Greater London Authority's Web Site and Security Lapses, Not Just Human Errors

Dr. Roy Schestowitz

2023-07-16 23:49:21 UTC
Modified: 2023-07-16 23:58:24 UTC

Summary: Data security and system security at Greater London Authority's Web site haven't been good; today we share just a couple of examples which help refute statements issued by Greater London Authority after a scandal that had made it to the mainstream media

MY! It really takes a liar to progress to management. The better the liar, the higher up the role.

As I mentioned the other day, there's somewhat of a blunder since Friday when the news broke:

The following conspicuous statement is worth assessing, as I was working on the sites (various aspects, some microsites too) for 9 years.

You would expect them to say that, wouldn't you?

As I said on Saturday morning, this has deja vu written all over it.

to give one example (there are more):

It wasn't Sirius stuff (and certainly wasn't me) who configured those terribly buggy forms.

As lying bosses at Sirius might say, "it doesn't look good..."

It's not the fault of Sirius either, at least not in this case.

The worst part of it is, as far as I'm aware GLA never publicly reported or disclosed this incident (sometimes this is legally required upon discovery or within a number of days, including informing those potentially affected, like people with their identity cards uploaded and widely available to the general public).

This isn't the only such example.

2 years later even malicious scripts/programs could be uploaded. It was only detected after it had happened. Here are some fragments of old messages:

This is a penalty for not scanning/sanitising uploads/input.

Why am I publishing these (redacted sensibly)? Because lying is wrong and privacy problems are the problem, speaking about them is not the problem. It is the moral thing to do -- to point out it is a repeat offender so to speak. There is an obligation here to debunk false assurances, as this has gone on for years already. ⬆

Names Are Not Unique IDs and the UK Government's "Digital ID System" Would be a Nightmare: Digital surveillance, "apps", and worse (all the time)
Why the EPO Never Managed to Silence Us (After Over a Decade of Trying): Firms like Mishcon de Reya and Brett Wilson LLP contribute to a bad stigma, staining the entire occupation
It Feels Like Brett Wilson LLP Has Just Tacitly Admitted That It Defamed Me: It arguably admitted many other things by refusing to deny or address them (altogether)
Almost a Couple of Years After Microsoft Hijacked the Name 'Sudo' (to Describe Unrelated Windows Stuff) Microsoft Canonical Breaks Sudo in Ubuntu: These are vandals in "goodwill" or "security" clothing
Does the Good Law Project (GLP) Know the Director of Brett Wilson LLP Deems It OK to Endorse Violent Actions Against Trans People?: We were miffed to see this morning's report
What is Roy and Rianne's Righteously Royalty-free RSS Reader?: A news reader that uses OPML files and parses RSS feeds
The Free Software Foundation (FSF) Turns 40 in 5 Days: We should be talking about software freedom, not "Open Source"
Stefano Maffulli's Front Page Mentions "AI" 11 Times: They're more focused on slop (plagiarism) than sharing or Software Freedom
CMS Rot: With "modern" (bloated) content management systems (CMSs) there is a long chain of dependencies
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Sunday, September 28, 2025: IRC logs for Sunday, September 28, 2025
Slopwatch: Fake Articles About Linux 6.17 and Microsoft Meddling in Linux Development: today's Slopwatch is short because the picks are from Sunday
Gemini Links 29/09/2025: The Labor Wars and Retro: Links for the day
Links 28/09/2025: Windows TCO, Security Breaches, and Deutsche Bahn Woes: Links for the day
Datacentres Aren't Reliable for Backups: bad practices cause immeasurable levels of permanent data losses each and every day
Links 28/09/2025: Science, Censorship, and Security Incidents/Advisories: Links for the day
Gemini Links 28/09/2025: Golem and Cybertrucks: Links for the day
Links 28/09/2025: Moldova Elections, LLM Slop Failing Again to Accomplish Anything: Links for the day
Links 28/09/2025: Slop Does More Harm, Newly Released Epstein Estate Documents: Links for the day
Links 28/09/2025: Fentanylware (TikTok) 'Going Private' (the Dictator's Media Allies) and UK Mirror Lays Off More Journalists: Links for the day
A Year Ago, Only a Few Weeks After We Countersued the 'Hulk Hogan of UEFI', Our Webhost Came Under Attack: At the end of September 2024 our webhost received several threats
If Only Someone Warned Us About This...: Ubuntu is committing suicide with Rusty code
The Register - Kissing the hand that feeds it: hired to manage the publication several people connected to Microsoft, including the new Editor in Chief
The Myths of "Linux" and of "Intelligence": As noted this morning
People Remembered GNU's Birthday (Which Helps Remind People It All Started in 1983, Not 1991): Have the FSF and GNU earned the respect they deserve?
Slopwatch: Ponzi Schemes Promoted by Media Companies, Linux Journal Turning Its 30-Year Reputation to Dust, and Serial Slopper Brian Fagioli Plagiarising, As Usual: This bubble will end up very badly
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Saturday, September 27, 2025: IRC logs for Saturday, September 27, 2025
Links 27/09/2025: Squashing Software Patents and When Hospitals Become For-Profit: Links for the day
Gemini Links 27/09/2025: Young Feet and Online Bots: Links for the day
GNU Project Turns 42: In 2033 it'll be 50
Next Step: Find Out Who's Funding the 'Hulk Hogan of UEFI' to SLAPP Us: We now have the 'Hulk Hogan of UEFI' working alongside a strangler of women, who as a Microsoft employee spent time in prison for it
Web Sites That Are Independent Are Also Like Software Projects (Sometimes Literally So): Roll out your own 'stack'
Pieter Hintjens on Codes of Misconduct a Decade Ago: original is still online
Links 27/09/2025: Australia Might Ban Microsoft GitHub for Young People, Likely Illegal Executive Order Turns TikTok Into Cheeto Propaganda: Links for the day
Repeating the Lies to Promote a Ponzi Scheme is Not OK Because "Many Other Sites Do This" (Including Slopfarms): They already work on the next Ponzi scheme
The Register MS (Situation Publishing) is Participating in a Ponzi Scheme: The market in "tech" seems awful when a lot of it sells a fraud and journalism about this market is part of the fraud
Glimmer of Hope: More People Realise and Come to Accept "AI" is Just a Giant, Elaborate Ponzi/Pyramid Scheme That Will Leave Everyone Worse Off (Except the "Top of the Pyramid"): quoting Einhorn and some comments
Mass Layoffs in Starbucks... and Society Loses Nothing of Value: Society might even be better off if Starbucks shuts down entirely
Do Your Job and Demand Your Compensation - But in That Order.: We'll do our best to convince the Judge to award all costs to us (lawyers, barrister, LIP bills etc.) plus judgements against them, for abusive litigation and needless suffering associated with that abuse
Matthew J. Garrett Behaved in a Similar Fashion to 4Chan and Kiwi Farms: Opposites attract? Are they opposites at all?
Drew DeVault Suggests "CoC Enhancement", Starts Trolling Projects in Microsoft GitHub: And it backfires immediately
Like Nazi Germany and Volkswagen: Tell us all about "freedom" when your government runs a Ponzi scheme
Microsoft Sponsored This Man, Microsoft Sponsored His Behaviour (and He Controls Microsoft): They get what they paid for
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Friday, September 26, 2025: IRC logs for Friday, September 26, 2025
He Talks Too Much, He Says Dumb Things: only British when that suits him
Slopwatch: FUD and Plagiarism (Working Against Linux) Promoted and Rewarded by Google News: Shame on Google News

Greater London Authority's Web Site and Security Lapses, Not Just Human Errors

Recent Techrights' Posts