The government sent the security industry into gales of laughter today when it insisted that sensitive documents on Hazel Blears’ missing PC are quite safe, as the machine is “password protected”. The gov’s soothing words came amid speculation on what formal action, if any, communities and local government secretary Blears will …
the only solution, they cannot pass the computer test, then they cannot use it.
We do it for cars, and in someways there is less of a risk. They make blunders like this and they have points added to their license, in this instance it should be an automatic ban for at least 6 months, and a resit of the test.
If she needs to use a computer for her job, then she should either pay for a person out of her own pocket to use the computer for her, or she takes public computering - damn the analogy broke down just at the end.
why bother to crack to password, just yank the drive, far less work and even a skally from salford can manage that.
Safe in Government hands
Is there ANYONE at all that still thinks our personal details are safe, that the National Identity register wont just be a good and easy method to steal identities?
They never learn
Some people are incapable of learning from their mistakes.
What's the use??
Personally i'd just give them a thin-client on the laptop (or desktop) and store everything centrally in a hoofin' great server behind several feet on concrete, steel and armed guards. Then GIVE them strong passwords they CANNOT change and make it a "revocation of computer privaledges" offence to write it down or give it to anyone else. You can't do much more than that.
Hey HM Gov...
My work laptop IS password protected.
On Dell Latitude laptops, there is an option in the BIOS to set a password which protects the computer from booting. Works great!
Oh, and the whole drive is encrypted with TrueCrypt's System Partition encryption facility. Which is free. As in 'Don't have to pay for it."
Go look it up.
Which means Windows log on.
In separate news, "hackers" are requested to avoid all Linux Live CDs not because they allow the bypassing of most windows security, but because there's... err... a virus.
You've gotta wonder who'd nick a desktop from an alarmed office. More amazing still is that with all the CCTV going about no-one noticed anyone who looked suspiciously pregnant or overweight- just in a very cuboid way...
Anyone with a rucksack or with anything shoved up their jumper should be tracked down using the top-notch (you'd hope, given that it'd being inflicted on the rest of us) security there and kept in cells for questioning. For up to 42 days on the grounds that "the PC they improperly secured contained information potentially of use to Terrorists". See how they like it...
What a stupid.....
cow Blears is. She looks so bloody dozy and when she speaks you realise she actually is dozy. How on earth do these people actually get into a Government ???.
I know I know
I think time has come for Politricians to be given a compitency test ?
How about general knowledge or even IT based testing Politicians versus 12 year kids ?
( I know who to bet on here the 12 year old would definitly have a few more brains cells than the whole of NU LABOUR cabinet.)
Or even better still how about Computers for Dummies to be sent to all law makers who try to create new laws in an environment they know nothing about ?
Another MP drops an IT Bollock
Well she would if she were a bloke.
It seems Portsmouth North MP, Sarah McCarthy-Fry had her Hotmail account 'hacked'.
The enterprising miscreant sent an e-mail to everyone in her address book claiming she was stuck in Nigeria (bit of a give-away, that) and needed £1000's to get home.
BBC News Story:
Paris, 'cos there isn't a dopey-looking MPess icon.
Plus 1 for the mandatory security training idea
Frederick Karno wrote above:
"It would appear that all government departments need to run an intensive security course and dismiss people who do not comply."
I agree. We live in an information economy & society for gawd's sake. Our politicians and public servants should be obliged to obtain and *demonstrate* a working knowledge of data security technology and practices, together with performance appraisal to ensure that they can not only talk the talk, but are also walking the walk. As we know, security is as much about behaviour as technology.
Despite the fact that we live within an information society and are dependent upon an data-driven economy, we are still being governed by a generation of people many of whom barely understand the difference between hardware and software. Time for a forest fire. If you don't understand encryption and other security-related technologies, if you don't observe best security behavioural pratices, away for re-training with you! If you fail the courses, thanks for your efforts, but this is an information society we're living in here. Here's your (analogue) carriage clock. Next generation please!
They know nothing about security!
If they wanted it to be REALLY safe they'd have used a substitution cipher on it too!
Mine's the diamond-studded one made of gold thread in the unlocked, papier mache safe... Oh, and watch out for the guardsnail!!
Is she actually "guilty" ?
