GossiTheDog, 10 months ago

deleted_by_author

maddler, 10 months ago

@GossiTheDog used to be set foreground+background color to black before. They're improving.

Cjust, 10 months ago

@GossiTheDog Gotta make sure you change that text color to white as well - "Defense In Depth™: and all that.

bornach, 10 months ago (edited 10 months ago)

@Cjust @GossiTheDog

Always redact with a black rectangle on top of the text using the built-in feature of a multi-layered document format such as PDF. What could possibly go wrong?
https://www.schneier.com/blog/archives/2005/05/pdf_radacting_f.html

philbetts, 10 months ago

@GossiTheDog but nobody would EVER think to View Source! 😅

katrintheresa, 10 months ago

@GossiTheDog 🤣🙏

dianshuo, 10 months ago

@GossiTheDog not using the advanced white text on white background option I see.

ExcelAnalytics, 10 months ago

@GossiTheDog
For advice they should have listened to, see the UK ICO guidelines on disclosing data safely. Describes most of the ways to fail as well as what to do.

epistatacadam, 10 months ago

@GossiTheDog in case you're not aware of it, The NHS thinks Excel is a database package, and regularly send patient data in ",XLSx" format perhaps with a password.
If you recall the problem with COVID reports was the numbers were too big.... So the list exceeded the number allowed in a spreadsheet....
It's actually MS fault, they claim it can be used as a database package.

Time the NHS went fully open source and stopped paying extortionate licence fees for unsuitable packages....

bytebro, 10 months ago

@GossiTheDog <head-slap> You're shitting me, right? Actually clients do this to me all the damned time. I normally export a spreadsheet to tab-sep for ease of processing, and they 'hide' all kinds of shit that way which is then entirely visible.

Dtraslerwriting, 10 months ago

@GossiTheDog They just got used to leaving the management of cells to G4.
(Old joke about contract security in UK policing.)

zozo, 10 months ago

@GossiTheDog they WHAT

BenRattigan, 10 months ago

@GossiTheDog or they’re using 19 yr old IT apprentice as their DPO.

thomasfuchs, 10 months ago

@GossiTheDog ACAB includes Excel

GossiTheDog, 10 months ago

deleted_by_author

BenRattigan, 10 months ago

@GossiTheDog @thomasfuchs it made me laugh earlier on R4 when they stated that the chief constable is bringing cyber experts in to find out what went wrong.

RobertJackson58585858, 10 months ago

@GossiTheDog

My first lesson on spreadsheets came before I ever used one myself. A colleague back in the early 90s printed off a set of figures in columns with cross casts and column totals.
I was supposed to sign it off and put it in the post to another department.
But I checked the additions with a calculator and they didn't add up.

A line had been squeezed out of sight.

Colleague never got trusted with anything again.

sbourne, 10 months ago

@GossiTheDog @neurovagrant Kinda cute, like my cat "hiding" under the sofa but her tail is poking out and lashing back and forth.

tryst, 10 months ago

@GossiTheDog With the exception of the Met and maybe GMP, our police forces can't afford to hire and retain cyber security specialists, or even a security management programme beyond train and blame. All of this is the inevitable consequences of 13 years of deliberate underfunding.

sgf, 10 months ago

@GossiTheDog Given the lack of details, I guess it could be undo history, too?

There are good reasons to export potentially sensitive data in transparent/text-only formats where possible!

beecycling, 10 months ago

@GossiTheDog
'They said the data would not have been "immediately obvious" and anyone who had received the FOI response would have "needed to know how to access the information".'

So anyone who knows anything beyond the absolute basics about Excel and can unhide columns or sheets? Cool cool cool cool cool cool cool.

rosorrentino, 10 months ago

@GossiTheDog this explains why UK authorities are trying to push the end of encryption. They just don’t understand data security.

mobbsy, 10 months ago

@GossiTheDog It was quite noticable that the PDF of the redacted MoD accident report published recently ( https://www.gov.uk/government/publications/service-inquiry-into-the-loss-of-f-35b-lightning-zm152-bk-18 ) was a scanned copy of a paper document, taken after the redaction.

I assume that was a procedural step to ensure effective redaction and avoid the sort of leak you get from releasing digitally redacted documents (as the police attempted here, incredibly badly).

cloudedjudge, 10 months ago

@GossiTheDog a few years ago in Belgium a TV crew went filming in a police control room for a feature about ANPR cameras. They accidentally caught on video a computer screen with the username and password taped to it. All the subsequent articles about how stupid this is and how the police should know better hadimages of the computer screen but the password blurred out mainly because no one really trusted that the police had bothered to change the password.

hello_buckers, 10 months ago

@GossiTheDog Source with more info: https://www.belfasttelegraph.co.uk/news/northern-ireland/psni-apologises-to-officers-and-civilian-staff-after-major-security-breach/a1823676448.html

sean, 10 months ago

@GossiTheDog

Thank you - earlier reports hadn't made the source of the "breach" clear.

I like the way they say there is "nothing to suggest" it had been accessed ... It's not like they are tracking access!

It's like walking around town with your zipper undone all day and saying there is nothing to suggest anyone saw it.

losttourist, 10 months ago

@GossiTheDog I'm starting to think that the police might not be very good at complying with the laws around data security

(or most other laws, for that matter)

maddler, 10 months ago

@GossiTheDog one more?