Tag Archives: database

WordPress backup on demand to OS X

I wanted a script which would download the SQL database for this site in one go. So I wrote one. This script works on OS X, and should be fine anywhere ‘Bash’ is spoken.

This script operates only the local machine, but requires ssh access to the remote machine (where commands are executed). The database is compressed on the server and decompressed on the local machine. This is to minimise download time.

Of course, anything you do with this is at your own risk, but it works for me.

Here it is:
Continue reading WordPress backup on demand to OS X

Data Loss

Up until Monday, we hadn’t had any of our data lost by the government (as far as we knew). We shouldn’t have been one of the 25 million lost due to being child benefit claimants, or one of the many other breaches.

Some of the breaches are potentially very serious should it fall into the wrong hands, for example, the list of military applicants, of prison officers, or (and think of the children!) families with young kids.

However, Monica may have been among the three million lost on Mondays.

It does annoy slightly that they always call it ‘lost’, this can imply that the issue is that government no longer has the information. This isn’t the problem – it’s ‘duplicated, then lost’. The issue is that people who shouldn’t have the information ultimately acquire it.

Having the entire population on one big database is not a way to improve security. It’s a big target for identity theft, and recent history shows that it cannot be kept totally secure.

Having said that, the ‘losses’ that have happened have been rather silly. Lots of data transported without strong encryption, often when there was no need to transport it. It shows a general carelessness that is not befitting anyone claiming to be worthy of trust with this data.

You can take this survey to find out how likely it is that the government has treated your information shoddily.

For more on the proposed ID card database, see the No2ID website, including this rundown of the issues.

The ORG data loss questionnaireYou hand over your personal details to councils, hospitals, employers and businesses all the time. But these institutions don’t always keep that data safe. In fact, since HMRC lost its entire database of child benefit claimants last year, high profile data losses have hit the headlines with worrying regularity. But how does this affect you and your family? Click here to find out how likely it is that a government department or corporate entity has been losing your data recently.

Industry and Government want to aggregate and share more and more of your personal data. Schemes like the National Identity Register, ContactPoint and the Intercept Modernisation Programme are just the tip of the iceberg. But data insecurity is inevitable if large datasets are stored centrally and accessed by hundreds of different people. Data loss can lead to identity fraud and harassment for anyone affected. It is also likely to further complicate or even threaten the lives of those who are fleeing abusive relationships or on witness protection schemes. And that’s without even getting into the debate about how data sharing and aggregation can change the relationship between citizen and state [.pdf].

Once you’ve taken the test, please share the link – http://www.openrightsgroup.org/dataloss/ – with friends. And if you learn of other incidents that should be added to the questionnaire, then please add them to our list of UK privacy debacles, which feeds into the questionnaire.

Thanks to Sam, Glyn, Casey and Rowan, the Open Rights Group volunteers who conceived and realised this project. Finally, please note that the application does not record users’ responses or IP address. In fact we don’t store any user data, which means there is no danger of us losing or leaking anyone’s personal information.

More Data Loss

So, the Government has managed to lose a USB stick containing the details of tens of thousands of criminals.

We should not focus on the fact that this is the data of criminals – that will be of little concern to many – but instead look at what’s happened here in terms of data protection. Once again it has been possible to copy records en masse, save them to removable media unencrypted and walk out with them.

A picture of a USB Key

This time it was a USB key, but in the past it has been CD Roms. Discs have been lost containing the data of 4 million people, of 25 million people and there have been many other cases.

This does not breed confidence in the future security of the ID database – a massive bonanza for identity theft if it got into the wrong hands.

It simply should not be possible to export large amounts of data without a high clearance…. and such clearance should only be given to people who have been drilled until their ears bleed about safeguarding that data. In particular, if on usb, it is attached to a lanyard and doesn’t leave your neck until it is wiped. Even then, the data should not be on any removable media unless encrypted (and this should be automatic to prevent the human-error factor).

More to the point, if the data has to be moved from A to B, what is the problem with an encrypted ssh tunnel from one system straight to the other? What’s wrong with ‘dropping’ fields which are not needed at the receiving end before sending?

NO2ID - Stop ID cards and the database state

These data losses indicate a massive systemic failure in the design of government systems, a carelessness with the data with which they’re entrusted, and a laissez-faire attitude at the highest levels. Just as the loss of the child benefit discs was not the fault one one low-level civil servant, this should not be pinned on the unfortunate who dropped the usb stick (though they should know better). This should be viewed as a failure of design – people should not have been able to do this, even if they were trying to be malicious.

It’s just another case which demonstrates the flaws behind the concept of an ID card database, which if ever compromised would be the biggest boon to identity theft ever seen.

Clarkson in ID theft

Following the recent case where the bank details of 25 million were lost, Jeremy Clarkson was of the opinion that it was a fuss over nothing.

He published his bank account details in his newspaper column.

But Clarkson admitted he was “wrong” after he discovered a reader had used the details to create a £500 direct debit to the charity Diabetes UK.

The most surprising thing about the story was the phrase Clarkson admitted he was “wrong”

As I’ve said before, it’s not the fault of the underpaid guy who physically performed the act of copying the data, it’s the fault of those higher up who designed a system which was capable of having all 25 million records copied in one go at the click of a button.

On a related topic… ID cards

(Update: No2ID report this story…. I, along with probably countless others, emailed it to them, so it’s no surprise to me!)

The fault of low level civil servants?

Regarding the recent data leak:

The Conservatives say the crisis is down to “systemic” errors at HMRC – but the government insists it was the fault of low level civil servants.’

Source

Rubbish – why was it possible for a low level civil servant to download the entire database in one go and burn it to CD? (i.e. the potential is there to steal it).

A low level civil servant should only be able to view a record at a time, and not export the records at all. This is trivial.

I still can’t believe that they thought it’d be too expensive to drop sensitive fields.