BenB
|
| posted on 20/8/09 at 12:16 PM |
|
|
OT: Aaaaaaaaaaaaaaaaaaaaaaaaaaaaah!
That feels better 
For my sins I'm the Caldicott guardian for my practice which means I have to do loads of ridiculous noddy style learning modules on data
security written by our wonderful government.
Isn't there a saying about people in glass houses?
At the end of the module I get to do an assessment where I have to second guess how stupid the person who wrote the assessment was!
Example
Q: Can websites be encrypted?
A: Yes- WRONG. Websites cannot be encrypted.
WTF? Are the suggesting it's completely impossible to encrypt the HD on a server hard disk or that HTTPS is a figment of my imagination?
Tosspots.
Another example:
If you are going to destroy the information on a DVD, what is the best method?
1) Password protect it
2) Recycle it
3) Shred it
Apparantly the correct answer is number 1..... There was me foolishly thinking that putting it through a cross-shredder is going to destroy it better
than a Word password  But apparantly not....
But happily I guessed how stupid they are so I get a poxy certificate to put in my shredder... sorry, I mean "Caldecott information file".
This stuff is worse than health and safety. 
|
|
|
|
|
scottc
|
| posted on 20/8/09 at 12:21 PM |
|
|
what a joke.
Hope this caldicott guardian stuff isn't practised any where important.
http://www.sotoconnect.com
|
|
|
Mr Whippy
|
| posted on 20/8/09 at 12:40 PM |
|
|
a quick check on google and it appears not
quote:
Just because a web page you are viewing is secure (that is, using HTTPS), DOES NOT mean that the data you enter into it, will be secure (encrypted)
when it leaves your computer and makes it way around the Internet.
linky
[Edited on 20/8/09 by Mr Whippy]
Fame is when your old car is plastered all over the internet
|
|
|
BenB
|
| posted on 20/8/09 at 12:43 PM |
|
|
quote:
Originally posted by scottc
what a joke.
Hope this caldicott guardian stuff isn't practised any where important.
Nah! It's only health care
|
|
|
cd.thomson
|
| posted on 20/8/09 at 12:44 PM |
|
|
whippy, the website itself is though
Craig
|
|
|
BenB
|
| posted on 20/8/09 at 12:44 PM |
|
|
I'm not saying that seeing HTTPS is a guarantee but their question was "can it". To which the answer has to be yes. If they asked
"does https guarantee security?" then it'd be no
quote:
Originally posted by Mr Whippy
a quick check on google and it appears not
quote:
Just because a web page you are viewing is secure (that is, using HTTPS), DOES NOT mean that the data you enter into it, will be secure (encrypted)
when it leaves your computer and makes it way around the Internet.
linky
[Edited on 20/8/09 by Mr Whippy]
|
|
|
vinny1275
|
| posted on 20/8/09 at 01:34 PM |
|
|
I used to work in IT for the RAF. We were rolling out a new network system which required pages and pages of changes to the registry, file
permissions, etc. There was also a section on BIOS security which detailed setting passwords, boot devices, etc., but nowhere did it say
"padlock the case shut so the reset bios jumper can't be used". Durrrrr.
|
|
|
richardh
|
| posted on 20/8/09 at 02:34 PM |
|
|
working on gcsx stuff myself and its mostly kak too
can sympathise
Time for a change!
|
|
|
Charlie_Zetec
|
| posted on 20/8/09 at 03:24 PM |
|
|
I work for a company specialising in data security/handling/eradication. Dealing with public sector and Governments, it's scary how little
people actually know about security aspects and levels surrounding sensitive information!
The only real people who have any idea are the MoD and other high-ranking organisations with protectively marked data (restricted, confidential or
secret).
Truth be told, I didn't know too much before I started my current job, but now I'm into the swing of things it really is scary! Shame I
can't tell you about some of the things that go on, but my job sort of depends on it!
Artificial intelligence is no match for natural stupidity!
|
|
|
fov
|
| posted on 20/8/09 at 06:36 PM |
|
|
For 1 it depends how you define website.
The code on the server can be encrypted and so can the transmition between browser and server.
For 2 thats just a crock'o shoite. Give me enough processing power and enough time and I will crack your file. OK in the real world its not
going to happen but it is possible in theory.
But a fully shreadded disk (into tiny bits) is not going to be recovered.
|
|
|
BenB
|
| posted on 20/8/09 at 07:36 PM |
|
|
quote:
Originally posted by fov
For 1 it depends how you define website.
The code on the server can be encrypted and so can the transmition between browser and server.
For 2 thats just a crock'o shoite. Give me enough processing power and enough time and I will crack your file. OK in the real world its not
going to happen but it is possible in theory.
But a fully shreadded disk (into tiny bits) is not going to be recovered.
And considering the software the NHS supply is all microsoft the commonest way people will password protect the file is with Word which is the
flakiest weakest form of encryption ever, and for which there are many off the shelf crackers available.
|
|
|
Ninehigh
|
| posted on 21/8/09 at 01:49 AM |
|
|
quote:
Originally posted by vinny1275
I used to work in IT for the RAF. We were rolling out a new network system which required pages and pages of changes to the registry, file
permissions, etc. There was also a section on BIOS security which detailed setting passwords, boot devices, etc., but nowhere did it say
"padlock the case shut so the reset bios jumper can't be used". Durrrrr.
Reminds me of that advert for the navy with the IT guy on the submarine "usually I just switch it off and on again"
Btw did you query how password protection can DESTROY a disc?
|
|
|
