LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > General
User Name
Password
General This forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!

Notices


Reply
  Search this Thread
Old 03-29-2019, 08:22 AM   #1
hazel
Senior Member
 
Registered: Mar 2016
Location: Harrow, UK
Distribution: LFS, AntiX, Slackware
Posts: 2,786
Blog Entries: 7

Rep: Reputation: 1445Reputation: 1445Reputation: 1445Reputation: 1445Reputation: 1445Reputation: 1445Reputation: 1445Reputation: 1445Reputation: 1445Reputation: 1445
Report on the security of .gov.uk sites


A team of security consultants have checked all .gov.uk websites for known CVEs. Of the 3220 registered domain names, 524 have unpatched vulnerabilities. To be fair, a lot of these sites belong to local authorities rather than central government, but one central site that was compromised belongs to the Criminal Records Bureau. It has 133 vulnerabilities!

The main cause seems to be the use of outdated software.
 
Old 03-29-2019, 09:19 AM   #2
TenTenths
Senior Member
 
Registered: Aug 2011
Location: Dublin
Distribution: Centos 5 / 6 / 7
Posts: 2,870

Rep: Reputation: 1153Reputation: 1153Reputation: 1153Reputation: 1153Reputation: 1153Reputation: 1153Reputation: 1153Reputation: 1153Reputation: 1153
Quote:
Originally Posted by hazel View Post
one central site that was compromised belongs to the Criminal Records Bureau. It has 133 vulnerabilities!
Was it actually compromised?

And what are the level of the 133 vulnerabilities?

For example, I've had a server that returns standard apache headers being marked as "vulnerable" during an audit as it "exposed software/version in use which may allow a targeted attack".

Oh, and I had another website marked as "Critical" as it "exposes the users debit card number". This was a website for a virtual debit card and the page was the page that allowed the user to view their "card" number for use online.
 
Old 03-29-2019, 09:30 AM   #3
hazel
Senior Member
 
Registered: Mar 2016
Location: Harrow, UK
Distribution: LFS, AntiX, Slackware
Posts: 2,786

Original Poster
Blog Entries: 7

Rep: Reputation: 1445Reputation: 1445Reputation: 1445Reputation: 1445Reputation: 1445Reputation: 1445Reputation: 1445Reputation: 1445Reputation: 1445Reputation: 1445
We don't know whether anyone has taken advantage of these vulnerabilities. It may be that no one has, in which case these are only potential problems. It may also be that we don't know how much information might have been stolen. Or someone knows but isn't telling.

I know I would feel safer if these sites were not using out-of-date software. After all, there is a difference between government sites and commercial ones. You don't have to use a particular commercial site if you don't think they are capable of looking after your data properly. With government sites you often have no choice.
 
Old 03-29-2019, 09:37 AM   #4
TenTenths
Senior Member
 
Registered: Aug 2011
Location: Dublin
Distribution: Centos 5 / 6 / 7
Posts: 2,870

Rep: Reputation: 1153Reputation: 1153Reputation: 1153Reputation: 1153Reputation: 1153Reputation: 1153Reputation: 1153Reputation: 1153Reputation: 1153
And conversely you may find that government sites are mandated to be accessible with old/obsolete browsers that may not support what is considered "essential" now, such as TLS1.2 etc. The fact that a website uses TLS1.1 will also be considered a "vulnerability" these days.

I'm always sceptical of these reports as business generating / publicity exercises for the companies doing the reporting.
 
Old 03-29-2019, 11:50 AM   #5
fatmac
Senior Member
 
Registered: Sep 2011
Location: Upper Hale, Surrey/Hants Border, UK
Posts: 2,886

Rep: Reputation: Disabled
Our Government is a shambles anyway......just look at the mess they are making of BREXIT!!!
 
Old 03-29-2019, 12:33 PM   #6
hazel
Senior Member
 
Registered: Mar 2016
Location: Harrow, UK
Distribution: LFS, AntiX, Slackware
Posts: 2,786

Original Poster
Blog Entries: 7

Rep: Reputation: 1445Reputation: 1445Reputation: 1445Reputation: 1445Reputation: 1445Reputation: 1445Reputation: 1445Reputation: 1445Reputation: 1445Reputation: 1445
Quote:
Originally Posted by fatmac View Post
Our Government is a shambles anyway......just look at the mess they are making of BREXIT!!!
It's not just the government! I have never seen such a shambolic parliament in my life. In order to determine what they actually wanted (given that they certainly don't want what Mrs May is offering), they were presented with a whole spectrum of possible alternatives from no deal to no brexit and they voted down every single one.

Do these people even know how to think?

Last edited by hazel; 03-29-2019 at 12:36 PM.
 
