I submit my VAT, Corporation Tax, NI and Income tax online. I also pay it all online via my Bank. What exactly is this going to deliver other than adding a couple of extra layers to the websites to make it slower to get to the bits I actually want to use?
27 posts • joined 10 Dec 2010
Would hibernation defeat the boot password?
We have Bitlocker with a boot password here, however many users simply hibernate their laptops instead of shutting them down as the startup process is so slow.
Would this work if a stolen device had been put into hibernation, even with a boot password?
"An ex parking fine processor, eh?
Didn't realise the best cybersecurity gurus were utter bastards. Time will tell if things turn out."
You've not read BOfH then?
Re: "Yes, go on kiddies, mod me down"
Not so much Ad Hominem as On The Nail judging by the ratio of Down votes to Up votes on the original and your response.
Coat for Sir?
Re: OWA used by smartphones
Yes it is. However, as others have commented, the real issue here is not that the OWA service was used to gain access to domain credentials, but how the offending DLL was installed on the server in the first place, and how the server config was manpulated to load the malicous DLL in place of the legitimate one. That was the cause of the breach, everythng else was the effect.
No they don't.
In the Public Sector there are rules that say if you are in a contract for more than 6 months, paying more than £200 per day then you have to provide evidence to the client that your Tax and NI payments are compliant with IR35, either inside or outside.
If you work in the same general location (whether in the Public or Private sectors) for more than 2 years then you can no-longer claim travel and subsistance costs. Location is very broad, so 12 months with one London Client followed by 18 Months with another London Client would be caught by this rule (30 months in one location). If the commute doesnt fundamentally change (Next Client is in Leeds for example) then the rule applies.
Other than that there are no restrictions on how long you can contract with the same client, nor is length of engagement an indicator of your status under IR35.
There is such a service in place.
FCO Services ( the services division of the Foreign Office) provides and supports a formally Accredited application services platform that includes Office 265, delivered via the PSN and Internet specifically for use with material that may need delivering to out of the way places and embassies in countries that may be somewhat less than respectful of our National Security. Or simply for handling more sensitive material at home.
Re: the previous posts - ANPR
No, a vehicle of interest is one that has been reported stolen has previously been associated with criminal activity, or is connected to a known or wanted individual. There is no link between the ANPR database and the DVLA systems for tracking registration, MOT etc. If a vehicle is stopped these can be manually checked or they can be checked if a vehicle is reported for other reasons.
Re: the previous posts - ANPR
You might want to have a read of this then.
"How it works
As a vehicle passes an ANPR camera, its registration number is read and instantly checked against database records of vehicles of interest. Police officers can intercept and stop a vehicle, check it for evidence and, where necessary, make arrests. A record for all vehicles passing by a camera is stored, including those for vehicles that are not known to be of interest at the time of the read that may in appropriate circumstances be accessed for investigative purposes. The use of ANPR in this way has proved to be important in the detection of many offences, including locating stolen vehicles, tackling uninsured vehicle use and solving cases of terrorism, major and organised crime. It also allows officers’ attention to be drawn to offending vehicles whilst allowing law abiding drivers to go about their business unhindered."
Re: the previous posts
The 2007 attacks on Estonia were in 2007. That's 8 years ago now, and since then there has been no similar incidents affacting that country. Lessons were learned from those attacks, not just in Estonia but accross NATO. Estonia now hosts the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE). In the last 8 years Estonia's digital society has survived and prospered, it has not resulted in the loss of services or other disruption.
ANPR in the UK only provides information on vehicles that are already flagged as being "of interest" to the Police. If they stop a vehicle that is not already on the system they have to request a specific check be carried out before they can take action. This means multiple calls to DVLA, Insurance Companies and others. The Estonian System is real time, see the number plate, check the records, take action.
Estonia didnt start with a clean slate, they started from the same position as most other European governments, including the UK. What they did was deliver what UK politicians have been promising and failing on for years. To take the disparate government systems and integrate them in such a way that data exchange becomes a practical and realistic proposition. There was no rip and prelace process, they used middleware technology and services to allow them to communicate in a meaningful way as well as delivering brand new services such as the e-ID system. It worked becasue they had clear principles from the outset and they stuck to them.
All of this is possible, what it takes is political vision and the will to follow it through. Having a proper understanding of delivering public IT systems and being able to properly run procurement and contracts would help as well. Sadly successive UK governments seem to be unable to do any of these things.
Expect to see the Cabinet Office FLEX contract with Fujitsu extended as well. It's bad enough actually getting them to do anything now, let alone when they are told to start handover.
... what was the point of this article?
It's not about the technology
It's about the contracts and procurement processes.
Govt. procurement is simply not up to scratch when going up against the big suppliers. Their commercial and contracts people are far more experienced and far better at negotiating contracts that the civil servants are. This is why you end up paying for decommissioned sites because no-one thought to put in a clause to the contract that meant you didn't have to pay for stuff you didn't use any more.
It's the same across the board. Look at the excesses of MoD spending caused by badly drafted contracts. Or spending on NHS supply contracts rather than IT.
Don't see the problem
Anyone dumb enough to try and use one of these is more likely to kill themselves than anyone else, thus removing themselves from the gene pool. Job Done.
