The EU’s Digital Service Act
by Artie Kaye
Doing business online sometimes crosses international borders, in these cases the laws of both countries apply. The EU has passed a law due to go into effect in 2023 for companies with a large user base, and in 2024 for smaller ones. The law will require companies to manage their online presence and take action against illegal or harmful content that is on their site. It will also prevent targeted advertising for certain demographics. Companies must be transparent regarding the information they gather and their efforts to manage the aforementioned illegal content with AI. Lastly, fines can be levied against companies that ignore or fail to remediate problems brought to them, or they could lose rights to do business within the EU.
If you or your company does online business with a country within the EU, it would be recommended to learn about the law before it goes into effect, link below.
https://oeil.secure.europarl.europa.eu/oeil/popups/ficheprocedure.do?reference=2020/0361(COD)&l=en
https://www.securityweek.com/web-giants-submit-user-data-eu-law-comes-effect
Amazon RDS Snapshots Can Leak Information
by Artie Kaye
The Relational Database Service helps the functionality of web services hosted on Amazon. One of the tools is a snapshot, which can create backups of entire file structures and databases. These can potentially be viewed by anyone with an Amazon Web Services account. The public tag users can toggle will make the snapshot visible for everyone, and downloadable as well. Any personal information within the backup can also be seen. Amazon sends an email informing users they made their snapshots public, which is a friendly reminder in case it was done accidentally.
When using any cloud-based service extra care has to be taken to protect your data, as things like this can exist. Take care of your personal and company data, and protect it as best you can. Security and convenience are often at odds with each other.
https://www.mitiga.io/blog/how-mitiga-found-pii-in-exposed-amazon-rds-snapshots
https://www.darkreading.com/cloud/thousands-amazon-rds-snapshots-leaking-corporate-pii
https://thehackernews.com/2022/11/researchers-discover-hundreds-of-amazon.html