Feeds

back to article Gov claims 'password protection' OK for sensitive docs

The government sent the security industry into gales of laughter today when it insisted that sensitive documents on Hazel Blears’ missing PC are quite safe, as the machine is “password protected”. The gov’s soothing words came amid speculation on what formal action, if any, communities and local government secretary Blears will …

COMMENTS

This topic is closed for new posts.

Page:

again

www.trucrypt.org

I will for go my 6 figger consluting fee this time but If I have to keep redoing my orignal work I might start charging

0
0
Happy

Passworded

Well it is a step up from bunch of easy to read papers in a folder on the back seat as is normally the case

Not much of a step up however.

They really don't understand what they are talking about do they... and how easy a password is to crack.

Knowing the IQ of MP's the password was probably "password" or "holiday", or the dogs name.

0
0

Bad enough to loose a laptop

But to loose a desktop?

And these fuckwits want us to believe they can be trusted with ANYTHING?

No single government is this bolloxs, so it HAS to be on purpose

Burn them!

Burn them all before they sell your children to whoever they are REALLY working for.

0
0
Paris Hilton

Dammit

Thanks for that, I need a new screen now, after spraying coffee all over it.

I know our government is monumentally crap at IT, even if it's just by the vast amount of my money they waste paying their corporate f***-buddies to screw up every NHS/Police/Tax/etc IT scheme going, but after the recent string of privacy breach idiocy and failed security, this just takes the biscuit.

Sadly, Paris, because we now have proof that she's significantly more intelligent and useful than my government

0
0
Tim
Thumb Down

Hazel Blears

She really is neither use nor ornament. Fingers crossed for the message of 'unequivocal support' from No. 10.

Anyone else spot in the other article how her spokesdroid said she had both 'constituency' and 'departmental' data on the machine, but nobody should worry because there was no personal information contained in the departmental data? I can't see her keeping her job if she's exposed her own constituents to blackmail and identity theft.

0
0
Coat

Meh

This is the Gov that thinks that pedo's will only ever use one email address, making them easily trackable online.

Nothing surprises me anymore.

0
0
Silver badge
Paris Hilton

what the..................?

wh... w.. fuck...huh? doh!

Words fail me.

Paris, 'cos she is probably smarter than the entire Labour cabinet put together.

0
0
Thumb Up

Oh that's alright then.

I now feel thoroughly reassured about our governments understanding of digital security.

Can I suggest some possible passwords they can use for protecting machines holding sensitive material in future that would reflect this?

'admin'

'hazel1'

'123456'

Or how about 'fuckw1ts' ?

0
0
Unhappy

3rd time = enemy action

sorry but that's one too many incidents in a short space of time. This is a set-up.

0
0
Silver badge

Out of the Loop leaves them High and Dry and having to Think for Themselves

"In the meantime, the government might do worse than despatch a crack MI5 team down to Waterloo Station to scour the trains post rush hour, as this seems to be the main clearing house for sensitive government information these days. "

One wonders why sensitive information is shared with them... these days.

0
0
Anonymous Coward

I'm assuming our glorious Government....

knows the difference between password protection and encryption? Numpties!

0
0
Pirate

but what if the password is....?

password

Hazel's bday

Hazel's family members' bday

Tony Blur's bday

days Gordo has left in office

year Noo Laboor got into office

42

<enter>

betcha it's something obvious! this is Noo Laboor, IT f*cktards one and all.

(where's the *I hate Labour because they are cr4p and ruining my income* icon?)

0
0
Paris Hilton

Post IT

What the government didn't state was the password is written on a postit stuck to the underside of the laptop.....

Bugger!

0
0
Silver badge

Waterloo station

"In the meantime, the government might do worse than despatch a crack MI5 team down to Waterloo Station to scour the trains post rush hour, as this seems to be the main clearing house for sensitive government information these days."

Yes, but the American won't let Brown do that - we know that from Borg Ultimatum, don't we? The CIA keeps that playground to itself.

0
0
Thumb Down

Secure

Probably find the password is written on a sticky note on the front of the machine anyway....