Missing the point
Those pointing out how smart they were about renewing early etc are missing the point. The old system worked very well and had done so for number of years. Even if you left it to the last minute it was one of the few Gvt. services that could be relied on to work when you needed it.
Whatever the fucktards at GDS did, they broke what was previously a perfectly good service.
"...and GDS, a state IT contractor largely staffed by web designers."
Oh come on, that's being most unfair to web designers.
Do I actually have to talk to anyone...
or can I just drink the free beer?
Re: end customers haven't pulled their heads out of their arses
Except they aren't.
Rule one only applies when your customer can go elsewhere. Like it or not, there are no practical alternatives for enterprise class operations who want to maintain continuity for their desktop environments. Despite all the discussion about porting to Linux or use of VM's or compatibility modes etc, in practical terms these are as much if not more work to implement in the current timescales than going down the MS upgrade path.
Realistically, if you wanted to get of the Windows merry-go-round you should have started planning the jump 5 years ago when MS extended the end of life to 2014. You'd be about ready by now if you had.
As far as MS are concerned in this, Rule One can go screw itself.
You can whinge all you like about whether MS is right or not to do this, it doesn't change the fact that they are doing it. They told the world they were going to do it, gave the world an extra FOUR YEARS to deal with it and now everyone is getting all upset that they are actually doing what they said they were going to do 12 years ago.
The numbers of XP desktops out there, still in daily production use indicates that the IT world has had it's head up it's collective arse the whole time.
Whinging about it and claiming the customer is always right is just the verbal equivalent of ramming it that bit further up there, when push comes to shove you're still going to end up eating shit.
Re: That has got to be embarrassing for Microsoft
This isn't embarrassing for MS at all.
They announced end of life of XP in 2002. 12 Years ago. They refreshed the date in 2008, 6 years ago. The only people this is embarrassing for are the ones who have sat on their hands for over a decade and done nothing to plan for the change.
2002 - Windows XP EOL announced as 2010
2008 - Windows XP EOL extended to 2014
2009 - Windows 7 released
2011 - Windows 8 released.
2014 - Windows XP EOL.
So EOL on XP was announced 7 years before Windows 7 was released and Win8 hadn't even been announced. Windows 7 has been available for 5 years and Windows 8 (for all it's issues) has been available for 3 years.
So again, how exactly is it embarrassing for MS that end customers haven't pulled their heads out of their arses and done something about it in spite of having 12 years to plan for it?
Doesn't even take 10 minutes
It's an automated build process, you did the work for them by ticking the box.
It's not about techniology, it's about risk.
The "problem" comes down to one of risk management. What is the risk to the assets involved versus what access to those assets is worth to the organisation and what it would cost them should they be compromised.
Once you have an understanding of the risks and costs you can start to look at mitigating those risks and the cost of mitigation versus value of the assets and the benefit of allowing mobile access.
In technology terms the solutions are already out there, the question is; do they provide a sufficient reduction in risk to justify the expenditure against the business benefit?
Nice idea but lacking one thing
If I plug my MacBook into one of these I can't use the screen, only my desktop monitor. FIne if you only ever use one display, but not so great for those of us who run the MacBook acreena nd a seperate monitor as well.
It's not him
Mercedes is a girls name.
If it is....
Then they are going to have their work cut out. According to the Anonymous IRC twitter feed they have over 20k accounts closed so far.
Re: How crooks make money from this.
This isn't a case of opportunist hackers this is serious organised crime getting involved.
It works because anyone can apply for a carbon trading account subject to some basic, but it seems easily faked, background checks.
The mechanism is that they will compromise a legitimate trading account and transfer the carbon certificates to one or more compromised accounts or companies in another countries. Most have been in the former eastern block countries. They end up in a dummy which is then used to sell the certificates on the open spot market and the resulting cash siphoned off.
Because the only identification on the certificates is the serial number, and the only way to check ownership is to go back to the original issuing body and follow the trail of trades associated with those certificates traders assume that ownership is proof of legitimacy. Once the certificates have been stolen the thieves disappear with the cash. The whole issue is compounded by the fact that in a number of jurisdictions there is no requirement for the purchaser to return goods when they are shown to have been stolen.
By the time the whole mess is sorted out, ownership proved and the trades traced the perpetrators are long gone.
Rightly or wrongly
the carbon trading market is a reality. What is also a reality is the laughable levels of security in place around what is a multi-million Euro market.
Account security it limited to a pre-generated user ID and passwords on a 90 day expiry. No tokens, no additional verification of identity, just a simple account that lets you trade millions of carbon certificates. Apart from a rather perfunctory plea not to answer phishing emails there is no further advice on the registry website on securing the accounts or managing access.
For something this valuable ( Holcim Romania lost something in the region of 20M Euro ) you'd think they could put in some decent security or at least offer advice to their account holders.
Easy to do without the sugar and icecream.
Same glass but fill with crushed ice first.
Brown or Green booze in first ( Tia Maria, Kahlua / Midori, Creme de Menth)
The Ice makes it easier to layer up the drinks and adds some texture to the whole thing.
Slice of Lemon for the sun and a straw. Then drink. Carefully.