Ewan
Suspended / Banned
- Messages
- 2,498
- Edit My Images
- Yes
and help to keep the site free for all
They've done it again...
- Thread starter Ewan
- Start date
- Messages
- 7,625
- Name
- Colin
- Edit My Images
- Yes
I don't see what the problem is, it's an optical disk and it has been encrypted, by the sounds of it they have done everything possible to secure the confidentiality of the data and no-ones details are at risk.
And this **** isn't helping matters:
Maybe if he got his facts right instead of grandstanding and trying to score cheap political points we could have a measured and reasonable debate which could help to identify the underlying problems and put the appropriate countermeasures in place.
Politicians.
And this **** isn't helping matters:
Maybe if he got his facts right instead of grandstanding and trying to score cheap political points we could have a measured and reasonable debate which could help to identify the underlying problems and put the appropriate countermeasures in place.
Politicians.
ianm79
Suspended / Banned
- Messages
- 2,390
- Name
- Ian
- Edit My Images
- No
Securely encrypted? Bet the password is SEXGOD or similar
we shouldn't laugh, but it's probably even less complex
Tulipone
Suspended / Banned
- Messages
- 3,111
- Name
- Chris
- Edit My Images
- Yes
I would doubt that the password is trivial - there is quite alot of effort going into protection of government data right now, probably more than ever.
It is easy to point at the bad person who loses data, at least now the losses are encrypted. Lets face it, if you found a USB stick/laptop in the road, would you plug it in your PC to find out what is on it? If it were encrypted, if you knew that you'd probably try to crack it and it is likely that you'd fail. You'd probably then try and format it so that you could use it and probably also fail to do that. What would you do then? Send it to the Sun?
It is a fact of life that we now need to share data more than ever. If we understand the risk and mitigate as far as possible then get the data owner to accept the residual risk that has to be sufficient. If it is not, you do not share data and you do not use optical or flash media. You probably do not have networks and you work in a darkened room with no door or windows.
Chris
It is easy to point at the bad person who loses data, at least now the losses are encrypted. Lets face it, if you found a USB stick/laptop in the road, would you plug it in your PC to find out what is on it? If it were encrypted, if you knew that you'd probably try to crack it and it is likely that you'd fail. You'd probably then try and format it so that you could use it and probably also fail to do that. What would you do then? Send it to the Sun?
It is a fact of life that we now need to share data more than ever. If we understand the risk and mitigate as far as possible then get the data owner to accept the residual risk that has to be sufficient. If it is not, you do not share data and you do not use optical or flash media. You probably do not have networks and you work in a darkened room with no door or windows.
Chris
OP
Ewan
Suspended / Banned
- Messages
- 2,498
- Edit My Images
- Yes
Maybe if he got his facts right instead of grandstanding and trying to score cheap political points we could have a measured and reasonable debate which could help to identify the underlying problems and put the appropriate countermeasures in place.
Politicians.
I agree with you there. But there is certainly a problem. The Government are asking us to give them more and more of our information, and they're giving it to more and more people, despite the fact that they keep losing it! I'm sure they're doing their best, but in the end, people lose things. We lose our keys, wallets and papers on a daily basis (or at least I do..), and there's no reason why people who work in the Government would be any different. The only difference is, they've got memory sticks and disks containing various kinds of information about people which fraudsters are obviously eager to get their hands on.
OP
Ewan
Suspended / Banned
- Messages
- 2,498
- Edit My Images
- Yes
They are
They do get some things right, luckily for us What I don't quite understand is how they will teach Local Councils to encrypt data in the right way. Can someone with knowledge of encryption tell us how easy it is for someone to encrypt data, and how effective that encryption is likely to be? My local council can barely manage their website properly, I don't know where they get their IT people
Splog
Suspended / Banned
- Messages
- 6,257
- Name
- Steve
- Edit My Images
- No
we shouldn't laugh, but it's probably even less complex
Actually, it's probably PASSWORD
Tulipone
Suspended / Banned
- Messages
- 3,111
- Name
- Chris
- Edit My Images
- Yes
What I don't quite understand is how they will teach Local Councils to encrypt data in the right way. Can someone with knowledge of encryption tell us how easy it is for someone to encrypt data, and how effective that encryption is likely to be? My local council can barely manage their website properly, I don't know where they get their IT people
It is a change of ethos. You have to have a system in place - as government do not always 'own' their systems it is neither cheap nor quick to impliment. There are issues of presharing keys, generation of crypto - even down to ensuring that the products that are used are 'strong' enough for the data that they are protecting. Widescale education of users is also a huge task.