0
0
Thumb Down

Spot the difference:

Civil servant breaks procedure by removing sensitive docs, leaves them on a train and gets suspended subsequent to probable sacking or demotion.

Minister breaks procedure by downloading sensitive docs, PC is pinched and the No. 10 spin machine whirs into action declaring that the free world is safe as the machine was password protected.

Now where's that Linux live CD that edits the Windoze SAM file...

0
0
Coat

Poor thing

"And even though the machine was in an alarmed room,"

Poor thing, I hope somebody knows how to calm rooms down.

Mine's the one with the sleeves on backwards and the funny-looking straps.

0
0
Coat

Umm. No password cracking required

Assuming it is a Windows machine with the encrypted file option available (Windows 2000 SP4 certainly has it) then it should be very difficult to get the contents of the file. But how many people know that option exists? Furthermore, how many people use it? Doh!

That being the case, you don't even need to crack a password. Remove the hard disk, stick it in a external USB case and mount on another machine. Da daahhh!!!

[Just passing it to Blears]

0
0

trivial password cracking

I'd love to know which password they are talking about, BIOS, Windows or MS office. The first two aren't just trivial to crack you don't even need to crack them to get to the files on the disk unless it's encrypted. I'd offer to demo how long it takes to crack their files but I don't invoice by the minute.

0
0
Paris Hilton

For goodness sake

Have these people never heard of Truecrypt? Its free, easy to implement and, providing you have a strong password, is essentially unbreakable.

Mine's the one from the University of the Bleedin' Obvious...

0
0
Flame

Hmmm...

Ok first a lesson.

CD with SAM database password reset program. I now have local admin access to the machine and all data on the machine.

Now that's over with I highly doubt some local tea leaf will try and out any info on this machine as it's probably already been formatted and rebuilt with XP. That's not to say anyone with half a brain cell could interrogate the drive and get the docs back but you'd open yourself up to a charge of recieving stolen goods and maybe a nice spell in chokey while they wait to allow you access to Habeas Corpus.....

Really - Gov docs are mind numbingly boring to the average person so why nick a computer for that rather than the sum of it's parts.

0
0
Anonymous Coward

Did I read that correctly?

So the potentially sensitive documents are safe because the machine has a password, well that's just fine then.....

What kind of *!$%ing idiots are running this country? Any they want to bring in national ID cards, they haven't a clue. If brains were dynamite they couldn't even blow their hats off.

Has to be Paris, she might not be the sharpest knife in the box, but she could show these prize muppets a thing or two.

0
0
Bronze badge
Pirate

Password protected?

Probably still Win95, so the escape key should do the job, or of course now that they have the machine simply boot of a live linux CD.

Icon - we're all going to die unless we can find some more intelligent amoeba to govern us.

0
0

Simple solution

Install TrueCrypt (free, libre, open-source) whole disk protection on every government machine. OK, there will be a few numpties who write down the password and pin it to the monitor, but it's a better line of defense than just having stuff in the clear on the drive.

0
0
Anonymous Coward

even more trivial

".. cracking a password, as opposed to cracking an encrypted PC, is considered a trivial task."

Quicker to lift out the hard drive and install as D:\ on your own computer.

And if "the computer was password protected" is spokespersonese for "the documents were password protected" try opening a protected MS Word document with a text editor!

0
0
Stop

Secrect Information - Not

Put it in perspective - it's not like Hazel Blears will have access to any interesting information

"The Government was in turmoil today as it was revealed that the Secretary of State for Communities and Local Government lost her PC which was said to have secret plans for better provision of park benches and putting a microchip in your bin"

The only thing you'd get if you read the content of her secret files is really really really bored.

0
0
Alert

Why oh why?!

More data stored on a PC that shouldn't have any information on it. As for the governments belief that everyone in the UK will buy the "password protected" bull then they are dillusional.

What is even worst is that it isn't a laptop but a PC... Time people begun thinking about protecting OUR personal information. If this information is sitting on a PC or laptop we have a right to know that it is secure. At the moment no one can give us this 100% certainty. There are products out there like BackStopp from Virtuity (www.backstopp.com) that protect data from these types of theft, even protecting a desktop PC utilising RFID technology. If the machine leaves, the data is securely deleted. Now why aren't they using something like this to come out and say "A machine was stolen, but we know the data was securely removed an hour ago without being accessed"?

