Introduction About Site Map

XML
RSS 2 Feed RSS 2 Feed
Navigation

Main Page | Blog Index

Archive for the ‘Security’ Category

Cyber Attacks and More

Wormwood Meteor Of Revelation

There are cyber attacks against our Web sites this week. These attacks take several different forms. These are clearly censorship attempts. We have paper trail to prove that.

Any attacks – no matter their form – tend to indicate fear. In this case, the fear is that information that we published will be available and remain available for many years to come.

Sustaining attacks is one thing; reporting them is another. What’s happening is illegal. It will be treated as such.

We’ll carry on publishing as usual. Curtailing access to information is never a winning strategy for all sorts of reasons.

DDoS Attacks: Tux Machines and Techrights Impacted

I AM not sure who is doing this and why, but the server of Tux Machines is under DDoS attack. It impacts Techrights as well. I wrote about this back in April when it began, then again ~3 weeks later.

The Web is so chaotic on so many levels.

CDNs are not the solution. Access gatekeeping with JS is not the solution either, it’s another new problem.

You Can Hate Donald Trump and Object to Electronic Voting Machines at the Same Time

Schismogenesis in Bill Gated-funded sites (those machines run Windows with back doors):

Schismogenesis

I NEED to clarify upfront I do not believe the 2020 election in the United States was “stolen” and I do not support Donald Trump. He disgusts me.

The United States is still “using fraudulent voting machines” with back doors, a friend has reminded me. But the media giants aren’t talking about and “associating opposition to fraudulent voting technologies/products with crazies. Other crazies will defend fraudulent voting technologies/products for no other reason than those two crazies are opposed to them…”

Techrights did at least 2 “statements” on this issue [1, 2] just to clarify voting machines are no good regardless of news sites’ rhetoric.

Quit using opaque electronic voting machines and then lessen the likilohood of armed fanatics storming government buildings in an act of overt insurrection.

Windows Needs to Disappear

I recently wrote about security crises associated with Windows deployments. “On the topic of Windows,” a friend told me (citing this one article): “The writers there (and elsewhere) conflate spending with results. Security is part of the design and not an aftermarket add-on. The latter is a pointless and futile waste of time and money, but one which keeps Microsoft market share from bottoming out. [...] the Microsoft way of thinking permeates their design *and* implementation *and* especially their deployment.”

I still firmly believe that removing most Windows installations out there (ultimately all of them) would considerably improve computer security worldwide. Microsoft designs things not for security but the very opposite (remote access by the state). ?

Forms for Reporting Data Breaches Exist to be Used and for Those Affected to Get Notified

Summary: One last note on the issue of Greater London Authority (London Municipality); even though forms exist to report security breaches or incidents of data breaches, Greater London Authority never seems to have bothered with this; the culmination of this in the media (a scandal which puts at risk victims of sex crimes) overlooks a history of repeat/recurring incidents

As far as I’m aware, this was never reported (to those impacted) except internally.

GLA staff (it wasn’t the first such issue, nor the last):

GLA: Drupal access

So what good are such forms?

GLA form for data breach #1

GLA form for data breach #2

Greater London Authority Fails to Meet GDPR Rules

Data breaches’ handling policies/stance of GLA were not followed when I was there. Here they are in their own words:

GDPR, GLA, and Data Breaches

Meanwhile in the news:

Complaints to Sadiq Khan’s Met police watchdog on public view in ‘data breach’

Also this past weekend:

Metro: Sexual abuse survivor ‘appalled’ after personal details leaked in data breach

Summary: This past weekend Greater London Authority’s managers came under fire for mishandling of data (this went on for months!) and it wasn’t even the first time; usually they keep quiet about such things and hope nobody will notice while IT people — including Sirius ‘Open Source’ — are retroactively ‘fixing’ these issues

On the Greater London Authority Data Breach With Sex Abuse Victims’ Personal Details

Video download link | md5sum 65e2f74fa8f4c609f78e27dd7bf22983
Greater London Authority (GLA) Breaches Not Surprising
Creative Commons Attribution-No Derivative Works 4.0

Summary: The biggest clients of Sirius ‘Open Source’ included Greater London Authority, or GLA for short; GLA is making some shy and bashful faces right now, as there’s negative publicity after a damning incident

THE account sharing (mal)practices at GLA were noted here before. We often shared usernames and passwords (one colleague even sent passwords in plain text by GMail) and last year I cautioned GLA that LastPass had been breached and that Sirius kept GLA passwords in there. The vault was never safe and I protested against the use of LastPass repeatedly for several years (the liar would not listen). I habitually complained about bad security practices and only in 2022 or thereabouts we finally had individual UNIX accounts on the gateway machine rather than a shared account. Imagine the company bragging about ISO compliance while doing all that.

The video above focuses less on account sharing and instead talks about the site, including Drupal. In the distant past we already had severe permission issues (these were pointed out internally), but it remains rather baffling if not flabbergasting that names of sex crimes victims somehow ended on the public Web site. They should not be on any site at all. I explain the Microsoft-centric workflows and how they contribute to the risk. Poor security practices and a lack of proper protocols made the current blunder more or less inevitable. Cowboys shooting from the hip is no way to run a site of a city as important as London.

Retrieval statistics: 21 queries taking a total of 0.085 seconds • Please report low bandwidth using the feedback form
Original styles created by Ian Main (all acknowledgements) • PHP scripts and styles later modified by Roy Schestowitz • Help yourself to a GPL'd copy
|— Proudly powered by W o r d P r e s s — based on a heavily-hacked version 1.2.1 (Mingus) installation —|