It is easy to throw stones and government are a target and being targetted. How data safe is the company you work for? Do ALL of their laptops have full hard disk encryption? Is ALL of their optical and flash media encrypted? Do they send unencrypted traffic over the Internet? Do they use VoIP on public networks - are THEY giving away your details/competative advantage?
Chris
OP
Ewan
Suspended / Banned
- Messages
- 2,498
- Edit My Images
- Yes
I'm not saying that because the Government are a bunch of incompetent fools they're going to lose our data. It's just a fact of life that if they keep asking for more and more of our information, and if they keep giving it to more and more people (see here, or here), then it is simply a matter of time before they lose something! As you pointed out so well in your post - encryption is hard and people often don't bother! Why should the Government be any different?
I'm using the term 'Government' evermore loosely here, as a term for anyone who will have access to this data.
CopeImages
Suspended / Banned
- Messages
- 516
- Name
- Guy Cope
- Edit My Images
- No
...like putting a lock on the drawer ........
How come I don't lose my house or my car or my wallet?
Cos I bleeding well look after it and value their worth........
It really isn't Rocket Science suuuuuuuuuuuuuuuurely :bang:
- Messages
- 1,164
- Name
- Martyn
- Edit My Images
- Yes
I work for a major global communications provider, who actually provide and maintain the majority of the governments network. The problem here is that most of the individual goverment departments have their own encrypted IPVPN network but the different departments can not de-code from another network.
So if the different departments need to share information, and they are always needing to then the information needs to be passed between networks via a different media. A simple solution would be to put all the departments on the same network, but they all have different security requirements, budgets, hardware, operating systems etc.
Its an issue that is not going to go away.
So if the different departments need to share information, and they are always needing to then the information needs to be passed between networks via a different media. A simple solution would be to put all the departments on the same network, but they all have different security requirements, budgets, hardware, operating systems etc.
Its an issue that is not going to go away.
kitten
Suspended / Banned
- Messages
- 783
- Edit My Images
- No
What makes me laugh is all the fingers pointing at the government that seem to just go 'GOVERNMENT LOSES MORE INFORMATION WAHWAHWAH' and conveniently ignore these salient points:
So, the government agency involved set up a process which meant it was encryted and secured. Then a major courier company lost it. And yet that is still the government's fault?
1) it's encrypted
2) it's on an optical disk
3) It was with a reputable courier firm when it was lost.
I could understand if it was on a random USB pen or unencrypted DVD/CD that can be accessed easily, however it's STILL ultimately the courier that lost it - NOT the government agency involved. I think people would be crying about carbon footprints and money wasting if someone drove the damn thing down to the place it's supposed to go to, but other than that, and using approved security procedures and approved companies, I'm not sure what they can do. SUrely it's someone at TNT that should be taking the rap here for not following the proper process.
So, the government agency involved set up a process which meant it was encryted and secured. Then a major courier company lost it. And yet that is still the government's fault?
1) it's encrypted
2) it's on an optical disk
3) It was with a reputable courier firm when it was lost.
I could understand if it was on a random USB pen or unencrypted DVD/CD that can be accessed easily, however it's STILL ultimately the courier that lost it - NOT the government agency involved. I think people would be crying about carbon footprints and money wasting if someone drove the damn thing down to the place it's supposed to go to, but other than that, and using approved security procedures and approved companies, I'm not sure what they can do. SUrely it's someone at TNT that should be taking the rap here for not following the proper process.
