Long term readers of this blog may remember our (and everyone else’s) piece in June 2014 regarding the FIFA faux pas in which a photo was released of a very smug FIFA official standing in front of an operations centre screen bank, which displayed the private FIFA SSID and Password (WORLDCUP, b5a2112014)? If you missed the story you can refresh your addled brains here.
Clearly they must be putting something in the Gin (apart from more Gin) at the Houses of Parliament because this week we have seen a flurry of inadvertent disclosures from our elected representatives.
Leaving the matter of Keith Vaz, who it turned out didn’t get away with his claim to a pair of rent boys that he was a washing machine salesman, having been in the public eye and frequently in the press for alleged misdemeanours for years aside, two less salacious, but equally unfathomable breaches have surfaced.
The first, a reasonably common mistake and therefore inexplicable, was the Government’s plans for the radical return of Grammer Skools, to be announced today, being spotted inadvertently by the high powered lens of a newspaper photographer standing outside No. 10. Where they always stand.
This has now happened so many times that you really have to wonder if these people receive any awareness training, possibly the best ally of security, whatsoever?
You can read about it here.
The third incident, and one a lot closer to home and even closer still to the FIFA incident, was the publication on the Labour leadership candidate Owen Smith’s Twitter feed, of a photo of the man himself in inspirational action in front of a whiteboard, which you guessed it, has the username and password of the team’s systems (telephone bank apparently) on it. This is the man of course who recently accused his opponent Jeremy Corbyn of being incompetent.
Read all about it here.
There really is no substitute for awareness and common sense is there?
On a more technical front although in true Groundhog Day fashion, a throwback to our May blog: There be venomous snakes in them there clouds, the Xen project, a provider of open source virtualisation solutions has released patches to protect against very serious vulnerabilities in its code which could lead to the underlying platform being taken over or crashed by a malicious host, or privilege escalation by a user account.
This is the second time in three months that Xen has patched issues and we wish them well with the on-going fight against nasty old code!
You might not run Xen internally, choosing to submit to the extortion of some other virtualisation providers we could mention, however if you use branded cloud services that aren’t on Azure or AWS (which are unaffected) you should ensure that your providers, if they are running Xen (that would be nice to know anyway), are appropriately patched.
The boys and girls at ITC would be happy to assist you with everything from user awareness training through to patching the kernel of your VM code. Please contact us at: 0207 517 3900 or email [email protected].