Bonum Certa Men Certa

Greater London Authority's Web Site and Security Lapses, Not Just Human Errors

Summary: Data security and system security at Greater London Authority's Web site haven't been good; today we share just a couple of examples which help refute statements issued by Greater London Authority after a scandal that had made it to the mainstream media

MY! It really takes a liar to progress to management. The better the liar, the higher up the role.

As I mentioned the other day, there's somewhat of a blunder since Friday when the news broke:

London Mayor's Office data breach: Sexual abuse survivor 'appalled' as her personal details may have been accessible online



The following conspicuous statement is worth assessing, as I was working on the sites (various aspects, some microsites too) for 9 years.

GLA security assurance



You would expect them to say that, wouldn't you?

As I said on Saturday morning, this has deja vu written all over it.

to give one example (there are more):

GLA: Google security alert



GLA security issue



It wasn't Sirius stuff (and certainly wasn't me) who configured those terribly buggy forms.

GLA: Drupal access



GLA: Drupal permissions



As lying bosses at Sirius might say, "it doesn't look good..."

It's not the fault of Sirius either, at least not in this case.

The worst part of it is, as far as I'm aware GLA never publicly reported or disclosed this incident (sometimes this is legally required upon discovery or within a number of days, including informing those potentially affected, like people with their identity cards uploaded and widely available to the general public).

This isn't the only such example.

2 years later even malicious scripts/programs could be uploaded. It was only detected after it had happened. Here are some fragments of old messages:

GLA: can uploaded malware

GLA: any file uploaded

This is a penalty for not scanning/sanitising uploads/input.

Why am I publishing these (redacted sensibly)? Because lying is wrong and privacy problems are the problem, speaking about them is not the problem. It is the moral thing to do -- to point out it is a repeat offender so to speak. There is an obligation here to debunk false assurances, as this has gone on for years already.

Recent Techrights' Posts

Windows is an Unnatural Disaster, It is Also Avoidable
there's a wide window of opportunity opening
Killing the News With Spam and Slop Benefits Those Whose Desire is an Uninformed Population
adoption of Free software depends indirectly on political activities/activism
Open Source Initiative (OSI) Privacy Fiasco in Detail: An Introduction
Perhaps tomorrow or perhaps next week we'll share more information about what happened and what was reported to the California Privacy Protection Agency
IBM's BS (Bait, Switch) Regarding Ways to Stay Onboard
PIPs, RTOs, and forced relocations are just an illusion of choice (or ability to recover)
Banned evidence: Ars Technica forums censored email predicting DebConf23 death, Abraham Raji & Debian cover-up
Reprinted with permission from Daniel Pocock
 
Links 30/03/2025: "Quantum Randomness" and "F-1 Visa Revoked" in US
Links for the day
Gemini Links 30/03/2025: US as a Threat, Returning to the WWW
Links for the day
Links 30/03/2025: Judge Blocks Dismantling Of VOA, Turkey Arrested Many Journalists
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, March 29, 2025
IRC logs for Saturday, March 29, 2025
Judges Would Never Rule for Men Who Strangle Women or Against Women Who Merely Wrote Articles About Abuse They Had Received From Men
We don't intend to do "trial by media", so we won't be disclosing claims and defences until it's over
Gemini Links 29/03/2025: Less YouTube and More Station
Links for the day
In Some Countries, Such as Thailand, Firefox is Already Measured at Less Than 2% (One Day Firefox Will Get Blocked, Not Only Lack Support)
Web consolidation around Chrom-isms will doom the Web as we know it
Links 29/03/2025: Trademarks Battles, Fires Destroy More Than 3,000 South Korean Homes
Links for the day
Links 29/03/2025: More Crackdowns on Science, "Hey Hi" Slopping is Flopping
Links for the day
Costa Rica Almost Bankrupt Because of Microsoft
the incidents in Costa Rica are Windows incidents
Gemini Links 29/03/2025: Art of Looking, Wireguard, EMacs
Links for the day
Links 29/03/2025: Attacks on Social Security and War Updates
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, March 28, 2025
IRC logs for Friday, March 28, 2025
Intimidation, Threats, and Bullying Not Tolerated by Techrights
When it comes to our reporting, safety always comes first
A World Without Rules
We're long insisted on better laws and actual enforcement of them (applicable to all, not selectively applied)
statCounter Sees Microsoft Windows Falling to New, Unprecedented Lows in Palau
Taking Android into account, Windows is now down to an all-time low of 14%
Google News Lost the Fight to LLM Slop (While Google Itself Sells Slop, Nowadays Under the Name "Gemini")
Many people say that "Google is getting worse"; that's almost an understatement
Links 28/03/2025: AirAsia Trouble Again, UMich Culls All DEI Programs
Links for the day
Gemini Links 28/03/2025: Alexa is for Gullible People, Rant About Feature Overload
Links for the day
The SLAPPs From the Microsoft Strangler (and Sidekick) No Better Than Patent Trolling
one must never settle with trolls
Something to Celebrate in Gemini Protocol
More capsules and users join in
Links 28/03/2025: Last Reminder "to Delete Your 23andMe Data", "UK's First Permanent Facial Recognition Cameras Installed"
Links for the day
Microsoft Canonical Continues Its FUD (Fear, Uncertainty, Doubt) Campaign, Reveals Google Too Sponsored It
They're paid-for lies from a Chinese company that takes GAFAM money to write puff pieces about them
Android Rises Above 76% in Mozambique, Leaving Windows in the Dust
Windows may soon be measured as smaller than Apple's iOS
IBM, Red Hat and Microsoft Probably Also Manipulate Metrics (It Helps Con the Shareholders)
Wall Street's credibility will depend on enforcement of "checks and balances"
Slopwatch: trendhunter.com and Other Pure Junk From "Google News"
The need to vet sources is hardly new; anyone can spew out anything, anywhere. There's a need for vetting.
Gemini Links 28/03/2025: Rewatching The X-Files, Slop Concerns, and NOSTR Censorship
Links for the day
Links 28/03/2025: Australia at Risk, EPO Grants Illegal Patents With Illegal Effect
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, March 27, 2025
IRC logs for Thursday, March 27, 2025