Mailing List Archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[tlug] OT: Japans digitilization

Lots of good information elsewhere on technology (I just bought a
Yubikey, haven't started using it yet ;-).  Here's some stuff about
the social / government aspects.

Christian Horn writes:

 > There is one good thing thou about it: if things are digitilized
 > and go wrong, then not just money, but our data is at stakes here.

The data is *long* gone.  My department has a whole masters program
called "service engineering" whose primary activity is using
companies' POS and other data to do research under NDA so that nobody
can check their work (cynical? me?).  Lots of PII in the original
databases.  And everybody's tax and banking data are now linked by the
so-called "my number".

 > In Germany, these "voices" are typically members of the CCC [0],
 > when reading the above I was just wondering how likely it is 
 > that the government will get proper counseling there (not like 
 > 7-11 first implement, then ask..).


A short story by H. P. Lovecraft:

As recently as 2014, Yahoo! got hacked (leaking over 2 billion email
addresses and corresponding profile data including address books for at
least 500 million of those), and to combat the resulting plague[1] of
"recommended by a friend" spam, set its DMARC policy to p=reject.  This
mass unsubscribed mailing list users world-wide, as well as causing
invoices and other business correspondence handled by outsourcing to
disappear into a black hole by the million (causing about a trillion
dollars in invoices to be at risk of delayed payment).

The Japanese government's response: to forbid people to use Yahoo!
accounts when engaged in government business (on either side).  In
particular the public universities had to tell their students to
either use the crappy university webmail, or to get a non-Yahoo!
account to forward to or (for the truly sophisticated -- yeah, there
are some) to arrange that Yahoo! mail be "from" their school address.


% host -t TXT descriptive text "v=DMARC1; p=none;";

as of 10 minutes ago.  Yahoo! Japan is a completely separate company
with completely different policies, using the Yahoo! brand under
license, and never had a reject policy.

Now, Taro Kono is pretty smart.  So maybe he'll talk to the folks at
Keio who developed half the protocols on the Internet, and the folks
at JP-CERT are pretty smart.  Or hire any of the several TLUGgers with
actual security chops. ;-)  But the PM's office will hire somebody's
nephew to write the code the way my university does.  Yup, *cynical*.

[1]  I am not kidding when I write "plague".  According to a reliable
source inside Yahoo!, even in early 2015 if they reset p=none, within
five minutes the spammers would ramp up to 1 *million* targeted spams
per *minute*.

Home | Main Index | Thread Index