Breach at UK.gov's Cyber Essentials scheme exposes users to phishing attacks The operation behind the UK government's Cyber Essentials scheme has suffered a breach exposing the email addresses of registered consultancies, it told them today. The scheme's badges are required by suppliers bidding for "certain sensitive and personal information-handling [government] contracts". Companies were notified of …
Who accredits the accreditors?
.. and who holds them to reasonable compliance with security and privacy standards?
These .org.uk people run a mailserver in the US.
That's the whole idea, the song was Ironic in that it didn't have any irony just bad luck etc..
You could also argue that you're so vain by Carly Simon was ironic because the song was in fact about them.
Ring-a-Ring-of-Roses could also be ironic in that it's a nursery rhyme for young children about the black death.
There's also a fine line between irony and sarcasm.
I read that initially as the Morissey scale.
Which ranges from "I'm mildly upset" to "I'm writing songs for people to top themselves to". With very little between the two extremes apart from a bit of "No-one else appreciates my narcissism".
(Not a fan. I liked the music, just not the depressing lyrics or the haphazard way they were delivered)
The comment (below) that is included in the main article is irrelevant and just plain daft because every company passing the Cyber Essentials scheme (IASME or otherwise) have their details published on the web anyway. Go to any of the main accrediting bodies and you'll see this. It's freely available information.
"We paid to be audited and registered with the UK Govt Cyber Essentials scheme, in order to be able to do business with govt organisations," one affected worker told El Reg. "Turns out that the info has been leaked, which I guess means that someone now has a list of companies that work with the govt."
"We would like to make it clear that the security of the assessment platform has not been compromised. Your account, the answers you provided in the assessment and the report you received are secure. No information other than your email address and your company name was accessible to the third party."
Translated: "Pay no attention to that shoe hanging in mid-air."
First it was your email address and the company name. Then it was revealed it was email, company and originating IP address. Next (of course) it's email, company name , IP address and exactly what service you provide,... then (just to keep each blow from getting to overwhelming) it's, well, email, Company name, IP addy, specific service and the project manager's significant other's maiden name,... and then...
A company representative said "the researcher involved may have earned himself a bug bounty if he had approached the company directly".
The researcher "may" have earned a bounty, not "would" have earned a bounty. Any bounty would likely be more of a trap than a reward: "here is a $1 so that we can sue you to oblivion for violating a contract to never reveal this happened".
"Aren't these supposed to be clever spooks?"
Indeed they are. But all the spooks I've met (a few) are just as human as the rest of us. Forget to lock the house, argue with spouse, shout at children, forget to change the password, promise to fix the config sometime soon, have a list of bugs to fix sometime soon, get distracted...
This post has been deleted by its author
1. Professional disclosure, inform so they can make good, no disclosure thus not professional.
2. Seems to be off the back of Pervades OpIndex tool publicity, so likely to be a TOR user = dubious, I wonder if TOR was used in the attack/research.
3. All the information is in the public domain anyway
4. Any further research/attacks on those listed will just add to balance that script kiddie researchers like this are just malicious. (some are white hat, and are doing good, for the better of us all)
IASME/Pervade/Certification Bodies have informed the clients that were listed = Professional ethical behavior.
Businesses doing Cyber Essentials i.e getting the basic right, now have good reason, as this case proves, on the internet no one knows your a dog and the more that get muzzled the better.
AnonCow
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