Rant over..

0
0
Bronze badge

New law needed

If password protection doesn't effectively encrypt files it should be given a different name.

0
0
Stop

Dumb terminals?

Since that shower of incompetents have proven time and time again they can't be trusted with anything more technical than a digital watch - take all the PCs from them and give them Thin Clients. The ones which *don't* have USB or any other way to get data off of them.

I'll happily do their Citrix rollout for ooohh - 250 million??

0
0
Unhappy

Bloody idiots

In government these days (well not just now, always have been) occasionally i think things might be getting better but no...

0
0
Stop

Quick vote...

Why bother cracking the password... Vote now for it to be either:

A) "password"

B) "hblears"

C) " "

D) "abc123"

0
0
Flame

semantics

It might as well be encrypted, but with a password to log-on on the encrypted disk.. ?

Seriously, do you expect politicians to be able to explain to 'the masses' what they do with their computer or how it is protected ?

I can only imagine that it is as toe curling as a senior manager or a CEO doing an IT security pep talk.

On the other hand.. they seem to have proven that it impossible to underestimate their tech savviness or protection measures.

0
0
Black Helicopters

WTF

And I suppose that her password is/was ****** [because she couldn't remember 'password'].

Still nothing will happen to her. She's a Government minister and they don't have to follow the rules like the little (and poorer) people do.

And HOW ON EARTH did someone walk away with a DESKTOP machine? Without anyone noticing! Though I wouldn't mind betting that some clever sod held a door open for the guy taking "his" PC out to his car.

0
0
Paris Hilton

Information Governance

After years of attempts by HMG to secure quality information governance they really have only two lines open to them;

1. Formally discipline the person who breached security policy (in this case sack the minister not only from her post but from the government, she should also resign as a constituent MP. She can of course re-stand for her constituency, but let her constants hear ALL the facts before allowing a by-election. Let the people decide about data security). Ensure that this hard line is taken against ALL members of HMG and departments of HMG, and give the IT departments technical tools to enforce Information Governance policy.

2. Give up the pathetic pretext of information governance altogether. "sorry everybody we can barely keep secret data secret, your personal records don't stand a chance".

As it stands the minister will probably survive, and some highly paid member of the civil service will issue another letter saying “this kind of behaviour will not be accepted, in future…..”

Why Paris?,

HMG have exposed themselves more often than Paris has (shame or shame ?)

0
0

Official Secrets Act?

Will Hazel Blears be prosecuted for leaking?

http://www.opsi.gov.uk/acts/acts1989/ukpga_19890006_en_1#l1g8

"(1)Where a Crown servant or government contractor, by virtue of his position as such, has in his possession or under his control any document or other article which it would be an offence under any of the foregoing provisions of this Act for him to disclose without lawful authority he is guilty of an offence if—

(a)being a Crown servant, he retains the document or article contrary to his official duty; or

(b)being a government contractor, he fails to comply with an official direction for the return or disposal of the document or article,

or if he fails to take such care to prevent the unauthorised disclosure of the document or article as a person in his position may reasonably be expected to take."

Incidentally, I have experience of securing systems on which Home Office data relating to criminal prosecutions is stored. And the rules clearly state that the device has to be physically secure (ie bolted to something big).

0
0
Joke

Just as an addition to my previous anonymous post..

Six laptops containing information about 20,000 patients have been stolen from a south London hospital!!!

Yup HMG data security is a bad joke

0
0
Paris Hilton

A PASSWORD?? Oh NOES!

My carere as a hax0r is over!!!

Unless I is very smartz and trys:

Her child's name? Noes...

Her hubby name? Noes...

Her dog's name?

SUXXESS!!! I IS HAX0R SUPREME!!!

*sigh*

and it probably is... the entire concept of a complex password to try and at least put SOME sort of speed-bump in the way would be far too difficult. Paris would encrypt....

0
0
Unhappy

Fear not sir, it's password protected!