Old 03-29-2019, 01:03 PM   #7
cantab
Member
 
Registered: Oct 2009
Location: England
Distribution: KDE Neon, Ubuntu, Debian.
Posts: 548

Rep: Reputation: 113Reputation: 113
Remember, this is the country where the health system got crippled because hospitals were running Windows XP without any support or updates. In 2017. Nothing should surprise us.
 
Old 03-30-2019, 07:36 PM   #8
frankbell
LQ Guru
 
Registered: Jan 2006
Location: Virginia, USA
Distribution: Slackware, Ubuntu MATE, Mageia, and whatever VMs I happen to be playing with
Posts: 14,726
Blog Entries: 24

Rep: Reputation: 4115Reputation: 4115Reputation: 4115Reputation: 4115Reputation: 4115Reputation: 4115Reputation: 4115Reputation: 4115Reputation: 4115Reputation: 4115Reputation: 4115
This quote from Atrios (real name Duncan Black), a U. S. blogger that I have followed for years (and one who once taught at the LSE and has followed BREXIT closely), seems a propos: "UK politics has become a fun house mirror version of our own."

Last edited by frankbell; 03-30-2019 at 07:41 PM.
 
Old 04-01-2019, 11:07 AM   #9
cynwulf
Senior Member
 
Registered: Apr 2005
Posts: 2,229
Blog Entries: 5

Rep: Reputation: 1391Reputation: 1391Reputation: 1391Reputation: 1391Reputation: 1391Reputation: 1391Reputation: 1391Reputation: 1391Reputation: 1391Reputation: 1391
Quote:
Originally Posted by fatmac View Post
Our Government is a shambles anyway......just look at the mess they are making of BREXIT!!!
It has been a shambles from the decision to call a referendum, right through to the present day mess - all from a Tory party which is putting personal political ambitions first. Amazingly the majority of the public can't see it... even when a 1st class clown like Johnson, amazingly decided to back the deal once the Prime Minister's job was part of the bargain - such is the contempt for the plebs... (the contempt which started with the "x million for your NHS" b/s and certainly didn't end there...).

May is being portrayed as the poor victim who "can't do right for doing wrong" - in fact May is the chief architect of a mess of a deal which was cobbled together at the last minute and taken to parliament without any consultation with parliament, without consultation with DUP... and amazingly parliament are rejecting the deal again and again... just imagine that... it's a farce.
Quote:
Originally Posted by hazel View Post
It's not just the government! I have never seen such a shambolic parliament in my life. In order to determine what they actually wanted (given that they certainly don't want what Mrs May is offering), they were presented with a whole spectrum of possible alternatives from no deal to no brexit and they voted down every single one
Democracy is showing how inconvenient it can be, particularly to an invested, privileged minority who want to push through a broken Brexit deal at the 11th hour...

Last edited by cynwulf; 04-02-2019 at 03:51 AM.
 
Old 04-02-2019, 11:56 AM   #10
hazel
Senior Member
 
Registered: Mar 2016
Location: Harrow, UK
Distribution: LFS, AntiX, Slackware
Posts: 2,786

Original Poster
Blog Entries: 7

Rep: Reputation: 1445Reputation: 1445Reputation: 1445Reputation: 1445Reputation: 1445Reputation: 1445Reputation: 1445Reputation: 1445Reputation: 1445Reputation: 1445
Quote:
Originally Posted by cynwulf View Post
Democracy is showing how inconvenient it can be, particularly to an invested, privileged minority who want to push through a broken Brexit deal at the 11th hour...
Sorry but I can't see what's "democratic" about a parliament that can't make up its mind what it wants. Now if they had voted for canceling Article 50, we could at least have had a reasoned discussion about the differences between two models of democracy (direct/plebiscitary and representative/parliamentary) and what should be done when they come into conflict. But parliament has rejected that option along with all the others, which indicates to me a basic inability to think. If there is an invested privileged minority here, it is surely MPs as a whole.
 
Old 04-02-2019, 01:40 PM   #11
273
LQ Addict
 
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,187

Rep: Reputation: 2167Reputation: 2167Reputation: 2167Reputation: 2167Reputation: 2167Reputation: 2167Reputation: 2167Reputation: 2167Reputation: 2167Reputation: 2167Reputation: 2167
I'm not sure how to comment on this s will say heard that some uk.gov forms used to only be accesible to people using Abode software on Windows.
As I heard, the new government intranet rollout is being undertaken by people who don't know what removing DNs from a Windows network without removing them from DNS records means.
 
Old 04-03-2019, 03:32 AM   #12
cynwulf
Senior Member
 
Registered: Apr 2005
Posts: 2,229
Blog Entries: 5

Rep: Reputation: 1391Reputation: 1391Reputation: 1391Reputation: 1391Reputation: 1391Reputation: 1391Reputation: 1391Reputation: 1391Reputation: 1391Reputation: 1391
Quote:
Originally Posted by hazel View Post
Sorry but I can't see what's "democratic" about a parliament that can't make up its mind what it wants.
Then please define a "democratic" parliament? Given that a parliament is made up of many parties and independents, representing a diverse demographic, left, centrist and right politics and in many cases, different constituent countries of the United Kingdom and their individual (national) interests, then please elaborate on how a parliament can be expected to "make up it's mind" as a single entity?

