Comments | hirez: Dylan lyric goes here

hirez

Dylan lyric goes here

Nov 20, 2007 20:21

Today we learn that the gummint (Revenue branch) really are a mob of hopeless tossers. Well, when I say learn I mean 'Will be featuring in this week's SANS newsletter, comp.risks (maybe) and many other places where people who profess to know/care about computer security will be able to point, laugh and go 'imagine my surprise ( Read more... )

angry brigade, hopeless shower of bastards, well imagine my surprise

Leave a comment

Back to all threads

poggs November 20 2007, 20:59:20 UTC

We courier disks around with non-critical information, although it's important.

Transferring 40Gb of data up a 2Mb leased line isn't terribly quick...

(The comment has been removed)

hirez November 20 2007, 21:36:13 UTC

In the distant past, when I did NHS data-link stuff (aka 'Banging your head on a wall until the nice people take you away and lock you in a rubber room') we had a chap pitch up from GCHQ to instruct us in the ways of doing gummint-standard crypto.

If that sort of service was available in 1992, I fail to see why the Revenue apparently just boshed out a couple of CDs and gave them to the TNT-wallah. Of course it may later turn out that the data was encrypted, but given they've sat on the news for a month I fear I doubt it.

zotz November 20 2007, 22:39:19 UTC

BBC:

The chancellor blamed mistakes by junior officials at HMRC, who he said had ignored security procedures when they sent information to the National Audit Office (NAO) for auditing.

Mr Darling told MPs: "Two password protected discs containing a full copy of HMRC's entire data in relation to the payment of child benefit was sent to the NAO, by HMRC's internal post system operated by the courier TNT.

The package was not recorded or registered. It appears the data has failed to reach the addressee in the NAO."

Password-protected. So, not in plain, but not necessarily significantly obscured either. And in breach of regs. One head has already rolled, and I'm sure more are to come.

hirez November 20 2007, 23:29:26 UTC

Yes. I just watched Paxo and Ross Anderson give govt-woman a grilling on Newsnight.

zotz November 20 2007, 23:31:17 UTC

Any actually useful information admitted?

hirez November 20 2007, 23:48:08 UTC

Not really. Woman was banging on about 'lessons learned' and 'procedures in place being ignored' while (prof?) Anderson carefully explained that they'd not got a hope of making it work and throwing technology at the problem would only make it worse.

We can only hope that the data's properly lost. If it's in the hands of the blackhats, it'll be downloadable from a cracked webswerver in the next week or so. I'll keep an eye on the full-disclosure list for the announcement.

blue_condition November 21 2007, 00:17:01 UTC

Bright as Anderson is (I've been to several seminars by him and Security Engineering is a book everyone in computing should memorise) he's a chronic self-publicist. ;)

Back to all threads