparency). For example, Customer Journey Mapping provides a step-by-step guide to putting the customer you serve at the center of your design process, and to come up with new answers to difficult customer problems and challenges [1].

Username (and password) free login with security keys

Imperial Violet

In practical terms, web sites exercise this capability via WebAuthn , the same API that handles the traditional security key flow. While it doesn't matter for the web, one might want to use security keys to act as, for example, door access badges; especially over NFC. Thus the pertinent resident credentials would have to be discoverable and exercisable given only physical presence.

Business Architecture and Process Modeling for Digital Transformation


Fidelity International is an example of a successful digital transformation adopter and innovator. With it, any transformation initiative becomes a simple, streamlined exercise to support distributed information capture and management, object-oriented modeling, simulation and collaboration.

Communicating About Cybersecurity in Plain English

Lenny Zeltser

I’m not suggesting that the resulting statement should replace the original text; instead, I suspect this exercise will train you to write more plainly and succinctly.

The Tension between GDPR and Blockchain: Are they Polar Opposites or Can they Co-exist


GDPR on the other hand is designed to primarily enable data subjects to exercise greater degree of control over the processing of their personal information. This is yet another example of where regulation is addressing a problem in the rear view mirror rather than looking at the road ahead….

CHINA: important new developments in PRC data privacy regulations

DLA Piper Privacy Matters

Promotion of online mechanisms for users to exercise data subject rights (deletion, de-registration, access, correction, revoke consent etc.). Specific examples are given of what might constitute excessive data collection for certain types of apps, such as car hailing, e-commerce and IM apps.

Pwned Passwords, Version 5

Troy Hunt

There's often biases in password distribution due to the sources they're obtained from, for example the prevalence of the service's name or other attributes or relationships to the breached site. Consistently, I'm hearing the results of this exercise are.

Navigating China: The digital journey

DLA Piper Privacy Matters

Promotion of online mechanisms for users to exercise data subject rights (deletion, de-registration, access, correction, revoke consent etc.). Episode 6: Further developments in PRC data privacy regulations.

Artificial Intelligence: 6 Step Solution Decomposition Process

Bill Schmarzo - Dell EMC

For example, PNC Financial Services Group’s annual report mentions the business initiative to “grow profitability through the acquisition and retention of customers and deepening relationships.” We will use this “increase customer retention/reduce customer attrition” business initiative for the rest of this exercise. For example, instead of asking: “What was customer attrition last month?” The results of this exercise might look like Figure 7. It’s simple.

Watch out for scams as Brexit confusion intensifies

IT Governance

Brexit is clearly a pressing issue for many organisations, but we urge you to exercise caution whenever you receive communications out of the blue relating to the UK’s departure from the EU. The course content is updated quarterly to provide the latest real-world examples of phishing emails. The confusion around Brexit has not cleared up despite the increased urgency and ongoing discussion about what will happen and when.

Think differently about data privacy to deliver digital transformation


Although much of the ink spilled around data privacy focuses on obeying regulations such as the EU’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), it’s a mistake to think about data privacy as a compliance exercise.

German DSK Issues GDPR Fining Methodology Guidelines

Data Matters

So, for example, a number of fines have recently been imposed against businesses retaining data on systems for longer than is necessary in contravention of the GDPR’s data minimization and data storage principles. The involvement of an entity is triggered when it exercises ‘decisive influence’. For example, a parent company is presumed to exercise decisive control over its wholly owned subsidiary.


German DSK Issues GDPR Fining Methodology Guidelines

Data Matters

So, for example, a number of fines have recently been imposed against businesses retaining data on systems for longer than is necessary in contravention of the GDPR’s data minimization and data storage principles. The involvement of an entity is triggered when it exercises ‘decisive influence’. For example, a parent company is presumed to exercise decisive control over its wholly owned subsidiary.


Insights about the first five years of Right to be Forgotten requests at Google


For example, as can be seen in the chart, French Internet users requested on average 12 URL delistings per 1,000 users, whereas in Italy there were 7 such requests, and in Greece only 3. We observe that the way in which the RTBF is exercised across Europe varies from country by country.

