Robin’s Newsletter #270

20 August 2023. Volume 6, Issue 34
The importance of using representative test data. Another UK police breach. Critical vulnerabilities in Citrix, Ivanti and WinRAR products.
Join hundreds of subscribers who get this first, every Sunday. Subscribe

This week

‘Fictitious’ Trump indictment shows why it’s important to use test data

  • Reuters circulated a “fictitious” indictment of Donald Trump this week after clerks of the Fulton County Superior Court connected a trial run to test systems using real data, ahead of the grand jury returning a verdict.
  • The paperwork lacked the official stamp and a ‘true’ or ‘no’ bill marking but was available to the press, who can access documents before publication. The official charges were entered the following day.
  • This is an excellent example of why you should use representative test rather than live data for development or rehearsals. (UK TV news companies used to rehearse for the death of “Mrs Robinson” instead of mentioning Queen Elizabeth).

More on UK police data breaches 

Interesting stats

50-85% human accuracy when completing captcha tests, compared to  85-100% accuracy for robots completing the same tests in a new study (PDF) evaluating captchas ability to prevent automated bots, which also found that bots are faster, as well as more accurate, at solving these puzzles. (H/T Ray).

11% of data employees paste into ChatGPT is confidential, according to vendor Cyberhaven.

33% of enterprise cyber budgets have decreased in 2023, while  21% were frozen, and  33% remained unchanged, just  12% saw an increase, according to research by investor YL Ventures (PDF).

Other newsy bits / in brief

Industry news, merger & acquisitions

And finally

  • Wi-Fi drones are Mike Lindell’s solution to ‘stop election fraud’. The My Pillow CEO and election conspiracy theorist “demonstrated” the ‘new’ technology this week, which appears to be a Wi-Fi sniffer velcroed to a drone. Such technology isn’t new, but Lindell says he wants to fly the drones above polling places in Louisiana to ‘prove’ that voting machines are connected to the internet. Doing so may violate Louisiana state laws on criminal trespassing and using unmanned aircraft to conduct surveillance. 

  Robin's Newsletter - Volume 6

  “Representative test data” “ChatGPT” “Data loss” “Artificial Intelligence (AI)” “Captcha” “Automation” “Bots” “Chief Information Security Officer (CISO)” “MOVEit” “SecureWorks” “Citrix” “Quantum Cryptography” “FIDO2” “Police Service Northern Ireland (PSNI)” “Cyber budgets” “Ivanti” “Mobile Device Management (MDM)” “Wi-Fi” “Drones”