The government sent the security industry into gales of laughter today when it insisted that sensitive documents on Hazel Blears’ missing PC are quite safe, as the machine is “password protected”. The gov’s soothing words came amid speculation on what formal action, if any, communities and local government secretary Blears will …
I will for go my 6 figger consluting fee this time but If I have to keep redoing my orignal work I might start charging
Well it is a step up from bunch of easy to read papers in a folder on the back seat as is normally the case
Not much of a step up however.
They really don't understand what they are talking about do they... and how easy a password is to crack.
Knowing the IQ of MP's the password was probably "password" or "holiday", or the dogs name.
Bad enough to loose a laptop
But to loose a desktop?
And these fuckwits want us to believe they can be trusted with ANYTHING?
No single government is this bolloxs, so it HAS to be on purpose
Burn them all before they sell your children to whoever they are REALLY working for.
Thanks for that, I need a new screen now, after spraying coffee all over it.
I know our government is monumentally crap at IT, even if it's just by the vast amount of my money they waste paying their corporate f***-buddies to screw up every NHS/Police/Tax/etc IT scheme going, but after the recent string of privacy breach idiocy and failed security, this just takes the biscuit.
Sadly, Paris, because we now have proof that she's significantly more intelligent and useful than my government
She really is neither use nor ornament. Fingers crossed for the message of 'unequivocal support' from No. 10.
Anyone else spot in the other article how her spokesdroid said she had both 'constituency' and 'departmental' data on the machine, but nobody should worry because there was no personal information contained in the departmental data? I can't see her keeping her job if she's exposed her own constituents to blackmail and identity theft.
This is the Gov that thinks that pedo's will only ever use one email address, making them easily trackable online.
Nothing surprises me anymore.
wh... w.. fuck...huh? doh!
Words fail me.
Paris, 'cos she is probably smarter than the entire Labour cabinet put together.
Oh that's alright then.
I now feel thoroughly reassured about our governments understanding of digital security.
Can I suggest some possible passwords they can use for protecting machines holding sensitive material in future that would reflect this?
Or how about 'fuckw1ts' ?
3rd time = enemy action
sorry but that's one too many incidents in a short space of time. This is a set-up.
Out of the Loop leaves them High and Dry and having to Think for Themselves
"In the meantime, the government might do worse than despatch a crack MI5 team down to Waterloo Station to scour the trains post rush hour, as this seems to be the main clearing house for sensitive government information these days. "
One wonders why sensitive information is shared with them... these days.
I'm assuming our glorious Government....
knows the difference between password protection and encryption? Numpties!
but what if the password is....?
Hazel's family members' bday
Tony Blur's bday
days Gordo has left in office
year Noo Laboor got into office
betcha it's something obvious! this is Noo Laboor, IT f*cktards one and all.
(where's the *I hate Labour because they are cr4p and ruining my income* icon?)
What the government didn't state was the password is written on a postit stuck to the underside of the laptop.....
"In the meantime, the government might do worse than despatch a crack MI5 team down to Waterloo Station to scour the trains post rush hour, as this seems to be the main clearing house for sensitive government information these days."
Yes, but the American won't let Brown do that - we know that from Borg Ultimatum, don't we? The CIA keeps that playground to itself.
Probably find the password is written on a sticky note on the front of the machine anyway....
Spot the difference:
Civil servant breaks procedure by removing sensitive docs, leaves them on a train and gets suspended subsequent to probable sacking or demotion.
Minister breaks procedure by downloading sensitive docs, PC is pinched and the No. 10 spin machine whirs into action declaring that the free world is safe as the machine was password protected.
Now where's that Linux live CD that edits the Windoze SAM file...
"And even though the machine was in an alarmed room,"
Poor thing, I hope somebody knows how to calm rooms down.
Mine's the one with the sleeves on backwards and the funny-looking straps.
Umm. No password cracking required
Assuming it is a Windows machine with the encrypted file option available (Windows 2000 SP4 certainly has it) then it should be very difficult to get the contents of the file. But how many people know that option exists? Furthermore, how many people use it? Doh!
That being the case, you don't even need to crack a password. Remove the hard disk, stick it in a external USB case and mount on another machine. Da daahhh!!!
[Just passing it to Blears]
trivial password cracking
I'd love to know which password they are talking about, BIOS, Windows or MS office. The first two aren't just trivial to crack you don't even need to crack them to get to the files on the disk unless it's encrypted. I'd offer to demo how long it takes to crack their files but I don't invoice by the minute.
For goodness sake
Have these people never heard of Truecrypt? Its free, easy to implement and, providing you have a strong password, is essentially unbreakable.
Mine's the one from the University of the Bleedin' Obvious...
Ok first a lesson.
CD with SAM database password reset program. I now have local admin access to the machine and all data on the machine.
