Bonum Certa Men Certa

This Isn't the First Time the Site of Greater London Authority Improperly Set Permissions

But this time it became a blunder in the media:

Sex abuse victim's details could be among hundreds revealed by data breach



Summary: Greater London Authority (GLA) does not know how to manage its Web site properly and it's causing a lot of pain to victims of crimes; maybe it's time for GLA to assess how it manages its Web site and how it treats victims of crimes, including its own tech staff

MANY are aware by now of GLA because of crimes at Sirius 'Open Source', a large GLA contractor. Typically I'd not open my mouth and led this one slide, but GLA does not care about its own IT workers being defrauded (and does not get the police, which it oversees, to actually do something about it), so I'll say what I know for sure, with witnesses who saw the same.

"This was noticed and mentioned internally."The above article speaks of a permission issue, which in effect enabled access to hostile parties and potentially did a lot of damage. They'll probably try to paint this as a one-off incident, but I recall several other instances of this, especially with Drupal used incorrectly. Back then we had a chance to correct it before a breach or before unauthorised access was detected. This was noticed and mentioned internally. Back in the days of Mantis for ticketing, not JIRA bloatware.

"More incidents like the above may as well recur."What's the cause of this? Well, it did not help that the company had people with no clue in computers dealing with computer-related tasks, including Sirius management with no suitable qualifications overseeing things. GLA fared not much better and their skilled IT people kept leaving. Maybe they couldn't stand clueless managers, but maybe it was something else.

More incidents like the above may as well recur. This can continue to happen because of weakly-enforced rules and procedures. When I did deployments to the site I was typically all on my own, testing was limited, and there was no supervision by security-savvy site engineers. It was all very improvised. This won't improve until or unless there are changes at the top.

Recent Techrights' Posts

Names Are Not Unique IDs and the UK Government's "Digital ID System" Would be a Nightmare
Digital surveillance, "apps", and worse (all the time)
Why the EPO Never Managed to Silence Us (After Over a Decade of Trying)
Firms like Mishcon de Reya and Brett Wilson LLP contribute to a bad stigma, staining the entire occupation
It Feels Like Brett Wilson LLP Has Just Tacitly Admitted That It Defamed Me
It arguably admitted many other things by refusing to deny or address them (altogether)
 
Almost a Couple of Years After Microsoft Hijacked the Name 'Sudo' (to Describe Unrelated Windows Stuff) Microsoft Canonical Breaks Sudo in Ubuntu
These are vandals in "goodwill" or "security" clothing
Does the Good Law Project (GLP) Know the Director of Brett Wilson LLP Deems It OK to Endorse Violent Actions Against Trans People?
We were miffed to see this morning's report
What is Roy and Rianne's Righteously Royalty-free RSS Reader?
A news reader that uses OPML files and parses RSS feeds
The Free Software Foundation (FSF) Turns 40 in 5 Days
We should be talking about software freedom, not "Open Source"
Stefano Maffulli's Front Page Mentions "AI" 11 Times
They're more focused on slop (plagiarism) than sharing or Software Freedom
CMS Rot
With "modern" (bloated) content management systems (CMSs) there is a long chain of dependencies
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, September 28, 2025
IRC logs for Sunday, September 28, 2025
Slopwatch: Fake Articles About Linux 6.17 and Microsoft Meddling in Linux Development
today's Slopwatch is short because the picks are from Sunday
Gemini Links 29/09/2025: The Labor Wars and Retro
Links for the day
Links 28/09/2025: Windows TCO, Security Breaches, and Deutsche Bahn Woes
Links for the day
Datacentres Aren't Reliable for Backups
bad practices cause immeasurable levels of permanent data losses each and every day
Links 28/09/2025: Science, Censorship, and Security Incidents/Advisories
Links for the day
Gemini Links 28/09/2025: Golem and Cybertrucks
Links for the day
Links 28/09/2025: Moldova Elections, LLM Slop Failing Again to Accomplish Anything
Links for the day
Links 28/09/2025: Slop Does More Harm, Newly Released Epstein Estate Documents
Links for the day
Links 28/09/2025: Fentanylware (TikTok) 'Going Private' (the Dictator's Media Allies) and UK Mirror Lays Off More Journalists
Links for the day
A Year Ago, Only a Few Weeks After We Countersued the 'Hulk Hogan of UEFI', Our Webhost Came Under Attack
At the end of September 2024 our webhost received several threats
If Only Someone Warned Us About This...
Ubuntu is committing suicide with Rusty code
The Register - Kissing the hand that feeds it
hired to manage the publication several people connected to Microsoft, including the new Editor in Chief
The Myths of "Linux" and of "Intelligence"
As noted this morning
People Remembered GNU's Birthday (Which Helps Remind People It All Started in 1983, Not 1991)
Have the FSF and GNU earned the respect they deserve?
Slopwatch: Ponzi Schemes Promoted by Media Companies, Linux Journal Turning Its 30-Year Reputation to Dust, and Serial Slopper Brian Fagioli Plagiarising, As Usual
This bubble will end up very badly
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, September 27, 2025
IRC logs for Saturday, September 27, 2025
Links 27/09/2025: Squashing Software Patents and When Hospitals Become For-Profit
Links for the day
Gemini Links 27/09/2025: Young Feet and Online Bots
Links for the day
GNU Project Turns 42
In 2033 it'll be 50
Next Step: Find Out Who's Funding the 'Hulk Hogan of UEFI' to SLAPP Us
We now have the 'Hulk Hogan of UEFI' working alongside a strangler of women, who as a Microsoft employee spent time in prison for it
Web Sites That Are Independent Are Also Like Software Projects (Sometimes Literally So)
Roll out your own 'stack'
Pieter Hintjens on Codes of Misconduct a Decade Ago
original is still online
Links 27/09/2025: Australia Might Ban Microsoft GitHub for Young People, Likely Illegal Executive Order Turns TikTok Into Cheeto Propaganda
Links for the day
Repeating the Lies to Promote a Ponzi Scheme is Not OK Because "Many Other Sites Do This" (Including Slopfarms)
They already work on the next Ponzi scheme
The Register MS (Situation Publishing) is Participating in a Ponzi Scheme
The market in "tech" seems awful when a lot of it sells a fraud and journalism about this market is part of the fraud
Glimmer of Hope: More People Realise and Come to Accept "AI" is Just a Giant, Elaborate Ponzi/Pyramid Scheme That Will Leave Everyone Worse Off (Except the "Top of the Pyramid")
quoting Einhorn and some comments
Mass Layoffs in Starbucks... and Society Loses Nothing of Value
Society might even be better off if Starbucks shuts down entirely
Do Your Job and Demand Your Compensation - But in That Order.
We'll do our best to convince the Judge to award all costs to us (lawyers, barrister, LIP bills etc.) plus judgements against them, for abusive litigation and needless suffering associated with that abuse
Matthew J. Garrett Behaved in a Similar Fashion to 4Chan and Kiwi Farms
Opposites attract? Are they opposites at all?
Drew DeVault Suggests "CoC Enhancement", Starts Trolling Projects in Microsoft GitHub
And it backfires immediately
Like Nazi Germany and Volkswagen
Tell us all about "freedom" when your government runs a Ponzi scheme
Microsoft Sponsored This Man, Microsoft Sponsored His Behaviour (and He Controls Microsoft)
They get what they paid for
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, September 26, 2025
IRC logs for Friday, September 26, 2025
He Talks Too Much, He Says Dumb Things
only British when that suits him
Slopwatch: FUD and Plagiarism (Working Against Linux) Promoted and Rewarded by Google News
Shame on Google News