Got something to say or just want fewer pesky ads? Join us... 😊

[News] Post Office Scandal -







FamilyGuy

Well-known member
Jul 8, 2003
2,531
Crawley
Just to put some context around the remote access comments. I've been in the IT game 25+ years and every system I've ever seen has some sort of remote access. If you phone up your insurance company within minutes someone at the other end can pull up your details, access your account, refund you money etc. The principals of this would be no different.

The questions that need asking who be what were the access, security, processes and procedures around this? The remote access thing is a red herring in my view.

Sorry, back to the stoning everyone
I too was in "the IT game" but for over 40 years.
There is a huge - and auditable - difference between a development/support team having access to a system, and the same people being able to change data on the system.
The former is logical and beneficial, the latter is open to fraud, is unauditable and is probably illegal in many cases. It is definitely suspect and is something that should never be part of the design of a system.
Any and all adjustments to data on a system should and must be controlled, approved, audited, reported and documented.
 


fly high

Well-known member
Aug 25, 2011
1,795
in a house
I too was in "the IT game" but for over 40 years.
There is a huge - and auditable - difference between a development/support team having access to a system, and the same people being able to change data on the system.
The former is logical and beneficial, the latter is open to fraud, is unauditable and is probably illegal in many cases. It is definitely suspect and is something that should never be part of the design of a system.
Any and all adjustments to data on a system should and must be controlled, approved, audited, reported and documented.

This BBC report which suggests data could be changed remotely, something the PO went along with & lawyers knew about even as they sent people to jail.
 








Iggle Piggle

Well-known member
Sep 3, 2010
6,041
I too was in "the IT game" but for over 40 years.
There is a huge - and auditable - difference between a development/support team having access to a system, and the same people being able to change data on the system.
The former is logical and beneficial, the latter is open to fraud, is unauditable and is probably illegal in many cases. It is definitely suspect and is something that should never be part of the design of a system.
Any and all adjustments to data on a system should and must be controlled, approved, audited, reported and documented

I don't disagree with any of that. As I said, it's the processes etc around the system access that is the question.

Some earlier posts had made reference to the "secret rooms" and remote access. Both of these are highly logical in secure environments. Access to sensitive systems will be in secure areas and limited to those that need to be there. The system has to be accessed remotely for support by a limited number of vetted staff. I would expect both of those things in any normal large scale IT programme. They shouldn't be seen as a red flag in themselves.

If data can be changed without a change process or audit, then that is a completely different story. As an aside, I've watched some of the inquiry and I do find it interesting in itself how the legal system tries to get to grips with the complexity of how the system and corporate framework hangs together.
 


dejavuatbtn

Well-known member
Aug 4, 2010
7,624
Henfield
I too was in "the IT game" but for over 40 years.
There is a huge - and auditable - difference between a development/support team having access to a system, and the same people being able to change data on the system.
The former is logical and beneficial, the latter is open to fraud, is unauditable and is probably illegal in many cases. It is definitely suspect and is something that should never be part of the design of a system.
Any and all adjustments to data on a system should and must be controlled, approved, audited, reported and documented.
Yep, agreed. I worked in IT related departments and the only way to change data, other than a prescribed auditable process, was to change the raw data field on the system. This could only be done with a lot of blood letting and management control.
 


Super Steve Earle

Well-known member
Feb 23, 2009
8,976
North of Brighton
Can't believe so many lawyers and senior staff have such terrible memories. Terrible to the point that they must have been barely functional humans for the last couple of decades.
The human interest stuff at the moment is just awful. The Post Office seems to have employed the dregs of humanity in so many roles.
 




Westdene Seagull

aka Cap'n Carl Firecrotch
NSC Patron
Oct 27, 2003
21,585
The arse end of Hangleton
Can't believe so many lawyers and senior staff have such terrible memories. Terrible to the point that they must have been barely functional humans for the last couple of decades.
The human interest stuff at the moment is just awful. The Post Office seems to have employed the dregs of humanity in so many roles.
Supposedly some of the most intelligent and well paid professions yet every single one a liar with a poor memory. Think this shot of one of the PO's lawyers from today somewhat show's he knows he's been caught lying.

1714751464840.png


As an aside, if I ever need a lawyer I want Jason Beer - great name and even better lawyer.
 
Last edited:


Westdene Seagull

aka Cap'n Carl Firecrotch
NSC Patron
Oct 27, 2003
21,585
The arse end of Hangleton
I too was in "the IT game" but for over 40 years.
There is a huge - and auditable - difference between a development/support team having access to a system, and the same people being able to change data on the system.
The former is logical and beneficial, the latter is open to fraud, is unauditable and is probably illegal in many cases. It is definitely suspect and is something that should never be part of the design of a system.
Any and all adjustments to data on a system should and must be controlled, approved, audited, reported and documented.
Another IT lifer - and let's remember applications and data generally are kept separate with only the application having access to add, change or delete data and then only with detailed audit trails.
 


