Greater London Authority's Web Site and Security Lapses, Not Just Human Errors

Dr. Roy Schestowitz

2023-07-16 23:49:21 UTC
Modified: 2023-07-16 23:58:24 UTC

Summary: Data security and system security at Greater London Authority's Web site haven't been good; today we share just a couple of examples which help refute statements issued by Greater London Authority after a scandal that had made it to the mainstream media

MY! It really takes a liar to progress to management. The better the liar, the higher up the role.

As I mentioned the other day, there's somewhat of a blunder since Friday when the news broke:

The following conspicuous statement is worth assessing, as I was working on the sites (various aspects, some microsites too) for 9 years.

You would expect them to say that, wouldn't you?

As I said on Saturday morning, this has deja vu written all over it.

to give one example (there are more):

It wasn't Sirius stuff (and certainly wasn't me) who configured those terribly buggy forms.

As lying bosses at Sirius might say, "it doesn't look good..."

It's not the fault of Sirius either, at least not in this case.

The worst part of it is, as far as I'm aware GLA never publicly reported or disclosed this incident (sometimes this is legally required upon discovery or within a number of days, including informing those potentially affected, like people with their identity cards uploaded and widely available to the general public).

This isn't the only such example.

2 years later even malicious scripts/programs could be uploaded. It was only detected after it had happened. Here are some fragments of old messages:

This is a penalty for not scanning/sanitising uploads/input.

Why am I publishing these (redacted sensibly)? Because lying is wrong and privacy problems are the problem, speaking about them is not the problem. It is the moral thing to do -- to point out it is a repeat offender so to speak. There is an obligation here to debunk false assurances, as this has gone on for years already. ⬆

