This Isn't the First Time the Site of Greater London Authority Improperly Set Permissions

Dr. Roy Schestowitz

2023-07-16 05:08:17 UTC
Modified: 2023-07-16 05:08:17 UTC

But this time it became a blunder in the media:

Summary: Greater London Authority (GLA) does not know how to manage its Web site properly and it's causing a lot of pain to victims of crimes; maybe it's time for GLA to assess how it manages its Web site and how it treats victims of crimes, including its own tech staff

MANY are aware by now of GLA because of crimes at Sirius 'Open Source', a large GLA contractor. Typically I'd not open my mouth and led this one slide, but GLA does not care about its own IT workers being defrauded (and does not get the police, which it oversees, to actually do something about it), so I'll say what I know for sure, with witnesses who saw the same.

"This was noticed and mentioned internally."The above article speaks of a permission issue, which in effect enabled access to hostile parties and potentially did a lot of damage. They'll probably try to paint this as a one-off incident, but I recall several other instances of this, especially with Drupal used incorrectly. Back then we had a chance to correct it before a breach or before unauthorised access was detected. This was noticed and mentioned internally. Back in the days of Mantis for ticketing, not JIRA bloatware.

"More incidents like the above may as well recur."What's the cause of this? Well, it did not help that the company had people with no clue in computers dealing with computer-related tasks, including Sirius management with no suitable qualifications overseeing things. GLA fared not much better and their skilled IT people kept leaving. Maybe they couldn't stand clueless managers, but maybe it was something else.

More incidents like the above may as well recur. This can continue to happen because of weakly-enforced rules and procedures. When I did deployments to the site I was typically all on my own, testing was limited, and there was no supervision by security-savvy site engineers. It was all very improvised. This won't improve until or unless there are changes at the top. ⬆

Recent Techrights' Posts

Microsoft's Debt Exploded by 15.4 Billion Dollars in the Past 9 Months Alone (Despite All the Layoffs): As of minutes ago, at 6PM on a Friday, the numbers are made public
LLMs as Attack Method Against Free Software and Programming: DDoS in "hey hi" (slop) clothing
Google as a 'Bullshit Generator' Disguised as Intelligence: It'll probably cause Google to get sued a lot, both by individuals and companies
As Expected, Google in the UK Now Experiments With Slop Instead of Web Search: At this point more people ought to stop and think: Does Google's search engine deserve trust?
Microsoft Actually in Trouble, Microsofters Unable to Obey Judges' Orders: For the second time in a week, Microsofters are unable to obey orders
IRC Proceedings: Friday, August 01, 2025: IRC logs for Friday, August 01, 2025
Over at Tux Machines...: GNU/Linux news for the past day
Links 02/08/2025: İstanbul Retail Inflation Reaches 42.48%, US FBI Opens Office in New Zealand: Links for the day
Gemini Links 02/08/2025: ZFS, LLM Hype, and Fake Modules: Links for the day
Links 01/08/2025: Health, Conflict, and Attacks on Freedom of the Press: Links for the day
Meeting (Webchat) With Maria Arranz Gomez, Florian Grundies, Jürgen Janda and Konstantinos Kortsaris Confronts EPO Management About Breaking Promises and Crushing Workers: The lack of consistent messages suggests plans other than what's advertised and the lack of consultation (secrecy) likewise
Links 01/08/2025: "The Great British Firewall" and U.S. Army Sponsors Palantir: Links for the day
For Second Day in a Row, Top Story in The Register MS is "Microsoft Says": The editor in chief exercises control over everybody else
Stability and Reliability, Backward Compatibility: I don't fancy relying on social control media as "sources"
What "the News" Looks Like in 2025: The "says" (or "sez") phenomenon
History Will Be Distorted, Sometimes Intentionally, Under the Guise of Intelligence (Manipulated/Curated Slop): Militarised misinformation or military-grade chaff is a national security threat, even domestically
Financial Engineering Companies: A Company Worth 4 Trillion Dollars Would Not Borrow 100+ Billion Dollars at Interest Rates Like Today's: Many headlines perpetuate the lie Microsoft had just 2 waves of layoffs
Microsoft is Googlebombing "Linux" While Paying Former News Sites to Publish SPAM: How much lower will IDG sink?
The Data You Don't Give Away is Your Advantage: stop sharing data that does not need to be shared
Being Obedient or Doing the Right Thing: The world always changes for the better because of people who think "Outside the Box", not the cogs
Gemini Links 01/08/2025: Happy Hacking Keyboards and New Gemini Arrivals: Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Thursday, July 31, 2025: IRC logs for Thursday, July 31, 2025
Sabotaging Linux on Behalf of Microsoft With UEFI 'Secure' Boot (De Facto Remote 'Kill Switch'), Then Defaming, Stalking and Harassing Critics of 'Secure' Boot for 12 Years, Then SLAPPing Their Spouses and Them: The sorts of stubborn lunatics we've been dealing with
Moving on in Techrights, Geeks Gonna Geek: In the coming weeks we plan to focus (as we explained last week) on patents, GNU/Linux issues, and the occasional philosophical essays
Slopwatch: Google News Has Lost the Plot: Almost the majority of articles returned for "Linux" are fakes
Links 31/07/2025: Australia Restricts YouTube Access, Personal Privacy at Risk: Links for the day
Links 31/07/2025: Spotify Collapses and Spotify Now Forcing Some Users to Undergo Face-Scanning: Links for the day
A Lot of Supposedly "Successful" Businesses Are Just Debt-Racking Vessels Without Any Prospects of Financial Sustainability: The probability of bankruptcy of any business is more than 0%
theregister.com: The Voice of Microsoft US?: It basically sold out
Yes, You Can Love and Adore Things Whilst Also Criticising Them: Is society being divided and groomed/primed to be resistant to constructive criticism?
Links 31/07/2025: War in Ukraine, Security News, and Cyberattacks Against Journalists on the Rise: Links for the day
Gemini Links 31/07/2025: Fake Money and Gemini Diaries: Links for the day
An Illusion and Cult Worship of Magnitude (Ubiquity as "Victory"): GNU has been around for over 40 years and it'll likely continue to exist for another 40 (in some form)
Google: From Pointing to Relevant Sites to Pointing to Social Control Media to Actually Parroting Social Control Media as "Facts": Google has become a misinformation company
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Wednesday, July 30, 2025: IRC logs for Wednesday, July 30, 2025