"At any one time it only has the details of anyone who is in the early part of the registration process."
So an ongoing compromise gets everybody who registers.
Claims the Government Gateway online identity portal has been "hacked" have been dismissed as "nonsense" by the man originally responsible for the project and by two government information security experts. Earlier this week the Financial Times (behind paywall) reported that “tens of thousands” of Britons’ identities were …
Because it has been running for 14 years without a TalkTalk style incident?
Or because some 15 year old script kiddie doesn't yet know how to break it ?
Sorry - just because something has been around for a while is NOT the reason to replace it. (Unless we are talking about that sandwich in my work drawer with a best-by date of 15/03/08..)
It maybe that it "badly needs replacing" because it looks old and clunky, however that's more of a best before than use by date issue.
if you look at the "badly needed" gov.uk web site perhaps old and clunky isn't that bad after all.
It maybe depends on the underlying tech, the server hardware and OS, and keeping that in a reliable state may be getting tricky. Besides, we know how much else was done with hot 2001 tech that could have problems. Anything that needs you to use Adobe Flash or Apple Quicktime, for instance.
Which Browser does your bank want you to use?
It's arguable that far too many of these projects have grossly underestimated the long-term support effort needed, It's not the data storage, it's the interface with the users.
If it's been running for 14 years, it may be OK, or you may end up with fun and games with certain browsers depending on the technologies used. I got this while looking at the digital certificate login option on Chrome (Windows 7), so judge for yourself:
"Sorry, you cannot register with, or log in to the Government Gateway using this certificate provider and web browser combination. These certificates are not currently supported on the Macintosh operating system and Netscape 6.x version browsers on all platforms."
Readers are reminded that
and, what's more,
The problem with pretending that "hackers got nothing" or "not possible" or whatever other bogus ass-covering claim get made, is that the hackers already know what they got.
Look at the Comelec hack. The government said that same thing, so the hackers posted the data to prove it.
These guys are *selling* the data, so they're obviously not going to post it all for free to prove it.
Face the music. You got hacked. They stole it. Take the blame, don't play it down, and FIX THE PROBLEMS!