Connect with us

Technology

EU needs more cybersecurity graduates, says ENISA • The Register

Voice Of EU

Published

on

The EU needs more cybersecurity graduates to plug the political bloc’s shortage of skilled infosec bods, according to a report from the ENISA online security agency.

The public sectors of EU countries should “support a unified approach” to infosec-focused higher education, it says, addressing an issue that is by no means unique to the bloc.

In a new report titled “Addressing the EU Cybersecurity Skills Shortage and Gap Through Higher Education”, academics Jason Nurse and Konstantinos Adamos, together with ENISA’s Athanasios Grammatopoulos and Fabio Di Franco, said the European Union needs to get more students signing up for cybersecurity degrees.

The report found that the majority of cybersecurity degrees offered across the 27-states – 77 per cent – are at master’s degree level. Just under a fifth (17 per cent) are undergraduate degrees while 6 per cent are at “postgraduate” level.

Professor Nurse, of the University of Kent, told The Register that infosec degrees are a valuable method of training new professionals for the industry: “A multi-tiered approach stands a much better chance at a long-lasting solution.”

He added: “Professional certifications are valuable but these often only come into play for professionals already in industry. By developing the skills of students in higher education, it raises the base level of future professionals and develops a more sustainable pool of individuals that can work in – and are initially trained for – the infosec sector.”

The UK has a small but growing infosec degree programme of its own, with the National Cyber Security Centre sponsoring degree programmes at similar academic levels. A list of those degrees is on its website.

Nurse said of the ENISA research that while degree programmes in EU universities broadly meet the EU infosec industry’s needs, the “less technical” sides of cyber security need more focus.

“The reality,” he told us, “is that cyber is not purely technical and topics like governance, risk, compliance and law will become more important in the future.”

Cybersecurity education is a hot topic in the West with demand for skilled infosec personnel rising higher and higher amid weekly attacks on the public and privatew sectors.

While industry has a bewildering array of certifications available for infosec personnel, many of them are aimed at people who already have professional experience in the workplace.

Yet the quality of education offered through cybersecurity degrees is vital, even if they’re not always a method of breaking into the industry for people with minimal tech skills.

Nurse said: “In my opinion, the prominence of master’s programmes as compared to undergraduate degrees is not necessarily because of the prerequisite need for a great degree of computing skills. This may be more an artefact of how a majority of existing masters courses have been developed – and the harsh truth is that unfortunately, many people still view cybersecurity as just an extension of computing.”

Back in September Britain’s Chartered Institute of Information Security recommended giving existing staff professional accreditations to promote loyalty and retention. A few years ago the UK government launched its Cyber Skills Immediate Impact Fund, trying to tempt Britons into retraining with cyber security skills – but that was mainly focused on funding vocational skills courses and certifications, rather than academic education.

Perhaps a mix of hands-on British knowledge and EU theoretical grounding is what will pave the way for future successful cybersecurity ventures? ®

Source link

Technology

Facebook given EU go-ahead to pursue controversial Kustomer acquisition

Voice Of EU

Published

on

The EU’s antitrust chief Margrethe Vestager said she was satisfied for the company now known as Meta to pursue its Kustomer acquisition after it struck a deal for rivals.

Meta, the company formerly known as Facebook, has secured antitrust approval from the EU to pursue its acquisition of US customer services software start-up Kustomer.

The social media giant’s decision to acquire the start-up attracted EU scrutiny last April, months before its rebrand. Then known as Facebook, the company planned to integrate Kustomer’s products, including a chatbot, into its service.

Now, Meta has assured the European Commission that it will provide rivals free access to its messaging channels for 10 years.

The EU was satisfied that this addressed competition concerns which previously arose from the company’s decision to acquire Kustomer.

“Our decision today will ensure that innovative rivals and new entrants in the customer relationship management software market can effectively compete,” EU antitrust chief Margrethe Vestager said in a statement.

Last December, Vestager’s Digital Markets Act was passed by EU lawmakers as part of the body’s plans to tighten the monopoly large multinationals hold in Europe’s digital space.

Facebook had initially announced its acquisition plan in November 2020. In February 2021, the Irish Council for Civil Liberties wrote to the European Commission outlining its concerns over data that Kustomer had gathered and what might happen to that data under Facebook’s watch. The Commission also received a referral request from Austria flagging concerns over the Kustomer deal.

Other Meta acquisitions have also attracted the scrutiny of competition regulators. Last November, the UK ordered Meta to sell Giphy after its acquisition of the GIF making company was found to have breached competition rules. In the US, it is facing an antitrust suit that could force the company to sell WhatsApp and Instagram.

The EU’s decision to allow Meta to pursue the acquisition of Kustomer comes following a recent vote in the European Parliament in favour of the Digital Services Act, a companion of the Digital Markets Act. The act represents the EU’s attempt to shift the balance of power away from Big Tech in favour of ordinary people.

