線上測試 SQL Injection 喔喔喔

在「An SQL Injection Attack Is a Legal Company Name in the UK」這邊看到英國的這家公司:「; DROP TABLE "COMPANIES";-- LTD」,根本就是在幫大家測試 XDDD

當然,大家也都馬上聯想到這則 xkcd 漫畫:「Exploits of a Mom」。

來招喚 QQ 姊翻譯這則 xkcd 漫畫?

英國通過法案要求 ISP 記錄使用者觀看過的網站

英國前幾天通過了最激烈的隱私侵犯法案,要求 ISP 必須記錄使用者觀看過的網站:「Britain has passed the 'most extreme surveillance law ever passed in a democracy'」:

The law forces UK internet providers to store browsing histories -- including domains visited -- for one year, in case of police investigations.

不愧是 George Orwell 生前的國家,居然先實現了他的理想國... 接下來 Let's EncryptTor 的重要性就更高了。

用手勢在會議中表達意思

英國內閣辦公室中的英國政府數位服務 (Government Digital Service) 發展了一套手勢 (六個),可以在不用打斷發言過程下表達出一些簡單的意見或是表示想要有進一步的討論:「Platform as a Service team takes even-handed approach to meetings」(網站好像有點熱門,讀取速度變慢不少 XD)。

提高會議溝通的效率...

英國 GCHQ 打算在英國實施全國大規模的 DNS filtering 過濾機制

如標題所提到的,GCHQ 打算以安全為由,實施大規模的 DNS filtering 機制:「GCHQ planning UK-wide DNS ‘firewall’」,GCHQ 的官方新聞稿在「A new approach for cyber security in the UK」這邊。

很類似 GFW 的作法,但在英國這種國家這樣做太明顯,所以政府需要使用 FUD (Fear, Uncertainty, Doubt) 的方式恐嚇公民,藉由洗腦公民取得更多的權力。

這次是對 DNS level 過濾,如果政策成功地壓過去實施,接下來就會有更多的機制來過濾對當政者不利的言論。

19 歲的英國寫了個機器人程式產生上訴文件,半年成功消滅了一億的罰單

看起來是用 template 加上一些問題組合成的:「A 19-year-old made a free robot lawyer that has appealed $3 million in parking tickets」、「A teenager has saved motorists over £2 million by creating a website to appeal parking fines」。

會問一些問題,然後產生一份文件讓你上訴:

Once you sign in, a chat screen pops up. To learn about your case, the bot asks questions like "Were you the one driving?" and "Was it hard to understand the parking signs?" It then spits out an appeal letter, which you mail to the court. If the robot is completely confused, it tells you how to contact Browder directly.

網站名稱叫做 www.donotpay.co.uk 也很清楚目的 XDDD

英國法院認為 GCHQ 偷黑別人機器是合法的

出自「Tribunal rules computer hacking by GCHQ is not illegal」這篇報導。在 Edward Snowden 爆料美國與英國政府都在幹黑的後,Privacy International 就提出訴訟控告 GCHQ,但前幾天法院認定這樣是合法的:

Campaigners Privacy International have lost a legal challenge claiming the spying post's hacking operations are too intrusive and break European law.

The case was launched after revelations by US whistleblower Edward Snowden about the extent of US and UK spying.

接下來的戰場會變成在 Investigatory Powers Bill 上面?還是會繼續有上訴?

英國計畫在 2018 年開始強制企業公佈男女的平均薪資及 Bonus

英國計畫從 2018 年開始,超過 250 人的公司必須公佈男女的平均薪資及 Bonus:「Companies will be forced to reveal their gender pay gap」:

The new rules, revealed on Friday, will apply to all companies with more than 250 employees.

除了平均薪資以及 bonus 外,還必須公開每個區間的人數:

In addition to publishing their average gender pay and bonus gap, around 8,000 employers across the country will also have to publish the number of men and women in each pay range.

目標是希望讓資訊更透明讓人力市場更健康:

The government is hoping that naming and shaming firms that pay women a lot less than men in the same jobs will push them to stop the practice, because it will make it harder for them to attract top talent.

可以看到目前估算出來的差異:

另外美國也在規劃類似的法案,不僅僅是性別,還包括了種族等其他資訊:

In the U.S., similar plans are also under discussions. President Obama announced a proposal earlier this month that would require companies with more than 100 employees to report how much they are paying their employees by race, ethnicity and gender.

英國將 10Mbps 上網訂為法定權利

在「UK govt to make 10 Mbps broadband a legal right」這邊看到英國政府打算更新法案,逐步將 10Mbps 上網速度訂為法定權利。

目前法定權利是 28.8Kbps 的撥接速度:

Currently, the minimum USO for data access in Britain is just 28.8 Kbps, or dial-up speeds.

打算在今年年底拉高為 2Mbps,並且在 2020 年拉高為 10Mbps:

Under the proposal, the minimum speed specified by the USO will be raised to 2 Mbps by the end of the year, before further increasing to 10 Mbps by 2020.

英國首相 David Cameron 公開說明,internet 應該被認定為基本權利:

"Access to the internet shouldn’t be a luxury; it should be a right – absolutely fundamental to life in 21st century Britain," Cameron said.

英國政府對電腦的資安管理機制:Ubuntu 14.04 LTS 的部份

Ubuntu Insights 上看到「UK Government issues Ubuntu 14.04 LTS Security Guidance」,英國政府發布了 Ubuntu 14.04 LTS 的資安規範:「End User Devices Security Guidance: Ubuntu 14.04 LTS」,在裡面甚至還包括了 script 幫你處理。

可以在「End User Devices Security and Configuration Guidance」的「Per-platform Guidance」看到其他作業系統的資安管理規範。

在企業規劃內部的資安規範時也可以拿來參考看看?