MI5 - e-mail Cock up AGAIN
MI5 terror alert blunder sends private data to US mailshot firm
By JASON LEWIS - Mail on Sunday 13th January 2007
Confidential details sent to MI5 by thousands of individuals and businesses have ended up with an American company specialising in supermarket mailshots.Screams the Mail - well ...er this was broken by Lord Patel ... see here
The security service's new email early warning system was designed to reassure the public in the wake of the July 7 bombings and the disclosure of a string of failed terror plots. blah, blah, blah
10.00 am Tuesday January 9
MI5 - email alert system announced and will be up and running - er.... real soon now
Wednesday, January 10
MI5 e-mail alert fuckup - all the gory details of their incompetence
with all the technical details obtained by the excellent Spyblog.
If you want the news read the blogs .. if you want the really old news read the Sunday papers.
Dame Eliza - Manningham Buller (pic BBC) is 65.(and that is only round the waste)
Spyblog has updated the story today Sunday, here
It appears that the system has silently been changed and apparently (?) made more secure...
1. Anonymous registration is possible - using an alias, webname etc.,
2. A Security advice has been added to the instructions ...
"Security Your subscription details will be sent over a secure Internet connection via a Secure Socket Layer (SSL), a protocol used for secure communications over the Internet. Web addresses that begin with "https" indicate that an SSL connection will be used."
3. The e-mail list sign up web form seems to be handled by :
https://mi5.h0st.biz/xdata.html
(Note points out Spyblog that replaing the vowel o as the digit 0 in "host" is a trick od spammers, phishers etc.,) This is on a Mailtrack host which has whimsical hosts named after Lord of the Rings avatars - Merry, Elrond, Arwen, Cirdan etc.
4. This seems to have started from the date of the hastily obtained Digital Certificate ;-
Valid from:
11/01/2007 00:00:00
(11/01/2007 00:00:00 GMT)
i.e. on Thursday 11th January - 2 days after the launch of the MI5 e-mail list subscription service, and after the initial Spy Blog article, but before, say, The Register reported it more widely.
5.Subscribe and you will get this ...
MI5 E-Mail Lists - Subscription Verification
Thank you for submitting a request to subscribe to our mailing list(s).
We will send you an e-mail in the next few days asking you to click on a link to verify your subscription request.
All this suggests Spyblog suggest a manual check or perhaps a buffer whilst they sit round wondering what to do next, give up ? Do the job better ? Do the job properly ?
Spyblog also asks what has happened to the data they have already collected ? How will anyone know - if these stumblebums cannot set up such a simple service properly first time round.
As for the Mail who give no credits to Spyblog who alerted the world to the actual details - enabling them to harass Mr & Mrs Geller (who is Iranian so self evidently a spy / terrorist) of WhatCounts.com who handled the work in the US originally and appear to have been dumped -not that the Mail no Sunday tell you that.
... you could of course go to the Observer / Guradian you have a headline about MI5 ...
MI5 braced for fresh 7/7 disclosures
Security services listed Tube bombing ringleader Khan as a 'desirable suspect' a year before the attack.
The story is a lot of bollocks but again MI5 and the lovely corseted Liza are in the firing line AGAIN. If you cannot stand the heat in the kitchen ... but then that's Liza's problem , she can't keep out of the kitchen.
Does that make you feel safer ?
1 comment:
"If you want the news read the blogs" ... trying to follow a breaking story in the MSM is painfull compared to the blogosphere.
Post a Comment