It's always fun to bash New Labour, but if I park the actual contents of the machine to one side I'm a bit mystified why the woman (from the little data I have seen) gets bashed for having a DESKTOP PC stolen from an ALARMED room.
It's not like she walked out of teh building with the machine and forgot it on the train or, in a break with tradition, left it in a cab.
I'd first give building security a real roasting, and then use the opportunity as proof that the INSIDE of Whitehall et al needs fully saturated CCTV coverage :-).
I think you are all cruel. password protection on windows is in fact OVERKILL. I suggest that you just use a piece of selotape on to hold the lid down. That will fool anyone who goes to the trouble of breaking into a lock and alarmed room to steal a computer. They probable don't even have the right type of electricity.
Imagine the hilarity if every El Reg burned a CD filled with random data, labelled it with things like 'For Hazel B - URGENT!' and left them on trains and buses across the nation.
Okay I admit they'd be hard to find amongst copies of the Metro and all the legitimate government CDs that have been left behind, but it'd be amusing to see the PM standing in the Commons trying to work out if the disk called 'Iran Battle Plan' found on the 08:25 to Grimsby was genuine or not.
The only way to come up with a memorable secure password is to think of a life-changing event and then take the first letter of each word, include numbers and non-alphabetic characters, and vary the case of the letters.
In Hazel Blears case, a good password would be:
The life-changing moment: "I truly fucked up on 17/06/08 when I down-loaded files from 10 Downing Street and thought a password would keep the contents safe!"
Use that password to access the files encrypted by TrueCrypt as others have already suggested. Job almost done. "Almost" - because it's still not perfect, but it's a lot better than trusting in Redmond.
And a thousand times better than trusting in gov.uk.
More Blears please?
Quoting AC above:
"...but do I have to see a picture of that ginger dwarf on the El Reg main page?"
Sorry AC but I'm beginning to think we should see more of her <shudder>. She should be on cctv full time, the same for all our politicians and senior civil servants, recording their every word and move - for their own protection, of course.
Nothing to hide, nothing to fear!
If the password isn't written on a Post-It note, try the nearby calendar.
That's another favourite.
I think we need a new word to describe the staggering levels of incompetance that our Government has reached.
It's truly mind blowing.
Password protected? so its all OK then?
Im helpless with laughter at that statement, password protected only from those under the age of three years.
I suppose its just one very small rung up the security ladder than tossing 26 million records into the post & hoping they turn up at the right destination, but wait, they are going to shove every bit of data about us onto an ID card very soon, ram it down our throats & charge us £80 or so for the privilege, no doubt that data store will be 'password protected' as well.
could do better
Blame their IT department
Yes Labour are muppets, but most of the lapses so far are concerning the Civil Service not the actual politicians, apart from this loss.
Same problem would exist if The Cons were governing as well.
All these politicking to$$ers are as clueless as each other, regardless of party. Cameron and his sidekicks are similarly inexperienced as Labour in the real world. Can you imagine Cameron really understand what is going on rather than blaberring any old bull cr@p about things? They are mostly all the same, with only a few precious exceptions.
As for the Civil Service, well what a bunch of time wasting lay abouts.
So, all these idiots need an IT department that can effectively manage their stupid liabilities.
They also need me in charge of the country to tell them what is what.
Remember - these people keep how you voted
It never ceases to amaze me, but the Govt keeps how you voted in a "confidential" database, and refer to it for "canvassing purposes" around election time.
Imagine that falling into the hands of extremists? Left, Right or religious nutters - no matter.
AC - cos at least here I *can*
i'd hate to give them the benefit of the doubt
.....but since the person who stated that it was password protected is not employed in a technical role, maybe the machine was decently encrypted and he just didn't know the difference because from his perspective 'you have to put a password in'....
even if i'm right, she should still get fired for storing classified stuff on an unauthorised machine.
More Password Suggestions
Looks like ministers don't understand leet. H4x0r5 will have a birthday. Thing is in the c1v1l_53rv1c3 is they expect those who are c0mpu73r_l173r47e to help the ones who aren't.
Those who suggest trucrypt.com should set themselves up as consultants (cutting me in of course) to gain lots of t4xp43r5_d05h.
What is the problem
The password protection on a PC is good...well, for at least the 70 seconds it takes to boot up a CD Rom or 15 seconds on a thumb drive.