Explain how a parliament, which consists of the Tories who threw away their majority in the 2017 election, Labour, SNP and others is every going to reach a consensus on an issue as divisive as this one? All as divided on this issue as are the general public as a whole...

In blaming the parliament, the MPs, you're perhaps missing the wood for the trees and buying into May's recent populist rhetoric expressed in a similar vein.

The "indicative votes", show clearly that there is no clear consensus and that the "deal", whatever form the deal may take, is not going to please everyone. Someone, likely a minority, whether it be hard line brexiteers, SNP, DUP, et al is going to get shafted, not to mention a large proportion of the population as a whole.

At the moment I see two strategies, being pursued simultaneously by different elements:

- Running down the clock and steering towards a customs union / single market solution (what May and co, plus many in Labour, Lib Dem, SNP, etc want and obviously favourable to business whom they represent)

- Unseating May / going for a hard brexit, by voting down the deal itself and every other compromise...
 
Old 04-03-2019, 06:20 AM   #13
ntubski
Senior Member
 
Registered: Nov 2005
Distribution: Debian, Arch
Posts: 3,429

Rep: Reputation: 1660Reputation: 1660Reputation: 1660Reputation: 1660Reputation: 1660Reputation: 1660Reputation: 1660Reputation: 1660Reputation: 1660Reputation: 1660Reputation: 1660
Quote:
Originally Posted by cynwulf View Post
At the moment I see two strategies, being pursued simultaneously by different elements:

- Running down the clock and steering towards a customs union / single market solution (what May and co, plus many in Labour, Lib Dem, SNP, etc want and obviously favourable to business whom they represent)

- Unseating May / going for a hard brexit, by voting down the deal itself and every other compromise...
I thought voting down everything was running down the clock. How are those two strategies different?
 
Old 04-03-2019, 08:04 AM   #14
cynwulf
Senior Member
 
Registered: Apr 2005
Posts: 2,229
Blog Entries: 5

Rep: Reputation: 1391Reputation: 1391Reputation: 1391Reputation: 1391Reputation: 1391Reputation: 1391Reputation: 1391Reputation: 1391Reputation: 1391Reputation: 1391
Running down the clock is the strategy used by May to force skeptics to accept the deal rather than risking no deal.

Voting down the deal is something else entirely...
 
Old 04-04-2019, 03:44 AM   #15
jsbjsb001
Senior Member
 
Registered: Mar 2009
Location: Earth? I would say I hope so but I'm not so sure about that... I could just be a figment of your imagination too.
Distribution: CentOS at the time of this writing, but some others over the years too...
Posts: 2,624

Rep: Reputation: 1317Reputation: 1317Reputation: 1317Reputation: 1317Reputation: 1317Reputation: 1317Reputation: 1317Reputation: 1317Reputation: 1317Reputation: 1317
Quote:
Originally Posted by cynwulf View Post
Running down the clock is the strategy used by May to force skeptics to accept the deal rather than risking no deal.

Voting down the deal is something else entirely...
Well it obviously isn't working very well, given she's asking for yet another extension from the EU. It looks like the "hard-line brexiteers" are voting down the deal to try and get a "hard brexit", and the others to try and get a "people's vote", or maybe a "softer deal/brexit", to me from what I can see from a far.

I guess the anti-brexiteers didn't think people would vote for brexit, and neither did the pro-brexiteers either. The consequence is that, nobody knows what to do now given brexit is exactly the way the vote went. I wonder how people would vote if they did hold a second "people's vote" ? It would be very interesting, somehow I suspect people might not want to leave the EU if they did hold another "people's vote", given the disaster that's unfolded.

In any case, the whole thing from start to finish, from what I can see, is one disaster after another. The other thing is that, if May is able to do a deal with the Labour party, then her party is screwed, and she's pretty well finished from what I can see. Glad I'm not living in the UK right now...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Is Linux incompatible with US Social Security Administration (ssa.gov) websites? GreyBeard Linux - General 5 04-30-2018 07:50 PM
Squid to block all the sites except 1 or 2 sites winxandlinx Linux - Networking 8 10-27-2010 02:53 AM
Client cannot open few https://.. sites i.e. secure sites rajeshghy Linux - General 1 11-02-2006 06:30 AM
LXer: Ibm works with gov't on open source security trial LXer Syndicated Linux News 0 04-27-2006 03:33 PM

LinuxQuestions.org > Forums > Non-*NIX Forums > General

All times are GMT -5. The time now is 04:55 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration