Wednesday, 29 July 2009

IT Trubs

A while ago I noticed that there were hints of IT security trouble up at t'mill but I couldn't find anything concrete about it. There were a couple of references to confidential reports in meeting minutes but no detail because the public were excluded.

A little bit has come out now via a report to the Audit Committee although some of it has been kept confidential.

Apparently 14 areas of high level of risk were identified of which 4 remain. The report reveals that NCC were caught by the Conficker virus (although not as badly as Manchester City Council as the report falls over itself to point out). Perhaps most seriously, a new security manager identified a serious flaw in the credit card payments system that could have resulted in a fine and/or the loss of the ability to take credit card payments if it hadn't been addressed. The report doesn't describe the nature of the lapse but any combination of the words 'security lapse' and 'my credit card details' would be enough to give me the heebie-jeebies.

Apparently they've sent the IT team on some training as well. Which is nice.

Update; Found an earlier report describing some of the fallout of the Conficker infection here. Some of the cost was due to a need to replace 350 computers at a cost of £185k because they were too old to apply the MS Malicious Software tool and other anti-virus gubbins. This probably gives you a clue as to how old these machines were.


Nick B. said...
This comment has been removed by the author.
Nick B. said...

Back in 2003 there was a lot of excitement in the Linux media beacuse they had implemented a Linux based email system. Not sure if they still have that or if they've moved back to M$ these days.

Andy said...

When I was at NCC we had something called Horde which was email and a diary system. It was shit. To make matters worse they would only give me an inbox capacity of 25MB. Yes, that's MB, not GB. And I was a manager.

Unfortunately others in the council seemed to have access to better systems, including my shit for brains boss who thought nothing of sending me 10MB attachments thus putting my email out of action for the day.