You guys are just too hard on these people!
...and then there is government data security.
It makes you wonder about the incidents we don't get to hear about.
Easy password crack
Assuming it's a windows XP or earlier pc, take the following steps to get around windows password protection
1 - take out the hard drive
2 - insert hd into usb caddy
3 - connect caddy to another computer
4 - fire up computer, login, and browse mounted hard drive to your hearts content.
I thought the upper echelons of our civilisation were supposed to be smatter than us and hence why they rule over us. Where did darwin go wrong and why didn't Guy Fawkes succeed?
not being funny but...
would the Tories or the LibDems actually be any more computer savvy?
....take there latops off them. We all pay for them to have second houses so they can be close to 'the office' so make them bloddy go there to work instead! as last they cant leave a desktop on the train!.
Wouldnt of happen with John Prescott......he'd have eaten it first.
@ They never learn
Some people are incapable of learning from their mistakes.
You are suffering a serious lack of comprehension about our current government. In the same way they genuinely do not understand how they have pissed off the electorate in the run up to the local elections, they do not see this (and all the other data losses) as their mistakes. *Someone*'s mistakes but not *theirs*. In their eyes they really are the squeaky clean saviours they dream of being, instead of the dogshit Brown incompetents they really are.
That's the Dell boot password that protects the hard drive in a separate machine is it?
Truecrypt is another matter but it won't be implemented by the government as it's "open source and therefore not secure"
Digital security is easy for any intelligent person but totally beyond the wit of this shower.
Anonymouse cos I have to work for the clowns
Please, remain calm
We in government realise that the modern security challenge is defined by new and unprecedented threats: terrorism; global organised crime; organised drug trafficking and laptop trafficking. This is the new world in which government must work out how it best discharges its duty to protect people.
New technology is giving us modern means by which we can discharge these duties. But, as I have suggested recently, just as we need to employ these modern means to protect people from new threats, we must at the same time do more to guarantee our liberties. Among those liberties are the right to a government post for any New Labour member able to find a constituency amenable to his or her continual reelection.
Furthermore, we are assured by a consensus of experts that password-protected computers are worthless as anything other than paperweights, boat anchors, and souvenirs to any but their rightful owners. We are therefore pleased to reassure the British populace that all is well.
Here you go Mr Brown:
The 'buy it now' price is $4.00
I know the economy is in the toilet but surely you can stretch to that?
"would the Tories or the LibDems actually be any more computer savvy?"
Perhaps not, but neither of these parties is actively seeking to increase the amount of data the government holds. A sensible policy line after all these leaks would be something along the lines of:
"We know you value you your privacy and you don't want your data to find it's way into criminal hands, so we will now launch a review into the all government computer systems. On a case by case decide whether they are required or if the data the each system holds can be reduced."
No government will ever do that though, it'd be sensible.
I've been told
That this is just sheer incompetence, but damn its as if this is part of some plan. I almost believe that some higher power is in control and its their plan to leak all off this stuff. Just keeping on putting Muppets in charge and they will keep on losing data . The muppets are not even aware that they are part of this plan.
The government must have moved ....
... from Downing Street to Mornington Crescent, as obviously they don't have a clue.
@ Gordon Pryra
Loose != Lose
How to break a windows password
As I am 99.999% sure this was a windows machine, here is how to get the information back easily.
1: Download knopix
2: Mount the drive
3: Get the files
O wait, maybe the ment a boot password? Then all you need to do is rip the HD out and put it in another machine first. But I doupt they went this far.
Or maybe (even less likely) the HD was locked using the ATA standard lock. Then I guess they just have to get the plater out and analyse that. Shouldn't be hard for someone who could break into such an office. But then again, chances are the only protection was the login password on windows ...
Paris, cause she was brilliant enough to listen to him when someone who knew security told her how not to get her stuff stolen anymore.
Its the organisation or lack of IT
It is just incompetence and someone should be hauled up on the government IT side but you'll probably find there's no one specifically responsible (in that department) and to be honest most ordinary people (including MPs) have no idea about encryption or passwords or the difference between the two. Some years I worked in a Government owned organisation and my boss got PGP encryption (it was quite a while ago) installed on all the departmental laptops - we had huge grief from the users as they couldnt remember their passwords and weren't too happy to be told that we couldn't decrypt the drives (even though they'd been told that on numerous occaissions losing the passwords would mean data loss).
