 |  |  |  |  |  |  |  |
Has VFS learned its lesson following DaniWeb UK visa security expose?
Last year I exposed a security breach involving the online collection of applications for visa documents allowing Indian citizens to visit the UK, an expose that ended up with the UK government itself being found guilty of breaking the Data Protection Act and which kick-started something of a sea change in the way that such online applications are handled. You might think, therefore, that the company at the heart of that scandal would have cleaned up its act when it came to security. Unfortunately, communications with a former VP responsible for business development at VFS suggests otherwise.
Suprit Roy used to be responsible for new project rollouts at VFS before resigning from the company on 10th December 2007. He claims that the whole visa application database security scandal was caused by an underlying lack of commitment to enforcing discipline, standards and ethics at a senior management level. "It was only after your expose got broadcast on Channel 4 and the FCO sent in Independent Investigator Linda Baker-Costelloe that the company acted reactively to enforce some IT security practices" Roy says. He also says that despite this, not enough has been done at the most basic levels of security and cites his own corporate email account as evidence.
Most companies which not only understand security issues but take them seriously are quick to act when any employee leaves, let alone someone of VP status, to sanitize the email account associated with them. There are plenty of methods that fall within best practice to ensure that incoming corporate email is forwarded to another account without leaving access open to the ex member of staff. However, Roy claims that when speaking to a former colleague this weekend it was revealed in passing that his former official email account continued to be live within the company system. Using the Outlook Web Access browser to enter his user name, Roy discovered this to indeed be the case.
So why is Roy telling us this? Certainly there seems to be a certain amount of antagonism in his parting from VFS. He readily admits that he "left the company in disgust because I felt that the top management was unwilling to enforce the discipline and best practices required to run a business in an ethical manner." Yet whatever his motives, it does seem to reveal another apparent lack of regard for basic security principles within VFS. It also exposes the kind of problem which is all too often assumed to be of so little importance that it does not matter within the grand scheme of things. Truth be told, security and confidentiality and ethics are all wrapped up together and should be treated with the same level of respect no matter how big or small the particular issue at hand. Being sloppy with the small sketches has a nasty tendency to indicate that the bigger picture is not being drawn with a sharp enough pencil either…
Suprit Roy used to be responsible for new project rollouts at VFS before resigning from the company on 10th December 2007. He claims that the whole visa application database security scandal was caused by an underlying lack of commitment to enforcing discipline, standards and ethics at a senior management level. "It was only after your expose got broadcast on Channel 4 and the FCO sent in Independent Investigator Linda Baker-Costelloe that the company acted reactively to enforce some IT security practices" Roy says. He also says that despite this, not enough has been done at the most basic levels of security and cites his own corporate email account as evidence.
Most companies which not only understand security issues but take them seriously are quick to act when any employee leaves, let alone someone of VP status, to sanitize the email account associated with them. There are plenty of methods that fall within best practice to ensure that incoming corporate email is forwarded to another account without leaving access open to the ex member of staff. However, Roy claims that when speaking to a former colleague this weekend it was revealed in passing that his former official email account continued to be live within the company system. Using the Outlook Web Access browser to enter his user name, Roy discovered this to indeed be the case.
So why is Roy telling us this? Certainly there seems to be a certain amount of antagonism in his parting from VFS. He readily admits that he "left the company in disgust because I felt that the top management was unwilling to enforce the discipline and best practices required to run a business in an ethical manner." Yet whatever his motives, it does seem to reveal another apparent lack of regard for basic security principles within VFS. It also exposes the kind of problem which is all too often assumed to be of so little importance that it does not matter within the grand scheme of things. Truth be told, security and confidentiality and ethics are all wrapped up together and should be treated with the same level of respect no matter how big or small the particular issue at hand. Being sloppy with the small sketches has a nasty tendency to indicate that the bigger picture is not being drawn with a sharp enough pencil either…
Similar Threads
- Code Snippet: Expose and Rehide a Hidden Partition (C)
- vfs:unable to mount root fs on unknown block(8,7) (*nix Hardware Configuration)
- Expose feature like OS X (*nix Software)
- A lesson learned in time (Geeks' Lounge)
- Expose' not working and ...... (OS X)
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Network Security Posts
- Today's Posts
- Unanswered Threads
advertising age amd apple avatar bluegene botnet browser business cellphone censorship china chips copyright crime daniweb data database development dos downloads economy email encryption energy enterprise europe facebook firefox gadget games gaming gmail google government hacker hacking hardware ibm ibm.news intelibm internet iphone ipod itunes law legal linux mac malware marketing medicine memory microsoft mobile mozilla music news openoffice opensource os pc phishing piracy porn privacy ps3 recession redhat report research russia search security sex socialnetworking software spam sun supercomputer supercomputing survey technology trends trojan twitter ubuntu uk video virus vista web windows windows7 working worm x86 xbox yahoo youtube
