* Posts by Severus

15 posts • joined 8 Aug 2017

University of Hertfordshire pulls the plug on, well, everything after cyber attack

Severus

Do it right or don't do it at all.

Perhaps the Universities IT team should attend its own course - FdSc Computing Technologies (Networks and Cybersecurity). The woeful state of cyber security in the UK in both the private and public sector is akin to letting toddlers loose with flamethrowers. There should be independent penetration tests of any system with approved risk treatment plans before it is permitted to go live with mandatory criminal charges when problems like this arise and negligence is proven.

Ex-asylum seeker with infosec degree loses discrimination claim against UK cyber range provider after storming out

Severus

Allegations without consequences

It is simply not right that people should be able to throw allegations of racism around with no basis in fact yet walk away Scott free when these claims are found to be false. There should be consequences where these allegations are found to be false and maybe that would separate the troublemakers from the legitimate claimants, for example the claimant should be personally made to pay ALL legal costs and compensation for defamation if the claim fails.

SolarWinds takes a leaf out of Zoom's book, hires A-Team of Stamos and Krebs to sort out its security woes

Severus

Papering over the cracks

SolarWinds own security advisor Ian Thornton-Trump warned the management in 2017 but they didn't listen so he quit. They put profit before anything else and in the process screwed over all their customers who trusted them. Their reputation is in tatters, the trust is gone and the lawsuits will start rolling in. If there's any justice in the world the management will be stripped of their assets and jailed as a message to everyone out there to take security seriously!

Deloitte's Autonomy auditor 'lost objectivity' when looking at Brit software firm's disputed books, says regulator

Severus

Caveat Emptor - Let the buyer beware

A purchase of that size would surely have merited an independent audit of the company paid for by the buyer, in the same way the buyer pays for a structural survey of a house they intend to buy. HPs own CFO stated that she thought that the offer was far too high and not in the best interests of the company. HP even based their bid on 11X annual earnings rather than the industry norm of 3X. The alarm bells should have been ringing load and clear. Not only should the buyer beware, but a fool and their money are soon parted!

UK public sector IT chiefs shrug off breach threats: The data we hold isn't that important

Severus

Re: muppets

Ever heard of data aggregation? Put all those little inconsequential nuggets together and pretty soon you have a digital profile good enough when stolen or "lost" to fuck up your life. EVERY piece of private data held by government deserves to be handled securely. To paraphrase, look after the little stuff and the big stuff takes care of itself.

£1bn UK justice system digitisation scheme in massive delay shocker

Severus

Re: RE : To deliver a system that works better for everyone and delivers savings for the taxpayer."

You were doing so well, right up to the vacuous comment about missiles which completely negates your entire point of view.

Police ICT Company kills £500m procurement, no longer wants one box shifter to rule them all

Severus

Re: No overall policy from the Home Office

In principle you're absolutely right, it makes no sense. However, in practice the Home Office couldn't run a bun fight in a bakery and expecting them to be able to establish and run a central IT system that would or could support all police forces is not credible.As for seetting policy, all they ever do is set policy which is like letting a 12 year old child perform brain surgery. If the individual forces were to surrender their IT budgets to the Home Office they would receive a much worse service at a vastly greater cost. Just look at what the Public Accounts Committee has to say about any of the large scale IT projects that the Home Office has under way.

UK Ministry of Justice: Surprise! We tested out biometric tech in prisons and 'visitors' with drugs up their bums ran away

Severus

Why Bother?

Just put a big thick walls with perspex screens between the visitors and the inmates to block ALL physical contact, put mobile phone jammers on the prison roofs so deliveries can't be organised and I would think you'd cut contraband in prisons by 99% overnight.

'Year-long' delay to UK 5G if we spike Huawei deals, say telcos

Severus

Re: Paranoia?

Just because you're paranoid, it doesn't mean they aren't trying to get you! What this boils down to is who do you you trust least? If you buy American stuff, you can bet the Yanks are spying on you, if you buy Chinese then the Chinese are spying on you and so it goes on. the big difference is that the UK and USA have strategic intelligence gathering alliances and share similar cultures and world views. Not so China and Russia and North Korea, these countries are the biggest threat to us and should be least trusted. What deranged and naive lunatic would put "enemy" equipment at the heart of the UK's telecomms network?

NHS supplier that holds 40 million UK patient records: AWS is our new cloud-based platform

Severus

Shifting patient records to the cloud requires approval from NHS Digital

This would be the same NHS digital that presided over the Wannacry Clusterphuq that affected 45 NHS organisations including at least 81 out of 236 trusts across England plus a further 603 primary care and other NHS organisations including 595 GP practices would it? Well they obviously couldn't find their own @rses with both hands and a mirror on a stick, so should NOT be making this decision, the security services should be responsible for ensuring the data is secure. As it stands I may as well put my own health records up for sale and get a couple of quid for them because sure as the sun sets in the evening these records WILL be compromised and sold to the highest bidder.

If Shadow Home Sec Diane Abbott can be reeled in by phishers, truly no one is safe

Severus

Re: Eh?

Nurse, nurse Sed Gawk is out of bed again!

HSBC now stands for Hapless Security, Became Compromised: Thousands of customer files snatched by crims

Severus

There's no excuse...

It's unforgivable that banks do not enforce two factor authentication when customers access their services comprising something the customer has (e.g. mobile phone / token / card reader) and something the customer knows (e.g. password / PIN) so that even if one factor is compromised the customer is still protected.

It's also unforgivable that the fines levied by the financial authorities on companies that lose customer data are simply kept by those authorities rather than re-invested in those companies to fix the security problems that allowed those companies to lose the data in the first place. The bigger the data loss = the bigger the fine = the bigger the investment in fixing it.

Windows Server 2008 SP2 gets new support model

Severus

LOL Chris, had some bad experiences here have we? You and me both!

Cyber arm of UK spy agency left without PGP for four months

Severus

Ever heard of the precautionary principle?

Of course the Chinese are spying on us, they are our enemies! Why don't GCHQ start with the precautionary principle? The principle implies that there is a social responsibility to protect the public from exposure to harm, when there is insufficient evidence to show that something is safe. These protections can be relaxed only if further scientific findings emerge that provide sound evidence that no harm will result.

NotBeingPetya: UK critical infrastructure firms face huge fines for lax security

Severus

Rank Hypocrisy

The biggest UK victim of the WannaCry outbreak was the NHS, when last I heard the NHS was a Government Department so the Governments first task should be punishing itself for not complying with its own rules. Ah, but the reason for non-compliance was under-investment in IT by...you guessed it, the Government. So the government intends to punish itself for not complying with its own rules by fining itself a substantial sum which will leave itself with even less budget to spend on the deficient IT systems that caused the problems in the first place. This will make them more vulnerable to future attacks which will result in even heftier fines leaving them with less cash to fix the problems making them more vulnerable.......................

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2021