Now that's over with I highly doubt some local tea leaf will try and out any info on this machine as it's probably already been formatted and rebuilt with XP. That's not to say anyone with half a brain cell could interrogate the drive and get the docs back but you'd open yourself up to a charge of recieving stolen goods and maybe a nice spell in chokey while they wait to allow you access to Habeas Corpus.....
Really - Gov docs are mind numbingly boring to the average person so why nick a computer for that rather than the sum of it's parts.
Did I read that correctly?
So the potentially sensitive documents are safe because the machine has a password, well that's just fine then.....
What kind of *!$%ing idiots are running this country? Any they want to bring in national ID cards, they haven't a clue. If brains were dynamite they couldn't even blow their hats off.
Has to be Paris, she might not be the sharpest knife in the box, but she could show these prize muppets a thing or two.
Probably still Win95, so the escape key should do the job, or of course now that they have the machine simply boot of a live linux CD.
Icon - we're all going to die unless we can find some more intelligent amoeba to govern us.
Install TrueCrypt (free, libre, open-source) whole disk protection on every government machine. OK, there will be a few numpties who write down the password and pin it to the monitor, but it's a better line of defense than just having stuff in the clear on the drive.
even more trivial
".. cracking a password, as opposed to cracking an encrypted PC, is considered a trivial task."
Quicker to lift out the hard drive and install as D:\ on your own computer.
And if "the computer was password protected" is spokespersonese for "the documents were password protected" try opening a protected MS Word document with a text editor!
Secrect Information - Not
Put it in perspective - it's not like Hazel Blears will have access to any interesting information
"The Government was in turmoil today as it was revealed that the Secretary of State for Communities and Local Government lost her PC which was said to have secret plans for better provision of park benches and putting a microchip in your bin"
The only thing you'd get if you read the content of her secret files is really really really bored.
Why oh why?!
More data stored on a PC that shouldn't have any information on it. As for the governments belief that everyone in the UK will buy the "password protected" bull then they are dillusional.
What is even worst is that it isn't a laptop but a PC... Time people begun thinking about protecting OUR personal information. If this information is sitting on a PC or laptop we have a right to know that it is secure. At the moment no one can give us this 100% certainty. There are products out there like BackStopp from Virtuity (www.backstopp.com) that protect data from these types of theft, even protecting a desktop PC utilising RFID technology. If the machine leaves, the data is securely deleted. Now why aren't they using something like this to come out and say "A machine was stolen, but we know the data was securely removed an hour ago without being accessed"?
New law needed
If password protection doesn't effectively encrypt files it should be given a different name.
Since that shower of incompetents have proven time and time again they can't be trusted with anything more technical than a digital watch - take all the PCs from them and give them Thin Clients. The ones which *don't* have USB or any other way to get data off of them.
I'll happily do their Citrix rollout for ooohh - 250 million??
In government these days (well not just now, always have been) occasionally i think things might be getting better but no...
Why bother cracking the password... Vote now for it to be either:
C) " "
It might as well be encrypted, but with a password to log-on on the encrypted disk.. ?
Seriously, do you expect politicians to be able to explain to 'the masses' what they do with their computer or how it is protected ?
I can only imagine that it is as toe curling as a senior manager or a CEO doing an IT security pep talk.
On the other hand.. they seem to have proven that it impossible to underestimate their tech savviness or protection measures.
And I suppose that her password is/was ****** [because she couldn't remember 'password'].
Still nothing will happen to her. She's a Government minister and they don't have to follow the rules like the little (and poorer) people do.
And HOW ON EARTH did someone walk away with a DESKTOP machine? Without anyone noticing! Though I wouldn't mind betting that some clever sod held a door open for the guy taking "his" PC out to his car.
After years of attempts by HMG to secure quality information governance they really have only two lines open to them;
1. Formally discipline the person who breached security policy (in this case sack the minister not only from her post but from the government, she should also resign as a constituent MP. She can of course re-stand for her constituency, but let her constants hear ALL the facts before allowing a by-election. Let the people decide about data security). Ensure that this hard line is taken against ALL members of HMG and departments of HMG, and give the IT departments technical tools to enforce Information Governance policy.
2. Give up the pathetic pretext of information governance altogether. "sorry everybody we can barely keep secret data secret, your personal records don't stand a chance".
As it stands the minister will probably survive, and some highly paid member of the civil service will issue another letter saying “this kind of behaviour will not be accepted, in future…..”
HMG have exposed themselves more often than Paris has (shame or shame ?)
Official Secrets Act?
Will Hazel Blears be prosecuted for leaking?
"(1)Where a Crown servant or government contractor, by virtue of his position as such, has in his possession or under his control any document or other article which it would be an offence under any of the foregoing provisions of this Act for him to disclose without lawful authority he is guilty of an offence if—
(a)being a Crown servant, he retains the document or article contrary to his official duty; or
(b)being a government contractor, he fails to comply with an official direction for the return or disposal of the document or article,
or if he fails to take such care to prevent the unauthorised disclosure of the document or article as a person in his position may reasonably be expected to take."
