Incomplete requirements definition + delusional planning timescales + inadequate testing + big bang deployment = FUBAR.
That's without the "It's Oracle, double your budget" factor.
Posts by Severus
21 publicly visible posts • joined 8 Aug 2017
Academics have 'no confidence' in Edinburgh University's response to its Oracle disaster
Microsoft pushes users to the Edge in Outlook, Teams
Wednesday 3rd May 2023 10:44 GMT
Oh dear, MS seem to have forgotten that IT professionals (and amateurs for that matter) deeply resent being told what to do and how to do it. Guided, advised, suggested? all fine, but TOLD? Oh dear me no, that will elicit the in-built "I'll find a way to do the opposite, I'll avoid your products like the plague, and a hex on your house" response.
White Castle collecting burger slingers' fingerprints looks like a $17B mistake
Wednesday 22nd February 2023 13:47 GMT
Re: Only the first one counts?
If they were using fingerprints for user verification then yes only the first one counts. You enrole and verify the person once, hash (encrypt) the fingerprint and then each time you authenticate an individual it reads the fingerprint, hashes it and compares it with the stored fingerprint, so yes the read and stored it once and then just read and compared after that and wouldn't have had to keep the subsequent verification images........unless of course they needed an audit trail for security purposes.....
There are plenty of reasons why government tech is stuck in the Stone Age
The world is 'clearly' not prepared for cyberwarfare
University of Hertfordshire pulls the plug on, well, everything after cyber attack
Saturday 17th April 2021 18:42 GMT
Do it right or don't do it at all.
Perhaps the Universities IT team should attend its own course - FdSc Computing Technologies (Networks and Cybersecurity). The woeful state of cyber security in the UK in both the private and public sector is akin to letting toddlers loose with flamethrowers. There should be independent penetration tests of any system with approved risk treatment plans before it is permitted to go live with mandatory criminal charges when problems like this arise and negligence is proven.
Ex-asylum seeker with infosec degree loses discrimination claim against UK cyber range provider after storming out
Tuesday 16th March 2021 11:52 GMT
Allegations without consequences
It is simply not right that people should be able to throw allegations of racism around with no basis in fact yet walk away Scott free when these claims are found to be false. There should be consequences where these allegations are found to be false and maybe that would separate the troublemakers from the legitimate claimants, for example the claimant should be personally made to pay ALL legal costs and compensation for defamation if the claim fails.
SolarWinds takes a leaf out of Zoom's book, hires A-Team of Stamos and Krebs to sort out its security woes
Tuesday 12th January 2021 01:20 GMT
Papering over the cracks
SolarWinds own security advisor Ian Thornton-Trump warned the management in 2017 but they didn't listen so he quit. They put profit before anything else and in the process screwed over all their customers who trusted them. Their reputation is in tatters, the trust is gone and the lawsuits will start rolling in. If there's any justice in the world the management will be stripped of their assets and jailed as a message to everyone out there to take security seriously!
Deloitte's Autonomy auditor 'lost objectivity' when looking at Brit software firm's disputed books, says regulator
Monday 11th January 2021 09:45 GMT
Caveat Emptor - Let the buyer beware
A purchase of that size would surely have merited an independent audit of the company paid for by the buyer, in the same way the buyer pays for a structural survey of a house they intend to buy. HPs own CFO stated that she thought that the offer was far too high and not in the best interests of the company. HP even based their bid on 11X annual earnings rather than the industry norm of 3X. The alarm bells should have been ringing load and clear. Not only should the buyer beware, but a fool and their money are soon parted!
UK public sector IT chiefs shrug off breach threats: The data we hold isn't that important
Saturday 7th December 2019 00:47 GMT
Re: muppets
Ever heard of data aggregation? Put all those little inconsequential nuggets together and pretty soon you have a digital profile good enough when stolen or "lost" to fuck up your life. EVERY piece of private data held by government deserves to be handled securely. To paraphrase, look after the little stuff and the big stuff takes care of itself.
