[News] Post Office Scandal -

Got something to say or just want fewer pesky ads? Join us... 😊

Register Log in






FamilyGuy

FamilyGuy

Well-known member
Jul 8, 2003
2,387
Crawley
Iggle Piggle said:
Just to put some context around the remote access comments. I've been in the IT game 25+ years and every system I've ever seen has some sort of remote access. If you phone up your insurance company within minutes someone at the other end can pull up your details, access your account, refund you money etc. The principals of this would be no different.

The questions that need asking who be what were the access, security, processes and procedures around this? The remote access thing is a red herring in my view.

Sorry, back to the stoning everyone
Click to expand...
I too was in "the IT game" but for over 40 years.
There is a huge - and auditable - difference between a development/support team having access to a system, and the same people being able to change data on the system.
The former is logical and beneficial, the latter is open to fraud, is unauditable and is probably illegal in many cases. It is definitely suspect and is something that should never be part of the design of a system.
Any and all adjustments to data on a system should and must be controlled, approved, audited, reported and documented.
 


fly high

fly high

Well-known member
Aug 25, 2011
1,338
in a house
FamilyGuy said:
I too was in "the IT game" but for over 40 years.
There is a huge - and auditable - difference between a development/support team having access to a system, and the same people being able to change data on the system.
The former is logical and beneficial, the latter is open to fraud, is unauditable and is probably illegal in many cases. It is definitely suspect and is something that should never be part of the design of a system.
Any and all adjustments to data on a system should and must be controlled, approved, audited, reported and documented.
Click to expand...
www.bbc.com

False evidence by Post Office’s expert contradicted his own report

Expert suggested bug fix which would alter data without branch knowing, but told court that was impossible.
www.bbc.com

This BBC report which suggests data could be changed remotely, something the PO went along with & lawyers knew about even as they sent people to jail.
 








Iggle Piggle

Iggle Piggle

Well-known member
Sep 3, 2010
5,411
FamilyGuy said:
I too was in "the IT game" but for over 40 years.
There is a huge - and auditable - difference between a development/support team having access to a system, and the same people being able to change data on the system.
The former is logical and beneficial, the latter is open to fraud, is unauditable and is probably illegal in many cases. It is definitely suspect and is something that should never be part of the design of a system.
Any and all adjustments to data on a system should and must be controlled, approved, audited, reported and documented
Click to expand...

I don't disagree with any of that. As I said, it's the processes etc around the system access that is the question.

Some earlier posts had made reference to the "secret rooms" and remote access. Both of these are highly logical in secure environments. Access to sensitive systems will be in secure areas and limited to those that need to be there. The system has to be accessed remotely for support by a limited number of vetted staff. I would expect both of those things in any normal large scale IT programme. They shouldn't be seen as a red flag in themselves.

If data can be changed without a change process or audit, then that is a completely different story. As an aside, I've watched some of the inquiry and I do find it interesting in itself how the legal system tries to get to grips with the complexity of how the system and corporate framework hangs together.
 


dejavuatbtn

dejavuatbtn

Well-known member
Aug 4, 2010
7,257
Henfield
FamilyGuy said:
I too was in "the IT game" but for over 40 years.
There is a huge - and auditable - difference between a development/support team having access to a system, and the same people being able to change data on the system.
The former is logical and beneficial, the latter is open to fraud, is unauditable and is probably illegal in many cases. It is definitely suspect and is something that should never be part of the design of a system.
Any and all adjustments to data on a system should and must be controlled, approved, audited, reported and documented.
Click to expand...
Yep, agreed. I worked in IT related departments and the only way to change data, other than a prescribed auditable process, was to change the raw data field on the system. This could only be done with a lot of blood letting and management control.
 


Super Steve Earle

Super Steve Earle

Well-known member
Feb 23, 2009
8,407
North of Brighton
Can't believe so many lawyers and senior staff have such terrible memories. Terrible to the point that they must have been barely functional humans for the last couple of decades.
The human interest stuff at the moment is just awful. The Post Office seems to have employed the dregs of humanity in so many roles.
 




Westdene Seagull

Westdene Seagull

aka Cap'n Carl Firecrotch
NSC Patron
Oct 27, 2003
21,145
The arse end of Hangleton
Super Steve Earle said:
Can't believe so many lawyers and senior staff have such terrible memories. Terrible to the point that they must have been barely functional humans for the last couple of decades.
The human interest stuff at the moment is just awful. The Post Office seems to have employed the dregs of humanity in so many roles.
Click to expand...
Supposedly some of the most intelligent and well paid professions yet every single one a liar with a poor memory. Think this shot of one of the PO's lawyers from today somewhat show's he knows he's been caught lying.

1714751464840.png


As an aside, if I ever need a lawyer I want Jason Beer - great name and even better lawyer.
 
Last edited:


Westdene Seagull

Westdene Seagull

aka Cap'n Carl Firecrotch
NSC Patron
Oct 27, 2003
21,145
The arse end of Hangleton
FamilyGuy said:
I too was in "the IT game" but for over 40 years.
There is a huge - and auditable - difference between a development/support team having access to a system, and the same people being able to change data on the system.
The former is logical and beneficial, the latter is open to fraud, is unauditable and is probably illegal in many cases. It is definitely suspect and is something that should never be part of the design of a system.
Any and all adjustments to data on a system should and must be controlled, approved, audited, reported and documented.
Click to expand...
Another IT lifer - and let's remember applications and data generally are kept separate with only the application having access to add, change or delete data and then only with detailed audit trails.
 


