Lost CDs – not the whole story | Bob Browning's blog

Feeds:: Posts; Comments

Lost CDs – not the whole story

November 25, 2007 by bobbrowning

There seem to be a number of red herrings in the CDGate scandal. Firstly we are asked to believe that a 23 year old clerical officer was (a) able to and (b) did download the primary database onto a CD and send it to the audit office.

Has anyone asked how he did this. Is there a button on their system saying ‘download to a CD’? I hardly think so.

Secondly it seems some senior staff were copied on emails.

Irrelevant.

It is common practice in large organisations to copy director level on everything for just this purpose – to protect someones backside. As a result senior staff get bucketloads of mail every day. If they read it all I would be asking why are they being so unproductive as 99.99% has no business in their in-tray. Sort of internal spam.

Better questions are:

1) Who asked this guy or gal to send the data on – pesumably his/her direct supervisor.
2) What exactly did they ask him/her to do
3) Who else was involved in creating this disk

I think we would be getting closer to finding out who should get fired.

Posted in The-rest | 3 Comments

3 Responses

on December 9, 2007 at 2:08 pm | Reply Chris

The data were almost certainly in an Access database (they have said “not encrypted, but password protected” which almost certainly means access).

To run access you must have at least read access to the MDB file (presumably on a network share somewhere). If you have read access then you can write to a CD (or even email it – though email is traceable) easily.

The real question is how many writable CD drives there are and who has access to them. In finance PCs now usually have no CD drives, no floppies and USB storage turned off.

LikeLike
on December 10, 2007 at 2:04 pm | Reply Bob Browning

This database on Access – seems unlikely to me. More likely Oracle or some such.

Computer weekly said it was an encrypted zip file.

LikeLike
on December 10, 2007 at 7:35 pm | Reply Chris

I agree that you would expect something like that to be on SQL server or oracle but that would require a fair amount of skill to take a copy of.

1) close down the server (to stop file locking).

2) locate the DB file on some server where you shouldn’t even have read access

A password protected ZIP file is encrypted, so I think that they would have used that as an excuse to say that the data were encrypted and safe.

So, all in all, I think that it was probably Access.

Mind you, Computer weekly usually have good sources in these matters. But I would still bet money that it was an access DB

LikeLike

Comments RSS

Bob Browning's blog

Still coding after all these years