Subscribe to Mean Machines .NETNews FeedSubscribe to Mean Machines .NETComments

Browse > Home / Computers / Conficker is a lesson for MPs – especially over ID cards

Conficker is a lesson for MPs – especially over ID cards

April 1, 2009 by admin  
Filed under Computers

Leave a comment

Our legislators – and more particularly, those who run their computer networks – are getting a short, sharp course in computer security A trio of news pieces for you. The Conficker worm has got into the Houses of Parliament's network and infected computers there. MPs have been told, in a written answer , that use by them of PGP, the commercial encryption system, is "not recommended" on the parliamentary network because it is "not compatible" with its current VPN (virtual private network). And, as I write, the database of MPs' expenses is being hawked around to newspapers, for a high price. If you needed any evidence that our legislators, and more particularly those who run their computer networks, are getting a short, sharp course in computer security, then those bits of information on their own would be enough. Let's start with the fact that any computer that could connect to the parliamentary network was actually able to be infected with Conficker. That's a double failure: first, the machine (a Windows PC, obviously) didn't have its Windows Update system turned on. That means that it's either running a version of Windows XP pre-SP2 (when Windows Update was turned on by default), or that it's one of those accursed "enterprise-­managed" machines, where the admins don't like keeping them up to date because it can break custom programs. (Ignore the fact that your system is insecure; updating it is so much more hassle. Until you get hit, and learn just what hassle really is.) But let's be generous. Let's assume it was a researcher's machine or infected USB stick, rather than an internet connection to the network, that brought Conficker in. But that implies a second failure at the network layer: that whatever antivirus system was running didn't detect Conficker, and so didn't protect the rest of the network against it. MessageLabs, part of Symantec, supplies the network security for the parliamentary network. Explanations for how this happened are thin on the ground – in fact, nonexistent – despite numerous requests for enlightenment from the media to both PICT (the parliamentary information and communication technology department) and MessageLabs. I'm sure people are trying to work out who is going to be hung out to dry for this one, and it's a safe bet that MessageLabs and PICT are fighting like cats in a bag to make sure the other one shoulders the blame. If I were a backbench MP, I'd feel worried by this development

Read the rest here:
Conficker is a lesson for MPs – especially over ID cards

Share and Enjoy:
  • StumbleUpon
  • Digg
  • MySpace
  • del.icio.us
  • Facebook
  • Google
  • Furl

Tags: , , , , , , , , , , ,

Comments

Tell us what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!