We received a letter this morning from St Georges Healthcare NHS Trust informing us that details about our son (who recently underwent minor surgery) were among those on laptops recently stolen from St Georges Hospital in South London:

http://news.bbc.co.uk/1/hi/england/london/7461619.stm

In the light of yet another government data security fiasco, I thought I'd share the following paragraph in the letter with El Reg readers:

"It is our policy to store such data on secure central network drives which saves data away from the hardware of a computer. However, due to a problem with the network drive this data was being stored temporarily on the laptops until the problem was resolved. We have now fixed this issue and we are reinforcing all security measures across the Trust to protect our patients' confidentiality.

As all computers were password protected, only authorised staff who had the correct password could access the data. Therefore, there is only a very small chance that any patient details have been passed on"

It would be interesting to know how long that period of "temporary" storage lasted, wouldn't it?

You had a good run son. You almost made it to 3 years of age before your medical records escaped onto London's trash-strewn streets like so much, errr, trash.

0
0
Bronze badge
Alert

Cracking the password?

Who cares about the password? Just pull the drive, attach a USB to PATA or SATA adapter, and start copying the data.

0
0
Joke

On the bright side

It's probably been planked by some chancer for offloading down the pub/eBay.

Not like anyone would walk into their MP's constituency office, pick up an unsecured desktop and walk righ out the front door with it - and actually have some intent to use the information on it...

0
0
Anonymous Coward

Unbelievable

I work for a company that is cleared to handle and store documents up to and including Top Secret, these documents are usually to do with national security / intelligence etc.

Because we are a private company not a government department the amount of work we have to do to secure the information we have is amazing. The rules and regulations on what can and can't be done, who can and who can't see things, audit trails, physical as well as software security, air-gaps on machines, no cables crossing due to Temepst, the list goes on..

When I read a story like this it makes me wonder why we bother going to such lengths, the government don't seem to bother!

0
0
Unhappy

unbelievable

it is now an everyday event that sensitive information is stolen, mislaid, blah blah

and this is only the tip of the iceberg that we find out about......

We can have no confidence in any government that allows ministers to stay in place when such events occur.

As gordon brown would find out IF he bothered to ask security experts password protection is all but worthless and very very simple to crack probably the password was written on a post it note on the monitor.

It would appear that all government departments need to run an intensive security course and dismiss people who do not comply.

Only the thought of loss of lucrative employment combined with threat of legal action will change peoples attitudes.I hate to think what information they carry about on their phones.

There is shortly going to be a point reached where we all have had our personal information given out by the government is it a plan to stop us moaning about the id data base where they can quite rightly say "its only information that is in the public domain anyway" because we have put it there.

0
0
Anonymous Coward

A Question

Imagine this hypothetical situation:

You work for a private company and have access to the HR database (including payroll). You've been given training on the procedures for protecting this sensitive data. You knowingly and willingly disregard this and take a copy home with you (but keep it in a hidden folder). It gets stolen.

How long before you get shown the door?

0
0
Anonymous Coward

Post it note

Chances are the password was on a post it note stuck to the outside of the PC!

0
0

Numpties

How did any of these people get into top government jobs in the first place? As a government minister, Blears is about as convincing as a Thunderbirds puppet. Perhaps, to re-work an old saying, it's a case of "those who can, do; those who can't, govern".

Oooh, biting.

0
0
Flame

It's bad enough that she's in a position of power...

...but do I have to see a picture of that ginger dwarf on the El Reg main page?

0
0
Alert

Free Masons

I once bought a computer from Cash Converters & it contained the full details of a local Free Mason's Lodge! Well it was only a 286 & was back in the days when security didn't matter!

AC for obvious reasons, some FM's are the fuzz!

0
0
Anonymous Coward

Ah! One rule for is, one rule for them, and one to....

If ministers can do this, why are we all spending loads of tax payers money on encryption software.

I would be sacked if I had GPMS documents on an unencrypted laptop that was stolen. Or even if I had them unencrypted on my PCs at home.

This really is something that warrants a minister resigning, especially after all the fuss they have been making about civil servants and contractors doing it.

0
0

I wanted ...

..to make a pithy comment.

But words fail me.....

0
0

This post has been deleted by its author

Page:

This topic is closed for new posts.