Bonum Certa Men Certa

Greater London Authority's Web Site and Security Lapses, Not Just Human Errors

Summary: Data security and system security at Greater London Authority's Web site haven't been good; today we share just a couple of examples which help refute statements issued by Greater London Authority after a scandal that had made it to the mainstream media

MY! It really takes a liar to progress to management. The better the liar, the higher up the role.

As I mentioned the other day, there's somewhat of a blunder since Friday when the news broke:

London Mayor's Office data breach: Sexual abuse survivor 'appalled' as her personal details may have been accessible online



The following conspicuous statement is worth assessing, as I was working on the sites (various aspects, some microsites too) for 9 years.

GLA security assurance



You would expect them to say that, wouldn't you?

As I said on Saturday morning, this has deja vu written all over it.

to give one example (there are more):

GLA: Google security alert



GLA security issue



It wasn't Sirius stuff (and certainly wasn't me) who configured those terribly buggy forms.

GLA: Drupal access



GLA: Drupal permissions



As lying bosses at Sirius might say, "it doesn't look good..."

It's not the fault of Sirius either, at least not in this case.

The worst part of it is, as far as I'm aware GLA never publicly reported or disclosed this incident (sometimes this is legally required upon discovery or within a number of days, including informing those potentially affected, like people with their identity cards uploaded and widely available to the general public).

This isn't the only such example.

2 years later even malicious scripts/programs could be uploaded. It was only detected after it had happened. Here are some fragments of old messages:

GLA: can uploaded malware

GLA: any file uploaded

This is a penalty for not scanning/sanitising uploads/input.

Why am I publishing these (redacted sensibly)? Because lying is wrong and privacy problems are the problem, speaking about them is not the problem. It is the moral thing to do -- to point out it is a repeat offender so to speak. There is an obligation here to debunk false assurances, as this has gone on for years already.

Recent Techrights' Posts

Microsoft Problems in Europe Even Before the Cheeto Tariffs
The case of Romania, Europe's notorious Microsoft fan
Oman in 2025: GNU/Linux Growing to 5%
what can Microsoft do about it except sabotage the PCs?
Microsoft Shares Collapse Again (Down $101), Fifth Round of Microsoft Mass Layoffs in Less Than 100 Days in 2025
disaster
 
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, April 07, 2025
IRC logs for Monday, April 07, 2025
Gemini Links 07/04/2025: Stock Market, Galène, and DMT Entities
Links for the day
During the Weekend We Said Fedora DEI Requires Proprietary Software, Now the Chat About It Is No Longer Accessible Over the Open Web
is this just a coincidence and an habitual change in Element?
Links 07/04/2025: US Measles Fatalities and China Launches HDMI and DisplayPort Alternative
Links for the day
Links 07/04/2025: More Cuts to Science Funding, Snail-speed Internet in Germany
Links for the day
Gemini Links 07/04/2025: Leasehold and Safe Gifts
Links for the day
In Some Countries, Laptops and Desktops Become a Dying Breed (Even Before Tariffs), Windows Has Nowhere to Go
expect more GNU/Linux on new and existing laptops
When the Credibility or 'Quality' of Clients Ceases to Matter, It's About Helping Rich Companies Like Microsoft Censor Critics (No Matter the Risks)
Bad ideas typically result in undesirable outcomes
UAE: GNU/Linux and Android at Record Levels, Windows at New Lows and Falling Below Apple
Even iOS is measured as bigger than Windows this month
Links 07/04/2025: Reddit Occupied (Social Control Media Controlled by Oligarchy), Demise of Globalisation Ongoing
Links for the day
Windows Has Fallen to All-Time Lows in Switzerland Since GNU Celebrated 40th Anniversary (GNU’s 40th Birthday in Biel, Switzerland)
GNU/Linux has been doing well in Switzerland
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, April 06, 2025
IRC logs for Sunday, April 06, 2025
Links 07/04/2025: Leaving Gemini/smolweb and Mastodon Migrations
Links for the day
In Iraq, Windows 3.1 (Percent)
There's also zero
One Person's Take on Jef Spaleta, the New Fedora Project Leader
"With a little searching, I wonder what else may be found regarding Microsoft."
Links 06/04/2025: Flood, Cool Gemini Capsule, and Long Form
Links for the day
Links 06/04/2025: Science, Politics, and Pricier Goods
Links for the day
LLM Slop Has Virtually Killed unixmen.com and Many Other Sites
There's no longer any incentive to write real articles in there
Sharp Declines for Microsoft Windows in Bangladesh (Pop. ~175,000,000), Big Gains for GNU/Linux
Microsoft Windows has been having a really hard time in poor countries
Links 06/04/2025: Fake Reviews, Privatisation Heists, and "AI" as Smokescreen for Impoverishing Humans
Links for the day
Taking a Moral Stand Against Strategic Lawsuits Against Public Participation (SLAPPs) and the Worst Offenders/Facilitators
Any other stance would sidle with moral depravity or moral hazard
Links 06/04/2025: Many New Acts of Repression and Elements of Financial Depression
Links for the day
In Qatar GNU/Linux Rose From Under 1% to Over 4% in Two Years (or Over 5% If Counting ChromeOS)
It's a big improvement compared to what we saw last year
LLM Scrapers Are a Nuisance, But They're Also a Reminder It's Time to Make Your Site Static
Perhaps the best protection is the ability to endure surges
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, April 05, 2025
IRC logs for Saturday, April 05, 2025
Links 06/04/2025: Attacks on Education, Fake Patents, and Fake (Illegal) Patent Courts
Links for the day
France: Apple and Microsoft Down, GNU/Linux Up to New Record Levels
How will tariffs against France impact things in the coming months?