Greater London Authority's Web Site and Security Lapses, Not Just Human Errors

Dr. Roy Schestowitz

2023-07-16 23:49:21 UTC
Modified: 2023-07-16 23:58:24 UTC

Summary: Data security and system security at Greater London Authority's Web site haven't been good; today we share just a couple of examples which help refute statements issued by Greater London Authority after a scandal that had made it to the mainstream media

MY! It really takes a liar to progress to management. The better the liar, the higher up the role.

As I mentioned the other day, there's somewhat of a blunder since Friday when the news broke:

The following conspicuous statement is worth assessing, as I was working on the sites (various aspects, some microsites too) for 9 years.

You would expect them to say that, wouldn't you?

As I said on Saturday morning, this has deja vu written all over it.

to give one example (there are more):

It wasn't Sirius stuff (and certainly wasn't me) who configured those terribly buggy forms.

As lying bosses at Sirius might say, "it doesn't look good..."

It's not the fault of Sirius either, at least not in this case.

The worst part of it is, as far as I'm aware GLA never publicly reported or disclosed this incident (sometimes this is legally required upon discovery or within a number of days, including informing those potentially affected, like people with their identity cards uploaded and widely available to the general public).

This isn't the only such example.

2 years later even malicious scripts/programs could be uploaded. It was only detected after it had happened. Here are some fragments of old messages:

GLA: can uploaded malware

GLA: any file uploaded

This is a penalty for not scanning/sanitising uploads/input.

Why am I publishing these (redacted sensibly)? Because lying is wrong and privacy problems are the problem, speaking about them is not the problem. It is the moral thing to do -- to point out it is a repeat offender so to speak. There is an obligation here to debunk false assurances, as this has gone on for years already. ⬆

Recent Techrights' Posts

Speed of GNU/Linux: The media seldom speaks of the dangers of "proprietary software"
Proprietary Windows Versus "Linux" News (Trying to Keep People on Windows, Never Exploring GNU/Linux): Good editors know better how to recognise threats and not give them lip service
Ensuring That Every Computer User Anywhere in the World Can Take Control of All His or Her Computers: We must fight the people who attack general-purpose computing, in particular those who push this agenda very aggressively inside Linux
Gemini Links 28/04/2025: Autism and Structural Navigation: Links for the day
What Happened to the Open Source Initiative (OSI) Elections: The Purge, the Cover-up, and the Witch-hunts: OSI has gone "full Microsoft"
Links 28/04/2025: Canada's Election, Pakistan-India Conflict: Links for the day
Glue Inside Your Pizza (or Why People Will Get Fed Up With Slop): People are given "answers" from non-intelligence word dumpsters
Links 28/04/2025: Cyberattacks Happening, Chatbots Disappointing, and "Free Speech Under Fire": Links for the day
Phone Adoption Very Low in Vatican, Windows Usage Fell Nonetheless: Even in places where people still use desktops/laptops most of the time (and have access to these) Windows is gradually losing ground
GNU/Linux 9% in Cuba, Vista 11 Waning, Android Dominant: Microsoft has pretty much lost Cuba
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Sunday, April 27, 2025: IRC logs for Sunday, April 27, 2025
In 24 Countries Observed by statCounter Vista 11 is Still Less Than a Quarter of Windows Users Despite All Other Versions Being 'Expired': They ought to move to GNU/Linux
Links 27/04/2025: Pope Goodbyes, "Politics of Fear", Slop Redux and More Google Shutdowns (Google Debt Had Grown This Year): Links for the day
Links 27/04/2025: Serenity Dialectics, Hockey Jersey Ethics, and More: Links for the day
Links 27/04/2025: Death of Nest Thermostats, Death of Metaverse: Links for the day
Links 27/04/2025: Projects Workflow and Discovering Technology: Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Saturday, April 26, 2025: IRC logs for Saturday, April 26, 2025
Microsoft Isn't on the Map in USSR: To them, it's either Google or Yandex
In Central America Windows Became a Small Force: These are countries where Windows used to have well over 95% of the "market"
What's Very Vexing to GAFAM, EPO and Others Is That It's Incredibly Hard to Censor Us (and Nobody Ever Successfully Did That Before): resist, do not capitulate
Site May be Even Faster Now: It basically takes less than a tenth of a second to serve the page
Receiving SLAPPs and Collecting Them Like Trophies (the SLAPPs Always Fail): People who file lawsuits bring even more attention to themselves (or to embarrassing statements about them)
Year of GNU/Linux on the Laptop?: It's not happening only in Lenovo
What People Must Understand About the Open Source Initiative (OSI): some facts about the Open Source Initiative (OSI)
Many of the Scandals Are Interconnected (Overlapping People and Corporations): We're only getting started
More Copyright Lawsuits Against LLM Slop Providers and Suppliers of LLM Slopfarms Would Benefit Society: It's not just bad for the Web and for society; it's also legally dangerous
Links 26/04/2025: General Assassinated in the Town of Balashikha, US Promoting Seafloor Mining: Links for the day
Links 26/04/2025: Facebook Layoffs Again, Remembering What's Real, and Say No to Mass Surveillance: Links for the day
Links 26/04/2025: NOAA Budget Cuts and "Dog Days Ahead": Links for the day
In defence of JD Vance, death of Pope Francis: Reprinted with permission from Daniel Pocock
Three Years in Prison for Disney Employee’s ‘Menu Hacking’: The Economic Fallout of Digital Menus: Reprinted with permission from Ryan Farmer
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Friday, April 25, 2025: IRC logs for Friday, April 25, 2025