Greater London Authority's Web Site and Security Lapses, Not Just Human Errors

Dr. Roy Schestowitz

2023-07-16 23:49:21 UTC
Modified: 2023-07-16 23:58:24 UTC

Summary: Data security and system security at Greater London Authority's Web site haven't been good; today we share just a couple of examples which help refute statements issued by Greater London Authority after a scandal that had made it to the mainstream media

MY! It really takes a liar to progress to management. The better the liar, the higher up the role.

As I mentioned the other day, there's somewhat of a blunder since Friday when the news broke:

The following conspicuous statement is worth assessing, as I was working on the sites (various aspects, some microsites too) for 9 years.

You would expect them to say that, wouldn't you?

As I said on Saturday morning, this has deja vu written all over it.

to give one example (there are more):

It wasn't Sirius stuff (and certainly wasn't me) who configured those terribly buggy forms.

As lying bosses at Sirius might say, "it doesn't look good..."

It's not the fault of Sirius either, at least not in this case.

The worst part of it is, as far as I'm aware GLA never publicly reported or disclosed this incident (sometimes this is legally required upon discovery or within a number of days, including informing those potentially affected, like people with their identity cards uploaded and widely available to the general public).

This isn't the only such example.

2 years later even malicious scripts/programs could be uploaded. It was only detected after it had happened. Here are some fragments of old messages:

GLA: can uploaded malware

GLA: any file uploaded

This is a penalty for not scanning/sanitising uploads/input.

Why am I publishing these (redacted sensibly)? Because lying is wrong and privacy problems are the problem, speaking about them is not the problem. It is the moral thing to do -- to point out it is a repeat offender so to speak. There is an obligation here to debunk false assurances, as this has gone on for years already. ⬆

Recent Techrights' Posts

Free Software Community/Volunteers Aren't Circus Animals of GAFAM, IBM, Canonical and So On...: Playing with people's lives for capital gain or "entertainment" isn't acceptable
[Meme] The Cancer Culture: Mission accomplished?
Jonathan Carter, Matthew Miller & Debian, Fedora: Community, Cult, Fraud: Reprinted with permission from disguised.work
Techrights This May: We strive to keep it lean and fast
Links 04/05/2024: Attacks on Workers and the Press: Links for the day
Gemini Links 04/05/2024: Abstractions in Development Considered Harmful: Links for the day
Links 04/05/2024: Tesla a "Tech-Bubble", YouTube Ads When Pausing: Links for the day
Germany Transitioning to GNU/Linux: Why aren't more German federal states following the footsteps of Schleswig-Holstein?
IRC Proceedings: Friday, May 03, 2024: IRC logs for Friday, May 03, 2024
Over at Tux Machines...: GNU/Linux news for the past day
Alexander Wirt, Bucha executions & Debian political prisoners: Reprinted with permission from disguised.work
Links 03/05/2024: Clownflare Collapses and China Deploys Homegrown Aircraft Carrier: Links for the day
IBM's Decision to Acquire HashiCorp is Bad News for Red Hat: IBM acquired functionality that it had already acquired before
Apparently Mass Layoffs at Microsoft Again (Late Friday), Meaning Mass Layoffs Every Month This Year Including May: not familiar with the source site though
Gemini Links 03/05/2024: Diaspora Still Alive and Fight Against Fake News: Links for the day
[Meme] Reserving Scorn for Those Who Expose the Misconduct: they like to frame truth-tellers as 'harassers'
Why the Articles From Daniel Pocock (FSFE, Fedora, Debian Etc. Insider) Still Matter a Lot: Revisionism will try to suggest that "it's not true" or "not true anymore" or "it's old anyway"...
Links 03/05/2024: Canada Euthanising Its Poor and Disabled, Call for Julian Assange's Freedom: Links for the day
Dashamir Hoxha & Debian harassment: Reprinted with permission from disguised.work
Maria Glukhova, Dmitry Bogatov & Debian Russia, Google, debian-private leaks: Reprinted with permission from disguised.work
Who really owns Debian: Ubuntu or Google?: Reprinted with permission from disguised.work
Keeping Computers at the Hands of Their Owners: There's a reason why this site's name (or introduction) does not obsess over trademarks and such
In May 2024 (So Far) statCounter's Measure of Linux 'Market Share' is Back at 7% (ChromeOS Included): for several months in a row ChromeOS (that would be Chromebooks) is growing
Links 03/05/2024: Microsoft Shutting Down Xbox 360 Store and the 360 Marketplace: Links for the day
Evidence: Ireland, European Parliament 2024 election interference, fake news, Wikipedia, Google, WIPO, FSFE & Debian: Reprinted with permission from Daniel Pocock
Enforcing the Debian Social Contract with Uncensored.Deb.Ian.Community: Reprinted with permission from Daniel Pocock
Gemini Links 03/05/2024: Antenna Needs Your Gemlog, a Look at Gemini Get: Links for the day
IRC Proceedings: Thursday, May 02, 2024: IRC logs for Thursday, May 02, 2024
Over at Tux Machines...: GNU/Linux news for the past day
Jonathan Carter & Debian: fascism hiding in broad daylight: Reprinted with permission from disguised.work
Gunnar Wolf & Debian: fascism, anti-semitism and crucifixion: Reprinted with permission from disguised.work
Links 01/05/2024: Take-Two Interactive Layoffs and Post Office (Horizon System, Proprietary) Scandal Not Over: Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Wednesday, May 01, 2024: IRC logs for Wednesday, May 01, 2024
Embrace, Extend, Replace the Original (Or Just Hijack the Word 'Sudo'): First comment? A Microsoft employee
Gemini Links 02/05/2024: Firewall Rules Etiquette and Self Host All The Things: Links for the day