The long-debated act was hailed by Facebook whistleblower Frances Haugen as a “gold standard”.

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.

Source link

Continue Reading

Technology

Now that I’ve finally played The Last of Us, who wants to talk about that ending? | Games

Voice Of EU

Published

on

‘OK, Dad, this is an incredible essay on the effects of grief and grey morality in a postapocalyptic society,” says the eldest child, AKA the millennial. “It’s got proper female characters, progressive takes on sexuality and tonnes of rain.”

“They’ve made a video game of The Handmaid’s Tale?”

“No, Dad. It’s The Last of Us. Don’t worry. It’s still a zombie shooter. And both games have the best ending ever.”

Now she has my interest. Video game endings fascinate me, because my generation started out with arcade games that didn’t have them. Pac-Man kept eating dots and chasing ghosts and the Space Invaders kept coming, wave after incessant wave. The first arcade game that had an actual ending was Dragon’s Lair and nobody actually saw that because it was so hard to complete.

I have a tough start with The Last of Us because I hate games where you search for stuff in every room of a house. I spend my normal life doing that with car keys and headphones. I want games where you walk into a room and all the objects get sucked into a magic pocket. But that isn’t realistic, I hear you cry. Well, neither is only being able to carry three shivs in a world where, despite the zombie apocalypse, cargo pants clearly still exist.

The Last of Us.
Jaw-dropping … The Last of Us. Photograph: Sony

I also hate any form of crafting, because that was what my generation had to do for “fun” as kids before we had video games. Whether it’s smoke bombs from sugar and explosives or a set of Action Man drawers from matchboxes, it’s all boring to me.

“Keep going,” I tell myself. “The millennial says it’s got the best ending ever.”

Throughout the first chapter of Joel and Ellie’s jaunt across a post-infected US I keep trying to guess what this great ending will be. Maybe Ellie isn’t immune to infection after all? Maybe Joel is her real father? Maybe they’re both unwitting participants in some reality TV show, I’m Infected Get Me Out of Here?

As you will all know by now – and if you’ve yet to play The Last of Us then please stop reading – the ending has Joel murder a perfectly innocent and well-intentioned doctor who wants to cut Ellie open to find a cure that will save humanity. But Joel has no truck with utilitarian philosophy, because Ellie has now become a replacement for the daughter he lost. So, he disregards mankind’s future and, by stopping the operation, effectively murders the entire human race (alongside a whole hospital’s worth of doctors).

“Why does he do that?” I asked the millennial, in one of many fantastic discussions we had about the game.

“Because he’s a white male,” came the answer, because it’s 2022 and she’s in her 20s. And maybe she’s right. Either way it is a jaw-dropping, supremely brave ending and the terrific Left Behind side-story also brought the feels.

The Last of Us Part 2
Grey morality … Ellie in The Last of Us Part 2. Photograph: Naughty Dog

So, when it came to The Last of Us Part 2, I was beyond excited. Fifty million hours later I was beyond disappointed.

Don’t get me wrong, the millennial nailed it when she said it was a great exploration of the effects of grief and grey morality. But after spending the whole game switching between two strong female characters (literally, have you seen Abby’s arms?) and contrasting factional creeds, you have the final confrontation. They fight. And … they both live. And go their separate ways. The only real damage is Ellie losing a couple of fingers, and the game portrays the worst consequence of this as not being able to play guitar any more. Seriously? That’s the biggest drawback to being fingerless in a zombie apocalypse? The first game ended with Joel murdering an entire civilisation, the second ends with Ellie murdering one song on a guitar. It’s a scene you might have found in The Secret of Monkey Island. It’s hilarious.

The Last of Us Part 2 leaves us with exactly the same non-ending as those original arcade games. Ellie and Abby will go on killing to keep their respective postapocalyptic factions going, both driven by the grief of murdered loved ones. They are both trapped, endlessly chasing ghosts. Sounds familiar…

The millennial says this shows there are no winners when it comes to revenge. I say they want both protagonists alive for The Last of Us 3. It’s a cynical cop out. But then, The Last of Us Part 2 is a game that features the most cynical scene ever, where apropos of nothing, after genuinely bravura portrayals of women, transgender and gay characters, alpha female Abby suddenly gets rogered from behind by some guy. It happens out of nowhere. The game spends umpteen hours portraying progressive sexuality, and then it’s like some marketing man decided they needed to toss the incels a piece of red meat to stop them hate-bombing all over 4chan (which didn’t work). It is easily the most gratuitous bit of nudity I have ever seen in games, and I have played The Witcher 3. The rogerer in question even has a girlfriend. Who is pregnant. Way to shit on a sister, Abby.

“It’s basically Pac-Man with gratuitous boobs,” I say to my eldest, who sighs and pours herself a large cup of coffee. This will be another long discussion.

