Comments | hirez: Dylan lyric goes here

hirez

Dylan lyric goes here

Nov 20, 2007 20:21

Today we learn that the gummint (Revenue branch) really are a mob of hopeless tossers. Well, when I say learn I mean 'Will be featuring in this week's SANS newsletter, comp.risks (maybe) and many other places where people who profess to know/care about computer security will be able to point, laugh and go 'imagine my surprise ( Read more... )

angry brigade, hopeless shower of bastards, well imagine my surprise

Comments 11

blue_condition November 20 2007, 20:48:07 UTC

> Sadly, I don't believe this will enable me to demand an audit of the Revenue's systems and processes the next time they require their tithe.

Interesting idea, though. If enough people do it....

poggs November 20 2007, 20:59:20 UTC

We courier disks around with non-critical information, although it's important.

Transferring 40Gb of data up a 2Mb leased line isn't terribly quick...

(The comment has been removed)

hirez November 20 2007, 21:36:13 UTC

In the distant past, when I did NHS data-link stuff (aka 'Banging your head on a wall until the nice people take you away and lock you in a rubber room') we had a chap pitch up from GCHQ to instruct us in the ways of doing gummint-standard crypto.

If that sort of service was available in 1992, I fail to see why the Revenue apparently just boshed out a couple of CDs and gave them to the TNT-wallah. Of course it may later turn out that the data was encrypted, but given they've sat on the news for a month I fear I doubt it.

zotz November 20 2007, 22:39:19 UTC

BBC:

The chancellor blamed mistakes by junior officials at HMRC, who he said had ignored security procedures when they sent information to the National Audit Office (NAO) for auditing.

Mr Darling told MPs: "Two password protected discs containing a full copy of HMRC's entire data in relation to the payment of child benefit was sent to the NAO, by HMRC's internal post system operated by the courier TNT.

The package was not recorded or registered. It appears the data has failed to reach the addressee in the NAO."

Password-protected. So, not in plain, but not necessarily significantly obscured either. And in breach of regs. One head has already rolled, and I'm sure more are to come.

Thread 8

(The comment has been removed)

hirez November 20 2007, 21:28:03 UTC

You'll note that the link to the story points in your direction anyway...

redcountess November 20 2007, 23:58:52 UTC

The Making Light page must have some sort of script on it, D's laptop started overheating while I was trying to read it :/

d_floorlandmine November 21 2007, 10:42:33 UTC

Never underestimate the bandwidth of a Studebaker full of mag tapes
That's a great point.

entrusting the data to TNT is a reasonable alternative
I know people who work/have worked for TNT. They never use TNT. Ever. Nor do they consider it a reasonable solution, unless you want something to "go missing in the post".