title: Twenty Five Million Records link: https://onemoretech.wordpress.com/2007/11/20/twenty-five-million-records/ author: lembobro description: post_id: 604 created: 2007/11/20 20:45:02 created_gmt: 2007/11/20 20:45:02 comment_status: open post_name: twenty-five-million-records status: publish post_type: post

Twenty Five Million Records

From the BBC:

UK’s families put on fraud alert

Two computer discs holding the personal details of all families in the UK with a child under 16 have gone missing.

CD discs with the name, address, date of birth, National Insurance number bank details for 25 million citizens of Great Britain.

Supposedly “password protected”. Right, from the average moron running Windows XP on their desktop. Just like the idiots working for Her Majesty’s Revenue & Customs office (the UK equivalent of the IRS) who decided to roll the dice and send off the data to another agency, ironically the National Audit Office, in an unregistered package via the privately run internal government postal system.

Two questions at this point.

First, will HMRC fail it’s Information Technology audi this year?

Second, who the f* decided it was a good idea to have a private contractor run the internal government postal system anyway?

As usual, the elder statesmen in charge “blamed mistakes by junior officials at HMRC”.

Junior officials. What were they, nine years old?

No, on second thought, even my nine year old would have known better.

If it was me in change I’d have Chancellor Darling escorted from the building with the suggestion that he call back later in the week for his exit interview.

P.S. The really serious part of this is that most of the supposedly “unbreakable” password protection schemes on the market rely on a Windows executable to block access to the data. These are easily bypassed by simply mounting the disk on another OS platform, like Linux, and yanking the data off from there. In the past I’ve easily defeated these kinds of systems, along with relatively primative forms of data encryption by doing just that and then running strings against the files on disk.

Copyright 2004-2019 Phil Lembo