Public and private websites and services went offline because of the fire in OVH’s data centres in Strasbourg. No one points out customers’ responsibilities by Andrea Monti – Initially published in Italian by PC Professionale no. 362 Continue reading “The OVH data centre fire. Whose fault is it?”
The ‘Trojan Decree’. Much ado about nothing?
A ministerial decree cannot amend the Code of Criminal Procedure and the public prosecutor already has the power to search from a distance, deciding what to seize and what not to. The comment of Andrea Monti, professor of Law of public order and security, University of Chieti-Pescara – Initially published in Italian by Formiche.net Continue reading “The ‘Trojan Decree’. Much ado about nothing?”
Carpet data-retention still in the crosshairs of the EU Court of Justice
A ruling by the EU Court of Justice calls into question how internet traffic data is handled by investigating authorities. An unbalanced interpretation of data protection rules puts European public order and national security at risk. Analysis by Andrea Monti, professor of law of public order and security, University of Chieti-Pescara – Originally published in Italian by Formiche.net Continue reading “Carpet data-retention still in the crosshairs of the EU Court of Justice”
Leonardo’s lesson
by Andrea Monti – originally published by Infosec.News
A note for the non-Italian readers: Leonardo is the biggest Italian defence contractor. Recently the company has discovered a massive information theft related to critical pieces of defence equipment, allegedly committed by two insiders. According to the prosecution, the exfiltration went on undisturbed for about two years before being discovered.
A great deal has already been said about the massive illegal exfiltration of data suffered by Leonardo, about the difference between the institutional narrative of cybersecurity and the dramatic situation of the Italian infosec, and about the regulatory superfetation burdening national security. However, something still lasts to be discussed: the less-than-proportional relationship between the members’ quantity of a structure and their “loyalty” to the structure itself. Continue reading “Leonardo’s lesson”
SIM hijacking, security measures and bank’s liability
Threats change, but security measures to protect account holders do not. Can banks still blame users in case of frauds? by Andrea Monti – Originally published in Italian by Infosec News
One of the many recent cases reported by the press in Italy accounts for the umpteenth fraud committed against a bank account holder exploiting a SIM hijacking attack. Not even a week ago, I had to deal with a similar case, where through a social engineering attack, the scammers mislead the customer into giving them by telephone the OTP to finalise the fraudulent transaction.
In many cases, the victim manages to obtain a refund of the stolen amount, but in others the bank refuses, claiming the client’s negligence for not recognising the fraudulent nature of the criminal behaviour. In other words and rough terms: the bank does not pay for the outcomes of the stupidity or ignorance of the victim.
However, is that so? Continue reading “SIM hijacking, security measures and bank’s liability”