Last edited:
Tulipone
Suspended / Banned
- Messages
- 3,111
- Name
- Chris
- Edit My Images
- Yes
...like putting a lock on the drawer ........
How come I don't lose my house or my car or my wallet?
Cos I bleeding well look after it and value their worth........
It really isn't Rocket Science suuuuuuuuuuuuuuuurely :bang:
But government do put locks on their doors, they even pay pay people to check that doors are locked - especially where data is stored. Unfortunately they have some people working for them (or contractors) that are slightly less diligent than they should be. If there was someone checking your doors, windows, wi-fi, patching levels, car every minute of every day - also that of everyone in your town how long would it be before someone slipped up?
They DO value the data. They are spending a great deal of your money to secure it. If you feel that they are not spending enough, or paying enough enough to consultants, I am sure your local tax office will happily take more money from you to pay for it.
You are right, it's not rocket science. Bet I can hack your wireless connection within a few hours without you knowing about it with tools simply available from the internet. Is that careless of you?
Government are getting better. It will take time and things will always go wrong, whilst they are improving and there is a continued requirement to share it seems silly that they are continued to be beaten up.
Just my 2p's worth
Chris
CopeImages
Suspended / Banned
- Messages
- 516
- Name
- Guy Cope
- Edit My Images
- No
But government do put locks on their doors, they even pay pay people to check that doors are locked - especially where data is stored. Unfortunately they have some people working for them (or contractors) that are slightly less diligent than they should be. If there was someone checking your doors, windows, wi-fi, patching levels, car every minute of every day - also that of everyone in your town how long would it be before someone slipped up?
They DO value the data. They are spending a great deal of your money to secure it. If you feel that they are not spending enough, or paying enough enough to consultants, I am sure your local tax office will happily take more money from you to pay for it.
You are right, it's not rocket science. Bet I can hack your wireless connection within a few hours without you knowing about it with tools simply available from the internet. Is that careless of you?
Government are getting better. It will take time and things will always go wrong, whilst they are improving and there is a continued requirement to share it seems silly that they are continued to be beaten up.
Just my 2p's worth
Chris
Yeah but when I foul up I lose my job and that's potentially when it happens once. How many more times do personal documents or details have to go missing before someone stops and thinks........Our systems aren't up to the job.
If the contractors aren't honest enough don't use them. Simple.
Re. the spending of money not being enough. It's not about throwing money at the task, it's about doing it right first time and learning from other's mistakes.
I'm sick and tired of reading about people & departments doing sub-standard jobs and getting away with it or even worse being paid a fortune for it.
It's a couple of years now since we first read of private data going missing. Is that not long enough to learn from regardless of where it happened. It's a known issue so why aren't safeguards put in place to recitfy it hapening especially in local authority & government places. I have a review every 6 months and I assure you, if I aint corrected any faults by the next review, I'm out on my ear. I don't get two years to hear of other people making the same mistakes and still not rectifying them and I certainly don't get someone backing me up when I f***ed up.
Last edited:
Tulipone
Suspended / Banned
- Messages
- 3,111
- Name
- Chris
- Edit My Images
- Yes
...and you think that these foul ups do not cost jobs. They do. They also have cost Companies their contracts when they screw up.
I don't think that honesty even enters the problem - apart from when someone nicks something that ends up on eBay.
Thats not quite what I said. These things get resolved by time/effort/money. If you want to resolve an issue you need to do more of something, it would seem that time is not an option, therefore more effort or money is required. The concensus appears that the effort is also not sufficient and that leaves money. Money comes from tax payers. Want to make out a cheque?
Think that we covered this. Issues like the National ID card scare me - all that important data in one place. If it can be made, it can be remade (with sufficient effort). If it is decided that this will have National rollout across the populous it will be a fantastic target and fingers crossed that will be locked down.
...this is far bigger than a six month project. What makes you think that things are not better after two years? The papers love to report it - they used to love accidental loss of Colonel Blah Blahs briefcase containing a used plimsole and a porn mag. They are so keen for the story, they will even complain when an encrypted item (back to the OPs story) is lost.
Chris