Showing posts with label computer security. Show all posts
Showing posts with label computer security. Show all posts

22 September 2008

High tech Hijinks

Someone spoofing the Prime Minister's e-mail is serious, but funny, given that the listserv involved had a huge security loophole that should have been identified and plugged.

Thanks heavens national electronic security is in the hands of experts at the Communications Security Establishment rather than the political hacks in the current Prime Minister's Office. At least important stuff is safe.

Ya know, another Conservative first minister had a similar problem a couple of years ago.

Of course that guy had an episode earlier where he claimed someone was hacking his office.

That turned out to be someone trying to access a printer in the Provincial Conservative from another office in the same building.

The police were called.  (Did they know the truth before the police were called?)

The media were called in, too and all sorts of wild and completely unfounded accusations were tossed around.

The whole episode was more farce than anything else but the media dutifully reported the Conservative leader's Get Smart claims of a hacking attempt.

Even at the time, the whole thing looked more like part of a continuous pattern of vicious personal attacks, smears and innuendo than something to bother the police about.

But bothered they were.

The police found nothing...

...not surprisingly at all.

No charges were filed at all.

-srbp-

01 February 2008

It's the software's fault

Apparently the latest provincial government InfoSec breach can be blamed on the software, specifically a file sharing program known as LimeWire.

A popular file-sharing program exposed the private details of more than 150 people over the internet [sic]earlier this month, the Newfoundland and Labrador government said Thursday.

That's an interesting take on the story, given that people operated the computer involved, loading the software without changing the default settings.

Apparently, no one at the Workplace health and safety commission had anything to do with it either, even though they handed over highly confidential information without ensuring the outside contractor was following appropriate security procedures.

No people were involved at all.

Well, that is, except, ummm, of course for the 153 people whose files were exposed, including 108 who had their medical histories and work histories, as well as names and birthdates openly accessible on the Internet for 24 or so days.

And that identity theft thingy that Attorney General Jerome Kennedy warned about in the news release on Thursday? Well, when he spoke to reporters, Kennedy had a slightly different tune to sing:

"The file sharing program allows for access of various information that's on an individual's computer. It doesn't mean it will be accessed," Kennedy told reporters.

So why all the big fuss about government officials taking proper measures in the wake of the leak or of the giant lock-down being applied to every computer in government? Apparently it was nothing to worry about after all.

In other words, the giant news release Kennedy authorized for distribution was just a waste of energy.

Is it just an overactive imagination or did the province's attorney general sound less like a cabinet minister looking out for the public interest and more like the government's chief legal counsel representing a client staring at potential lawsuits?

-srbp-

Remember the story yesterday and the Telegram's short version? The story on page three of the Friday edition didn't mention identity theft anywhere.