Daniel Pocock: "I've Gone to Some Lengths to Demonstrate How Corporate Bad Actors Have Used Amateur-hour Codes of Conduct to Push Volunteers Into Modern Slavery": "As David explains, the Codes of Conduct should work the other way around to regulate the poor behavior of corporations who have been far too close to the Debian Suicide Cluster."
Links 18/05/2024: Caledonia Emergency Powers, "UK Prosecutor's Office Went Too Far in the Assange Case": Links for the day
Microsoft ("a Dying Megacorporation that Does Not Create") and IBM: An Era of Dying Giants With Leadership Deficits and Corporate Bailouts (Subsidies From Taxpayers): Microsoft seems to be resorting to lots of bribes and chasing of bailouts (i.e. money from taxpayers worldwide)
US Patent and Trademark Office Sends Out a Warning to People Who Do Not Use Microsoft's Proprietary Formats: They're punishing people who wish to use open formats
Links 18/05/2024: Fury in Microsoft Over Studio Shutdowns, More Gaming Layoffs: Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Friday, May 17, 2024: IRC logs for Friday, May 17, 2024
Links 18/05/2024: KOReader, Benben v0.5.0 Progress Update, and More: Links for the day
Microsoft-Connected Sites Trying to Shift Attention Away From Microsoft's Megebreach Only Days Before Important If Not Unprecedented Grilling by the US Government?: Why does the mainstream media not entertain the possibility a lot of these talking points are directed out of Redmond?
[Meme] UEFI 'Secure' Boot Boiling Frog: UEFI 'Secure' Boot: You can just ignore it. You can just turn it off. You can hack on it as a workaround. Just use Windows dammit!
The Market Wants to Delete Windows and Install GNU/Linux, UEFI 'Secure' Boot Must Go!: To be very clear, this has nothing to do with security and those who insist that it is have absolutely no credentials
In the United States Of America the Estimated Share of Google Search Grew After Microsoft's Chatbot Hype (Which Coincided With Mass Layoffs at Bing): Microsoft's chatbot hype started in late 2022
Techrights Will Categorically Object to Any Attempts to Deny Its Right to Publish Informative, Factual Material: we'll continue to publish about 20 pages per day while challenging censorship attempts
Links 17/05/2024: Microsoft Masks Layoffs With Return-to-office (RTO) Mandates, More YouTube Censorship: Links for the day
YouTube Progresses to the Next Level: YouTube is a ticking time bomb
Journalists and Human Rights Groups Back Julian Assange Ahead of Monday's Likely Very Final Decision: From the past 24 hours...
[Meme] George Washington and the Bill of Rights: Centuries have passed since the days of George Washington, but the principles are still the same
Video of Richard Stallman's Talk From Four Weeks Ago: 2-hour video of Richard Stallman speaking less than a month ago
statCounter Says Twitter/X Share in Russia Fell From 23% to 2.3% in 3 Years: it seems like YouTube gained a lot
Journalist Who Won Awards for His Coverage of the Julian Assange Ordeals Excluded and Denied Access to Final Hearing: One can speculate about the true reason/s
Richard Stallman's Talk, Scheduled for Two Days Ago, Was Not Canceled But Really Delayed: American in Paris
3 More Weeks for Daniel Pocock's Campaign to Win a Seat in European Parliament Elections: Friday 3 weeks from now is polling day
Microsoft Should Have Been Fined and Sanctioned Over UEFI 'Lockout' (Locking GNU/Linux Out of New PCs): Why did that not happen?
Gemini Links 16/05/2024: Microsoft Masks Layoffs With Return-to-office (RTO) Mandates, Cash Issues: Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Thursday, May 16, 2024: IRC logs for Thursday, May 16, 2024
Ex-Red Hat CEO Paul Cormier Did Not Retire, He Just Left IBM/Red Hat a Month Ago (Ahead of Layoff Speculations): Rather than retire he took a similar position at another company
Linux.com Made Its First 'Article' in Over and Month, It Was 10 Words in Total, and It's Not About Linux: play some 'webapp' and maybe get some digital 'certificate' for a meme like 'clown computing'
[Meme] Never Appease the Occupiers: Freedom requires truth. Free speech emancipates.
Thorny Issues, Violent Response: They say protests (or strikes) that do not disrupt anything are simply not effective. The same can be said about reporting.
GNU/Linux in Malaysia: From 0.2 Percent to 6+ Percent: That's like 30-fold increase in relative share
Liberty in Liberia? Windows Falls Below 10% and Below iOS: This is clearly a problem for Microsoft
Techrights Congratulates Raspberry Pi (With Caution and Reservations): Raspberry Pi will "make or break" based on the decisions made in its boardroom
OSI Makes a Killing for Bill Gates and Microsoft (Plagiarism and GPL Violations Whitewashed and Openwashed): meme and more
The FSF Ought to Protest Against UEFI 'Secure Boot' (Like It Used To): libreplanet-discuss stuff
People Who Defend Richard Stallman's Right to Deliver Talks About His Work Are Subjected to Online Abuse and Censorship: Stallman video removed
GNU/Linux Grows in Denmark, But Much of That is ChromeOS, Which Means No Freedom: Google never designs operating systems with freedom in mind
Links 16/05/2024: Vehicles Lasting Fewer Years, Habitat Fragmentation Concerns: Links for the day
GNU/Linux Reaches 6.5% in Canada (Including ChromeOS), Based on statCounter: Not many news sites are left to cover this, let alone advocate for GNU/Linux
Links 16/05/2024: Orangutans as Political Props, VMware Calls Proprietary 'Free': Links for the day
The Only Thing the So-called 'Hey Hi Revolution' Gave Microsoft is More Debt: Microsoft bailouts
TechTarget (and Computer Weekly et al): We Target 'Audiences' to Sell Your Products (Using Fake Articles and Surveillance): It is a deeply rogue industry that's killing legitimate journalism by drowning out the signal (real journalism) with sponsored fodder
FUD Alert: 2024 is Not 2011 and Ebury is Not "Linux": We've seen Microsofers (actual Microsoft employees) putting in a lot of effort to shift the heat to Linux
Links 15/05/2024: XBox Trouble, Slovakia PM Shot 5 Times: Links for the day
Windows in Times of Conflict: In pictures
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Wednesday, May 15, 2024: IRC logs for Wednesday, May 15, 2024

Greater London Authority's Web Site and Security Lapses, Not Just Human Errors

Recent Techrights' Posts