Source link

Continue Reading

Technology

Texts from HMRC could show taxpayers’ location • The Register

Voice Of EU

Published

on

Exclusive Britain’s tax collection agency asked a contractor to use the SS7 mobile phone signalling protocol that would make available location data of alleged tax defaulters, a High Court lawsuit has revealed.

Her Majesty’s Revenue and Customs had the potential to use SS7 to silently request that tax debtors’ mobile phones give up location data over the past six years, according to papers filed in an obscure court case about a contract dispute.

SMS provider MMGRP Ltd, operators of HMRC’s former 60886 text messaging service, filed a suit against the tax agency after losing the contract to send text messages on its behalf. Court documents obtained by The Register show that the secret surveillance capability was baked into otherwise mundane bulk SMS sending carried out by MMGRP Ltd.

The tax collection agency, which has the power to retrospectively change laws, had been using SMS reminder messages as an enforcement tool.

We asked HMRC for comment, posing a series of questions including how long had it used HLR look-up techniques against taxpayers; did HMRC obtain necessary warrants to carry out HLR lookups and, if so, under what legislation and from which courts; how many times it had used this technique; under what circumstances it was deployed; and is the capability present in a contract with its new supplier.

In response, the Brit tax collection agency admitted to using home location register (HLR) checks, although it maintained: “HLR checks were used solely to check if a customer’s phone number was still active before sending a SMS message.”

What the papers say

The since-settled lawsuit over an alleged breach of public procurement laws was filed by the company which operated HMRC’s former 60886 SMS sender number and brought the HMRC surveillance powers to light.

MMGRP sued the HMRC last summer alleging breach of public contract regulations after the tax authority awarded a multi-million pound deal to one of MMGRP’s rivals in March.

Particulars of claim filed in the High Court in July last year by the SMS provider said:

The document also said the agency had asked for the capability of doing more than merely verifying that tax demands sent by text had been delivered, quoting the contract between the pair as requiring, under “Existing Services”:

In its defence document filed a month later, on 19 August last year, HMRC’s legal team admitted that part of MMGRP’s case, meaning they did not contest its truth.

The Reg wonders why HMRC did not dispute this is the legal papers, and and why the capability was baked into the contract the tax collector was not going to use it.

Describing the contract outlined in the lawsuit as “slightly odd”, Professor Alan Woodward, the University of Surrey-based compsci expert, told The Register: “I can see how this might be required if HMRC must later prove that a letter was received and read in a specific jurisdiction. Someone they are taking to court might claim they never received it or that it had no effect where they were when they were served with some form of formal notice.”

He added: “As with other powers, provided there is suitable legislation, oversight and transparency then it may have a place in chasing some of the tax evaders.”

GSM security expert Tobias Engel told The Register this location-finding service looked like a natural bolt-on to the SMS systems MMGRP was providing to HMRC, characterising it as a fairly routine service feature.

“A few years back this was still very easy,” said Engel, “since getting SMS routing information (the infamous so-called ‘HLR lookup’) already revealed a coarse location of the phone, and that same routing information could then be used to query the network for a more precise location.”

How does it work?

Signalling System Number 7 (SS7) is the signalling protocol used by mobile phone networks to route Short Messaging Service (SMS) messages.

Using SS7 to detect where messages were received is relatively simple. In essence SS7 tells mobile networks where to send messages based on which mast a particular phone number was last connected to. A register of those connections is kept and can be queried.

Thus the technique is called Home Location Register (HLR) lookup. Commands exist for querying a network’s HLR for a particular Mobile Station Integrated Services Digital Network number (MSISDN, or “phone number” to you and I). If you know the location of a mast where that MSISDN was last connected, you’ve got a radius of where the phone could be located. Cross-referencing that radius with multiple masts helps triangulate a specific phone, and thus its user.

This is the data used by police forces and others to locate criminals by tracking their mobile phones.

Bitter contract dispute

MMGRP’s lawsuit came about after HMRC had repeatedly extended the contract following its original expiry date of July 2020.

HMRC leaned heavily on the SMS provider for those short-duration extensions, raising the spectre of “reputational damage to HMRC, to outer [sic] Government Departments who utilise the service and ultimately to [MMG] as a provider” if the company didn’t agree.

For its part, MMGRP admitted that director Daniel Layton, “in the heat of the moment” threatened to shut off HMRC’s SMS services altogether when the tax authority told him it was awarding the contract to another company instead of renewing at the end of its existing term in early 2021.

“Mr Layton rapidly withdrew that threat,” the company’s particulars of claim added.

Ultimately the service was awarded to rival business IMImobile after lots of short-term extensions with MMGRP.

MMRGP owns the old HMRC 60886 SMS shortcode, which is why taxpayers are no longer advised to look out for messages from that number.

The court case has since been settled. HMRC does not say on its website that it makes use of HLR technology to identify taxpayers’ locations – but does list a range of ways in which it might try to contact them. ®

Source link

Continue Reading

Trending

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates 
directly on your inbox.

You have Successfully Subscribed!