Seagull58

Seagull58

In the Algarve
Jan 31, 2012
7,441
Vilamoura, Portugal
Iggle Piggle said:
I don't disagree with any of that. As I said, it's the processes etc around the system access that is the question.

Some earlier posts had made reference to the "secret rooms" and remote access. Both of these are highly logical in secure environments. Access to sensitive systems will be in secure areas and limited to those that need to be there. The system has to be accessed remotely for support by a limited number of vetted staff. I would expect both of those things in any normal large scale IT programme. They shouldn't be seen as a red flag in themselves.

If data can be changed without a change process or audit, then that is a completely different story. As an aside, I've watched some of the inquiry and I do find it interesting in itself how the legal system tries to get to grips with the complexity of how the system and corporate framework hangs together.
Click to expand...
They had a secret room where people sat and changed data in the database directly without any audit trail. They denied that the room and the people existed. Jail time would be appropriate for the people in charge.
 






Bozza

Bozza

You can change this
Helpful Moderator
Jul 4, 2003
55,871
Back in Sussex
Iggle Piggle said:
I don't disagree with any of that. As I said, it's the processes etc around the system access that is the question.

Some earlier posts had made reference to the "secret rooms" and remote access. Both of these are highly logical in secure environments. Access to sensitive systems will be in secure areas and limited to those that need to be there. The system has to be accessed remotely for support by a limited number of vetted staff. I would expect both of those things in any normal large scale IT programme. They shouldn't be seen as a red flag in themselves.

If data can be changed without a change process or audit, then that is a completely different story. As an aside, I've watched some of the inquiry and I do find it interesting in itself how the legal system tries to get to grips with the complexity of how the system and corporate framework hangs together.
Click to expand...
Every system for every large corporate I've been involved in had "back door" data update access and tools for support staff.

As you say - this is completely normal.

If these access methods didn't exist then when errors occur - and all systems contain errors - then there would be no way to address and fix the incorrect data caused by the system errors.

But, as you also say, this should be limited to a small pool of staff, be fully recorded and audited.

Observing some of the public and media outrage at something I'd see as entirely normal and expected has been interesting.

Pretending that this back-end data access did not exist is not OK though, obviously.
 


Westdene Seagull

Westdene Seagull

aka Cap'n Carl Firecrotch
NSC Patron
Oct 27, 2003
21,145
The arse end of Hangleton
Bozza said:
Every system for every large corporate I've been involved in had "back door" data update access and tools for support staff.

As you say - this is completely normal.

If these access methods didn't exist then when errors occur - and all systems contain errors - then there would be no way to address and fix the incorrect data caused by the system errors.

But, as you also say, this should be limited to a small pool of staff, be fully recorded and audited.

Observing some of the public and media outrage at something I'd see as entirely normal and expected has been interesting.

Pretending that this back-end data access did not exist is not OK though, obviously.
Click to expand...
Not sure it's the public that is the issue - it's the PO execs and lawyers denying that there was ever access .... or at least that they never 'knew' about it. Equally, it should have been PCI-DSS compliant - unaudited backdoor access to the data is not allowed in a PCI environment.
 




Harry Wilson's tackle

Harry Wilson's tackle

Harry Wilson's Tackle
NSC Patron
Oct 8, 2003
50,865
Faversham
I heard someone employed by the PO today claim that a word file, documenting wrongdoing in 2010, that had been saved to a computer, could not have been saved by him because he did not know how to save word documents. At the time. As far as he can recall.

The people on R5 at the time reviewing proceedings were openly laughing at this.
 


Iggle Piggle

Iggle Piggle

Well-known member
Sep 3, 2010
5,411
Bozza said:
Pretending that this back-end data access did not exist is not OK though, obviously.
Click to expand...
This is the bit I have maybe missed along the way. Has this been denied? I'm not saying it hasn't happened - and nothing surprises me with this anymore - but the environments I've been involved in have Cameras on the way in, cameras in the room, door controlled access, no windows, smell of farts and inhabited by people slowly losing their soul.

Denying the existence is foolhardy in the extreme. It would leave a footprint akin to pointing at the Amex and saying it's not there. It's such a weird thing to deny as no IT company would ever win a bid for this kind of thing without it.
 


Westdene Seagull

Westdene Seagull

aka Cap'n Carl Firecrotch
NSC Patron
Oct 27, 2003
21,145
The arse end of Hangleton
Harry Wilson's tackle said:
I heard someone employed by the PO today claim that a word file, documenting wrongdoing in 2010, that had been saved to a computer, could not have been saved by him because he did not know how to save word documents. At the time. As far as he can recall.

The people on R5 at the time reviewing proceedings were openly laughing at this.
Click to expand...
That was Jamail Singh - the Post Office LAWYER on the stand today. I'm not sure how stupid he thinks the rest of us are but the idea that a highly paid professional lawyer doesn't know how to save an MS Office file is farcical. The bloke is a grade A corrupt, lying cvnt.
 


Eric the meek

Eric the meek

Fiveways Wilf
NSC Patron
Aug 24, 2020
5,459
Harry Wilson's tackle said:
I heard someone employed by the PO today claim that a word file, documenting wrongdoing in 2010, that had been saved to a computer, could not have been saved by him because he did not know how to save word documents. At the time. As far as he can recall.

The people on R5 at the time reviewing proceedings were openly laughing at this.
Click to expand...
My money's on Jarnail Singh. More slippery than a pocketful of eels.
 








You must log in or register to reply here.

Share this page

Albion and Premier League latest from Sky Sports


Top