Seagull58

In the Algarve
Jan 31, 2012
8,651
Vilamoura, Portugal
I don't disagree with any of that. As I said, it's the processes etc around the system access that is the question.

Some earlier posts had made reference to the "secret rooms" and remote access. Both of these are highly logical in secure environments. Access to sensitive systems will be in secure areas and limited to those that need to be there. The system has to be accessed remotely for support by a limited number of vetted staff. I would expect both of those things in any normal large scale IT programme. They shouldn't be seen as a red flag in themselves.

If data can be changed without a change process or audit, then that is a completely different story. As an aside, I've watched some of the inquiry and I do find it interesting in itself how the legal system tries to get to grips with the complexity of how the system and corporate framework hangs together.
They had a secret room where people sat and changed data in the database directly without any audit trail. They denied that the room and the people existed. Jail time would be appropriate for the people in charge.
 






Bozza

You can change this
Helpful Moderator
Jul 4, 2003
57,549
Back in Sussex
I don't disagree with any of that. As I said, it's the processes etc around the system access that is the question.

Some earlier posts had made reference to the "secret rooms" and remote access. Both of these are highly logical in secure environments. Access to sensitive systems will be in secure areas and limited to those that need to be there. The system has to be accessed remotely for support by a limited number of vetted staff. I would expect both of those things in any normal large scale IT programme. They shouldn't be seen as a red flag in themselves.

If data can be changed without a change process or audit, then that is a completely different story. As an aside, I've watched some of the inquiry and I do find it interesting in itself how the legal system tries to get to grips with the complexity of how the system and corporate framework hangs together.
Every system for every large corporate I've been involved in had "back door" data update access and tools for support staff.

As you say - this is completely normal.

If these access methods didn't exist then when errors occur - and all systems contain errors - then there would be no way to address and fix the incorrect data caused by the system errors.

But, as you also say, this should be limited to a small pool of staff, be fully recorded and audited.

Observing some of the public and media outrage at something I'd see as entirely normal and expected has been interesting.

Pretending that this back-end data access did not exist is not OK though, obviously.
 


Westdene Seagull

aka Cap'n Carl Firecrotch
NSC Patron
Oct 27, 2003
21,585
The arse end of Hangleton
Every system for every large corporate I've been involved in had "back door" data update access and tools for support staff.

As you say - this is completely normal.

If these access methods didn't exist then when errors occur - and all systems contain errors - then there would be no way to address and fix the incorrect data caused by the system errors.

But, as you also say, this should be limited to a small pool of staff, be fully recorded and audited.

Observing some of the public and media outrage at something I'd see as entirely normal and expected has been interesting.

Pretending that this back-end data access did not exist is not OK though, obviously.
Not sure it's the public that is the issue - it's the PO execs and lawyers denying that there was ever access .... or at least that they never 'knew' about it. Equally, it should have been PCI-DSS compliant - unaudited backdoor access to the data is not allowed in a PCI environment.
 




Harry Wilson's tackle

Harry Wilson's Tackle
NSC Patron
Oct 8, 2003
56,733
Faversham
I heard someone employed by the PO today claim that a word file, documenting wrongdoing in 2010, that had been saved to a computer, could not have been saved by him because he did not know how to save word documents. At the time. As far as he can recall.

The people on R5 at the time reviewing proceedings were openly laughing at this.
 


Iggle Piggle

Well-known member
Sep 3, 2010
6,041
Pretending that this back-end data access did not exist is not OK though, obviously.
This is the bit I have maybe missed along the way. Has this been denied? I'm not saying it hasn't happened - and nothing surprises me with this anymore - but the environments I've been involved in have Cameras on the way in, cameras in the room, door controlled access, no windows, smell of farts and inhabited by people slowly losing their soul.

Denying the existence is foolhardy in the extreme. It would leave a footprint akin to pointing at the Amex and saying it's not there. It's such a weird thing to deny as no IT company would ever win a bid for this kind of thing without it.
 


Westdene Seagull

aka Cap'n Carl Firecrotch
NSC Patron
Oct 27, 2003
21,585
The arse end of Hangleton
I heard someone employed by the PO today claim that a word file, documenting wrongdoing in 2010, that had been saved to a computer, could not have been saved by him because he did not know how to save word documents. At the time. As far as he can recall.

The people on R5 at the time reviewing proceedings were openly laughing at this.
That was Jamail Singh - the Post Office LAWYER on the stand today. I'm not sure how stupid he thinks the rest of us are but the idea that a highly paid professional lawyer doesn't know how to save an MS Office file is farcical. The bloke is a grade A corrupt, lying cvnt.
 


Eric the meek

Fiveways Wilf
NSC Patron
Aug 24, 2020
7,478
I heard someone employed by the PO today claim that a word file, documenting wrongdoing in 2010, that had been saved to a computer, could not have been saved by him because he did not know how to save word documents. At the time. As far as he can recall.

The people on R5 at the time reviewing proceedings were openly laughing at this.
My money's on Jarnail Singh. More slippery than a pocketful of eels.
 








Albion and Premier League latest from Sky Sports


Top
Link Here