Questions tagged [legal]
Related to the laws and regulations imposed by governments, the enforcement of those laws, and legal and judicial process including investigation and trial. Note that if your question matches this description chances are high that it is off-topic at this site and you'll better try law.stackexchange.com.
313
questions
1
vote
1
answer
124
views
qualified e-signature long-term security
I'm considering to obtain a QES (Qualified electronic signature). But I'm concerned about long term security.
The hypothetical scenario is lets say after 10-15 years the algorithms are cracked or ...
- 644
0
votes
0
answers
75
views
What strategies can I use to negotiate security terms in vendor contracts for vendors in high geopolitical risk countries?
Please assume the following in responding:
Data being passed to vendor is subject to data protection laws in the USA such as GLBA
Data itself resides within the United States
Switching vendors will ...
- 1,756
3
votes
2
answers
371
views
What is the worst thing that can happen to me if I use a laptop that I had lent to a person who might have been involved in shady activities?
I lent my old laptop to a person who was in need of it in order to work abroad during autumn. Recently though, I learnt from a trusted source that his father had faced trouble with the police in the ...
- 33
1
vote
0
answers
138
views
How do we reconcile a requirement to keep backups, with a requirement that we be able to purge data on request? [closed]
As part of SOC 2 preparation (and just general operational best-practice) we take regular PostgreSQL backups and keep them for up to a year. One of our partners has a requirement that we be able to ...
- 11
6
votes
1
answer
877
views
PCI Compliance Password time to die change requirement
In the PCI DSS3 requirements it states that the user must change their password every 90 days, how are banks in the UK getting around this requirement? Is it because of 2FA?
As a new business we are ...
- 163
2
votes
0
answers
253
views
CISO goes to jail if something goes wrong? [closed]
I'm building up most functions out of opensource projects; honeypots, firewall, ERP, CRM, PBX, physical security, software security, network security, security government, asset policy management, etc....
- 155
2
votes
2
answers
2k
views
What encryption did Encrochat use, and how was it broken? [closed]
On 2nd July, the UK's national news outlets broke the story of an "unprecedented" 4-year-long, Europe-wide investigation that, in the UK, resulted in the arrest of 746 criminals, including ...
- 979
1
vote
2
answers
474
views
What are the potential security risks of using a commercial VPN service?
Commercial VPN services are gaining a lot of popularity and some of them are heavily advertising their products on social media networks and technology magazines today.
The advantages of using such ...
- 273
0
votes
0
answers
266
views
How do LEA and others track no log VPN users?
Other questions have been asked but not with the specific details that I have shown (no log VPN, no leaks, dynamic user agent and JavaScript disabled).
Hypothetical situation
Someone sends a ...
- 117
0
votes
1
answer
321
views
TLD Re-direct precedence in law
I hope to soon resurrect an old web-site of many years standing: it has the URL xxxx-xxxx.com, and I still rent the domain name.
Now I am not anxious to continue hosting it in the USA --- though ...
2
votes
1
answer
369
views
Reason for lack of asymmetric cryptography in AWS KMS for regions in China
In the documentation of the AWS Key Management Service (KMS) I found this interesting sentence:
Asymmetric CMKs and asymmetric data key pairs are supported in all AWS Regions that AWS KMS supports ...
- 1,272
0
votes
2
answers
199
views
Would a difficult to access "Key" be an option to securely solve the Apple vs. FBI problem?
In recent times, there has been an escalating demand by legislators in the US and the world around to be able to decrypt phones that come pre-configured with strong encryption. Key escrow is commonly ...
- 101
1
vote
0
answers
115
views
How to get on a list of sites that handle financial information? [closed]
Until about a year ago, I was working for one of the big tech giants. During my time there, I noticed that the IT department would do a MITM attack on any website that employees access. i.e. if you ...
- 2,058
1
vote
0
answers
164
views
saving entire Windows event log for auditing & preserve digital evidence
As an admin one gets tasked with configuring [Microsoft Windows 10] computers so that auditing is enabled and captures all events as required by some list that's already defined and handed down.
...
- 177
-2
votes
1
answer
145
views
Can employees' personal properties be part of the scope? [closed]
Let's assume the customer (target) wants to have a full physical pentest done.
(I'm a student and have 0 exp in actual Pentesting and Red Teaming
Properties of topic:
Cars (in the car park)
...
- 3,482