Photo - Ed Robertson - Unsplash.com
You can't just take and monitor employees remotely
The coronavirus crisis made telecommuting the unconditional mainstream of this year, but this format of organizing jobs appeared even before the industrial revolution. He went from home-based work of artisans and home workshops to a gradual " flight from offices " in the late 90s and the "remote" now available not only for IT specialists and officials. Its advantages, such as time savings and flexible schedules, are obvious, but there are difficulties in working outside the office.
At the peak of quarantine, the usual offline methods for assessing the effectiveness of employees fell under a "lockdown", and attempts at online tracking of personnel who had just left for a remote location drew fierce criticism. The reasons for this were: someone demanded that remote controllers install keyloggers on personal computers and laptops, others slipped time trackers into them, and still others went even further and built the assessment process around video communication and webcams.
It was necessary to adapt quickly, and many services did it: Zoom turned off the ability to control the interlocutor's attention, and Basecamp decidedrefuse any surveillance functionality except for the fact that it helps to voluntarily monitor the workflow (calendar and timer for tasks). But the essence of the matter was sorted out only by those companies that switched their attention from the choice of tools to the people themselves and their problems in a crisis situation.
The fact is that in the course of the "first wave" the risks of burnout of specialists involved in complex and creative tasks increased. Attempts to bind primitive tracking tools to work that defy routine accounting have created a real crisis of confidence. The question of how to resolve it "peacefully" is still open for many companies and is being discussed at all on Habré.
Screening of mobile devices - how things are in the world
This summer, a Seattle court banned special services and law enforcement officers from unreasonable analysis of the smartphone lock screen. Now this requires a special order, emphasizing the exceptional nature of the situation and the need for such measures. Such regulation affects only the work of United States departments. That is why we decided to make an overview of how the situation with the inspection of gadgets in other countries is developing.
In British practice, a warrant is not required for these tasks. Also, local legislation allows dumping even from blocked devices using special systems - they have already been purchasedScottish police. In Australia, there is still an obligation to obtain a warrant, but a special type of permit is required to inspect the devices of journalists. On the other hand, Australian special services can always request opportunities to decrypt data from developers and device manufacturers - they are entitled to do so by the laws of the country.
Such practices are increasingly discussed in the IT community. Basecamp even published topical guidelines for maintaining the proper level of information security on business trips. We also made an overview post with inspection statistics and a few comments from tech company representatives.
You can't just take and "reflash" your gadget
If you bought a gadget, this does not mean that all its filling is at your disposal. And it's not about Right to Repair and vendors' attempts to link clients to authorized workshops. This time it is a matter of the right to modify software components and hardware in order to expand the capabilities or completely repurpose the devices you have purchased.
So, this spring, an enthusiast sharedmodification of the well-known calculator model. During the reengineering, he replaced the solar battery with an OLED display and added a Wi-Fi module to the device, and published the results on GitHub. After a stormy response in the geek community and the release of materials in the largest thematic publications, its repository was closed at the request of an organization engaged in the fight against counterfeit electronics.
And this is not the first such case. Nine years ago, Activision was in litigation over modifying a gadget to read RFID tags on action figures from the company's games. Without any reason, the vendor expressed concern that the changes made would allow opening in-game content and getting free virtual goods related to toys.
One can only guess how the regulation of such issues will develop, but on Habré and on Hacker News, they have repeatedly expressed criticism and proposals for fixing sanctions in the legislation for false accusations of enthusiasts and independent engineers who do not seek any mass commercialization of gadgets converted by them.
Cybersecurity book collections ( first , second )
We looked at what they recommend on Habré, Hacker News and Reddit. This is a kind of "memoir" of a Microsoft top manager; the view of a well-known information security specialist on the fight for cyberspace; expert review of social engineering methods; a pentester's story about the world of "white hackers"; analytical material about information security for IoT; and a reference for penetration testing.
The second set contains a little less practice and a little more drama. The first edition tells about one of the cult groups of the cybersecurity underground at the end of the last century, the second is an investigation by the editor of Wired about the distributors of NotPetya, the third is a book about the hunt for Paul Le Roux.
Other books in the digest focus on topics such as open hardware, reverse engineering regulation, security, and personal data leaks. Plus - we did not forget to share the publication about the history of the legendary Kevin Mitnick and his work experience.
How to "cover your tracks" and remove yourself from most popular services
We are discussing the topic of personal cyberhygiene, the "right to be forgotten" and services for quickly deleting accounts in social networks and popular media platforms. One of these projects is called JustDeleteMe . He even has an extension for Chrome, which will help you understand whether it is worth registering where it will be difficult to delete personal data from.
What else we have in our blog:
Potential attacks on HTTPS and how to protect against them
What tools will help to comply with the GDPR
Why developers are more expensive than money, how to save and grow it
“Found, saw, received”: unusual invitations for an interview
A computer that refuses to die