Incidentally, I have experience of securing systems on which Home Office data relating to criminal prosecutions is stored. And the rules clearly state that the device has to be physically secure (ie bolted to something big).
Just as an addition to my previous anonymous post..
Six laptops containing information about 20,000 patients have been stolen from a south London hospital!!!
Yup HMG data security is a bad joke
A PASSWORD?? Oh NOES!
My carere as a hax0r is over!!!
Unless I is very smartz and trys:
Her child's name? Noes...
Her hubby name? Noes...
Her dog's name?
SUXXESS!!! I IS HAX0R SUPREME!!!
and it probably is... the entire concept of a complex password to try and at least put SOME sort of speed-bump in the way would be far too difficult. Paris would encrypt....
Fear not sir, it's password protected!
We received a letter this morning from St Georges Healthcare NHS Trust informing us that details about our son (who recently underwent minor surgery) were among those on laptops recently stolen from St Georges Hospital in South London:
In the light of yet another government data security fiasco, I thought I'd share the following paragraph in the letter with El Reg readers:
"It is our policy to store such data on secure central network drives which saves data away from the hardware of a computer. However, due to a problem with the network drive this data was being stored temporarily on the laptops until the problem was resolved. We have now fixed this issue and we are reinforcing all security measures across the Trust to protect our patients' confidentiality.
As all computers were password protected, only authorised staff who had the correct password could access the data. Therefore, there is only a very small chance that any patient details have been passed on"
It would be interesting to know how long that period of "temporary" storage lasted, wouldn't it?
You had a good run son. You almost made it to 3 years of age before your medical records escaped onto London's trash-strewn streets like so much, errr, trash.
Cracking the password?
Who cares about the password? Just pull the drive, attach a USB to PATA or SATA adapter, and start copying the data.
On the bright side
It's probably been planked by some chancer for offloading down the pub/eBay.
Not like anyone would walk into their MP's constituency office, pick up an unsecured desktop and walk righ out the front door with it - and actually have some intent to use the information on it...
I work for a company that is cleared to handle and store documents up to and including Top Secret, these documents are usually to do with national security / intelligence etc.
Because we are a private company not a government department the amount of work we have to do to secure the information we have is amazing. The rules and regulations on what can and can't be done, who can and who can't see things, audit trails, physical as well as software security, air-gaps on machines, no cables crossing due to Temepst, the list goes on..
When I read a story like this it makes me wonder why we bother going to such lengths, the government don't seem to bother!
it is now an everyday event that sensitive information is stolen, mislaid, blah blah
and this is only the tip of the iceberg that we find out about......
We can have no confidence in any government that allows ministers to stay in place when such events occur.
As gordon brown would find out IF he bothered to ask security experts password protection is all but worthless and very very simple to crack probably the password was written on a post it note on the monitor.
It would appear that all government departments need to run an intensive security course and dismiss people who do not comply.
Only the thought of loss of lucrative employment combined with threat of legal action will change peoples attitudes.I hate to think what information they carry about on their phones.
There is shortly going to be a point reached where we all have had our personal information given out by the government is it a plan to stop us moaning about the id data base where they can quite rightly say "its only information that is in the public domain anyway" because we have put it there.
Imagine this hypothetical situation:
You work for a private company and have access to the HR database (including payroll). You've been given training on the procedures for protecting this sensitive data. You knowingly and willingly disregard this and take a copy home with you (but keep it in a hidden folder). It gets stolen.
How long before you get shown the door?
Post it note
Chances are the password was on a post it note stuck to the outside of the PC!
How did any of these people get into top government jobs in the first place? As a government minister, Blears is about as convincing as a Thunderbirds puppet. Perhaps, to re-work an old saying, it's a case of "those who can, do; those who can't, govern".
It's bad enough that she's in a position of power...
...but do I have to see a picture of that ginger dwarf on the El Reg main page?
I once bought a computer from Cash Converters & it contained the full details of a local Free Mason's Lodge! Well it was only a 286 & was back in the days when security didn't matter!
AC for obvious reasons, some FM's are the fuzz!
Ah! One rule for is, one rule for them, and one to....
If ministers can do this, why are we all spending loads of tax payers money on encryption software.
I would be sacked if I had GPMS documents on an unencrypted laptop that was stolen. Or even if I had them unencrypted on my PCs at home.
This really is something that warrants a minister resigning, especially after all the fuss they have been making about civil servants and contractors doing it.
I wanted ...
..to make a pithy comment.
But words fail me.....
- YARR! Pirates walk the plank: DMCA magnets sink in Google results
- Pics Whisper tracks its users. So we tracked down its LA office. This is what happened next
- Review Xperia Z3: Crikey, Sony – ANOTHER flagship phondleslab?
- Ex-US Navy fighter pilot MIT prof: Drones beat humans - I should know
- Human spacecraft dodge COMET CHUNKS pelting off Mars