£1bn UK justice system digitisation scheme in massive delay shocker
Police ICT Company kills £500m procurement, no longer wants one box shifter to rule them all
Saturday 18th May 2019 17:47 GMT
Re: No overall policy from the Home Office
In principle you're absolutely right, it makes no sense. However, in practice the Home Office couldn't run a bun fight in a bakery and expecting them to be able to establish and run a central IT system that would or could support all police forces is not credible.As for seetting policy, all they ever do is set policy which is like letting a 12 year old child perform brain surgery. If the individual forces were to surrender their IT budgets to the Home Office they would receive a much worse service at a vastly greater cost. Just look at what the Public Accounts Committee has to say about any of the large scale IT projects that the Home Office has under way.
UK Ministry of Justice: Surprise! We tested out biometric tech in prisons and 'visitors' with drugs up their bums ran away
'Year-long' delay to UK 5G if we spike Huawei deals, say telcos
Monday 31st December 2018 16:31 GMT
Re: Paranoia?
Just because you're paranoid, it doesn't mean they aren't trying to get you! What this boils down to is who do you you trust least? If you buy American stuff, you can bet the Yanks are spying on you, if you buy Chinese then the Chinese are spying on you and so it goes on. the big difference is that the UK and USA have strategic intelligence gathering alliances and share similar cultures and world views. Not so China and Russia and North Korea, these countries are the biggest threat to us and should be least trusted. What deranged and naive lunatic would put "enemy" equipment at the heart of the UK's telecomms network?
NHS supplier that holds 40 million UK patient records: AWS is our new cloud-based platform
Friday 30th November 2018 17:30 GMT
Shifting patient records to the cloud requires approval from NHS Digital
This would be the same NHS digital that presided over the Wannacry Clusterphuq that affected 45 NHS organisations including at least 81 out of 236 trusts across England plus a further 603 primary care and other NHS organisations including 595 GP practices would it? Well they obviously couldn't find their own @rses with both hands and a mirror on a stick, so should NOT be making this decision, the security services should be responsible for ensuring the data is secure. As it stands I may as well put my own health records up for sale and get a couple of quid for them because sure as the sun sets in the evening these records WILL be compromised and sold to the highest bidder.
If Shadow Home Sec Diane Abbott can be reeled in by phishers, truly no one is safe
HSBC now stands for Hapless Security, Became Compromised: Thousands of customer files snatched by crims
Tuesday 6th November 2018 23:05 GMT
There's no excuse...
It's unforgivable that banks do not enforce two factor authentication when customers access their services comprising something the customer has (e.g. mobile phone / token / card reader) and something the customer knows (e.g. password / PIN) so that even if one factor is compromised the customer is still protected.
It's also unforgivable that the fines levied by the financial authorities on companies that lose customer data are simply kept by those authorities rather than re-invested in those companies to fix the security problems that allowed those companies to lose the data in the first place. The bigger the data loss = the bigger the fine = the bigger the investment in fixing it.
Windows Server 2008 SP2 gets new support model
Cyber arm of UK spy agency left without PGP for four months
Tuesday 21st November 2017 14:26 GMT
Ever heard of the precautionary principle?
Of course the Chinese are spying on us, they are our enemies! Why don't GCHQ start with the precautionary principle? The principle implies that there is a social responsibility to protect the public from exposure to harm, when there is insufficient evidence to show that something is safe. These protections can be relaxed only if further scientific findings emerge that provide sound evidence that no harm will result.
NotBeingPetya: UK critical infrastructure firms face huge fines for lax security
Tuesday 8th August 2017 23:32 GMT
Rank Hypocrisy
The biggest UK victim of the WannaCry outbreak was the NHS, when last I heard the NHS was a Government Department so the Governments first task should be punishing itself for not complying with its own rules. Ah, but the reason for non-compliance was under-investment in IT by...you guessed it, the Government. So the government intends to punish itself for not complying with its own rules by fining itself a substantial sum which will leave itself with even less budget to spend on the deficient IT systems that caused the problems in the first place. This will make them more vulnerable to future attacks which will result in even heftier fines leaving them with less cash to fix the problems making them more vulnerable.......................
Biting the hand that feeds IT