Paper 69

Post-GDPR Developments on Data Protection and Privacy Regulations Around the World

Thales eSecurity

For many international agreements, modern data protection and privacy regulations share some common principles, like the need of a data processor to have a legitimate reason for exercising any processing activity.

GDPR 101

CNIL Details Rules On Audience and Traffic Measuring In Publicly Accessible Areas

Hunton Privacy

On October 17, 2018, the French data protection authority (the “CNIL”) published a press release detailing the rules applicable to devices that compile aggregated and anonymous statistics from personal data—for example, mobile phone identifiers ( i.e. , media access control or “MAC” address) —for purposes such as measuring advertising audience in a given space and analyzing flow in shopping malls and other public areas.

Where does data flow mapping fit into your GDPR compliance project?

IT Governance

You should begin your data mapping exercising by identifying the following key elements: Data items (e.g. This blog has covered the basics of data flow mapping, but you can get more comprehensive advice by reading Conducting a Data Flow Mapping Exercise Under the GDPR.


Is your organisation equipped for long-term GDPR compliance?

IT Governance

It could be a simple tick-box exercise, with the unchecked steps forming the gaps that need to be addressed. Providing this information helps individuals understand their rights and how they can be exercised. Last week, the GDPR (General Data Protection Regulation) turned one year old.


5 things HR departments need to know about data protection

IT Governance

A contract with the individual : for example, to supply goods or services they have requested, or to fulfil an obligation under an employee contract. A public task : for example, to complete official functions or tasks in the public interest.

California Consumer Privacy Act: The Challenge Ahead — Data Mapping and the CCPA

HL Chronicle of Data Protection

As part of our ongoing series on the CCPA and its implications, this post sets out key issues and questions to consider when contemplating a data mapping exercise. For example, beyond the immediate benefit of assessing risks and identifying legal obligations, a data mapping exercise can promote organizational hygiene, identify problematic practices and security risks, and uncover operational inefficiencies.

Sales 62

Why Personal Data Privacy Needs a Customer-centric Focus


More specifically: 84% of respondents claim to know of the right to opt out of direct marketing, and 23% say they have exercised this right. Awareness among consumers of their rights under GDPR – and their willingness to exercise those rights – will only increase over time.

UK: Greater Scrutiny for Public Sector Contractors: The ICO’s Proposals for Reform to the Freedom of Information Regime

DLA Piper Privacy Matters

Under section 5 of the Freedom of Information Act 2000 (FOIA), the Government has the power to designate private sector suppliers as a public authority for the purposes of FOIA legislation (and therefore be subject to FOIA requests and issue publication schemes) if they are exercising functions of a public nature. The ICO notes in the report that the EIR do not permit the designation of organisations exercising functions of a public nature in the same way as section 5 FOIA.


Does your use of CCTV comply with the GDPR?

IT Governance

You must tell people when you’re collecting their personal information to give them the opportunity to exercise their data subject rights. There are six bases in total and, with the exception of consent , each one might be suitable in different circumstances: A contract with the individual : for example, to supply goods or services, which may include a provision that those services are monitored. For example, it might say, “CCTV is in operation for the purpose of public safety”.


Retired Malware Samples: Everything Old is New Again

Lenny Zeltser

When training professionals how to reverse-engineer malware , I’ve gone through lots of malicious programs for the purpose of educational examples. For example, I recently came across a DarkComet RAT builder that was surreptitiously bundled with a DarkComet backdoor of its own.

#ModernDataMasters: Mike Evans, Chief Technology Officer


If you are not tying what you are doing, in any kind of data initiative, to a business vision and some tangible outcomes that a business is trying to achieve, then MDM can become just a complex academic exercise.”. Kate Tickner, Reltio.

MDM 82

How to start your career in cyber security

IT Governance

Account executives and junior penetration testers, for example, tend to have little work experience, and can learn while on the job. A version of this blog was originally published on 8 December 2017.

Organisations ignore cyber security staff training in favour of unnecessary technological solutions

IT Governance

For example, layering one anti-malware solution on top of another will not make an organisation significantly more secure.

Sales 77