There's also some interesting thinking going on in this thread i.e. thin client yes centralised government DBs/Servers no? You'd probably find that thin client would be way more secure as you could enforce passwords/password complexity/access policies.....etc. What your seeing now is the general disorganisation in government (always been there but not as obvious) and the breakup into agencies....etc won't have helped either. Whoever gets in next time won't change it as they'll be too busy with 'getting' pointless 'things done' - probably by setting up some more agencies rather than sorting out the mess thats there ad infinitum.
To all you naysayers
If we all had ID cards, we needn't have worried about what went missing from HB's dekstop.
All our data would already be in the public domain, and we'd have nothing left to protect. Ergo, we need not worry about privacy / ID theft / etc.
ID cards solve all your problems.
Mine's the heavy one loaded with aromatic herbs in all the pockets.
The fact that the miscreant who made off with the machine got into the building by breaking a window makes me think that it's highly unlikely that said miscreant is any kind of l33t h@xx0r. More likely said miscreant had offloaded the PC at a car boot sale within 24 hours, and the buyer is e'en now stalking the streets of Mankchester with a baseball bat ready to be applied to the head of said miscreant. On the very reasonable grounds that when the buyer plugged it in and switched it on, it asked him for a password. Which he didn't know and, being ignorant of the machine's provenance, was unlikely to guess in a hurry.
Yes, ZaNuLabour and its mongrel hordes are seriously lacking in Clue when it comes to IT security, but how about, just for once, a sense of proportion?
@pepol who are sugesting trucrypt
that is my 6figer contract for stating the obvoius read the first post hands off my pork
to be even handed and unbised
contains all the tools to brake a windows passworded pc including a password recovery tool I will be submiting my bill to the theifs as well as the goverment
Well, you're right there... It doesn't protect the hard disk when inserted into a computer which doesn't support this password protection feature.
Thank god, too! If it did, we'd NEVER be able to restore the data from these numpty idiots who forget their passwords, or hose the laptop by spilling coffee / wine / paint thinner on it.
As for TrueCrypt not being secure, I hope to GOD that you're being sarcastic. The ability to peer review open source code is simply THE most secure way a program can be released.
doesn't CESG (nice chaps who live quietly in Cheltenham) enforce gvmnt IT security policy? Won't they be having a nice friendly chat (proper security style interview) with the relevant MP's. hope so!
in fact , probably the malfaiteur was a spook conducting an authorised pentest
If they believe computers are secure then why not legalise hacking?
Legalised hacking would sharpen them up, after all its just the same as now except the law abiding cannot join in!
Really its time that Government data loss meant that the responsible person went to jail for a long time. Perhaps the simple word responsibility just doesn't register?
Laptop - Desktop - what's the difference?
People love laptops, they are cool. Desktops are so last century, no one wants a big box with a separate screen and loads of messy wires that takes up a desk and therefore a room.
Imagine carrying that lot out of the building. I expect someone helpfully held the door open and maybe carried the printer.
On the otherhand, if they only took the base unit, that would indicate that they wanted the DATA. If they wanted the data then they would spend the time and crack the password. Like I said, if it was a laptop then that's because they wanted a laptop, no one steals a desktop, duh.
If you want data then look in coat pockets for USB sticks and PDAs.
At least the others could get the URL and name right.
I was protecting my sorces for my masive funding I was hoping to get (I was going to arange a meating with topgov man but he aprently left his notes on a train)
(I also can not spell cos of dyslexica)
By the time this government has finished, there won't be a single shred of information about UK citizen that isn't in the public domain. That will include all biometric details (courtesy of the lovely ID database).
How then, will commercial organisations like banks actually verify anything?
- World's OLDEST human DNA found in leg bone – but that's not the only boning going on...
- Lightning strikes USB bosses: Next-gen jacks will be REVERSIBLE
- Pics Brit inventors' GRAVITY POWERED LIGHT ships out after just 1 year
- Microsoft teams up with Feds, Europol in ZeroAccess botnet zombie hunt
- Storagebod Oh no, RBS has gone titsup again... but is it JUST BAD LUCK?