Discus Systems PLC - IT Support Company in Birmingham West midlands
0800 880 3360

Posted by Damien Biddulph on Wed 27th Jun 2012

'Inexperienced' RBS tech operative's blunder led to banking meltdown
Hyderabad job ad shows outsourcing in CA-7 team

By Anna Leach • Get more from this author

Posted in Financial News, 26th June 2012 11:56 GMT

Exclusive A serious error committed by an "inexperienced operative" caused the IT meltdown which crippled the RBS banks last week, a source familiar with the matter has told The Register. Job adverts show that at least some of the team responsible for the blunder were recruited earlier this year in India following IT job cuts at RBS in the UK.

Following our revelation yesterday that a bungled update to CA-7 batch processing software used by RBS lay behind the collapse, further details have emerged. According to a Register source who worked at RBS for several years, an inexperienced operative made a major error while performing the relatively routine task of backing out of an upgrade to the CA-7 tool. It is normal to find that a software update has caused a problem; IT staff expect to back out in such cases.

But in the process of backing out a major blunder was committed, according to our source. It was this error which made the task of restoring services so prolonged:

When they did the back-out, a major error was made. An inexperienced person cleared the whole queue ... they erased all the scheduling.

That created a large backlog as all the wiped information had to be re-inputted to the system and reprocessed. A complicated legacy mainframe system at RBS and a team inexperienced in its quirks made the problem harder to fix, our source adds.

CA Technologies - the makers of the CA-7 software at the heart of the snarl-up - are helping RBS to fix the disaster that has affected 16.9 million UK bank accounts.

"RBS is a valued CA Technologies customer, we are offering all assistance possible to help them resolve their technical issues," a spokeswoman told The Register.

CA added that RBS's technical issues were "highly unique to their environment".

The batch scheduling tool CA-7 is widely used and generally considered to be very reliable, so it appears that the error - that meant millions of accounts have registered incorrect balances for many days - sprang from the oversight of the technology at RBS.

RBS: "No evidence" this is connected to outsourcing
The CEO of RBS Group, Stephen Hester, has said that there is no evidence that the problem is connected to lack of investment in technology at RBS and the outsourcing of IT jobs to India. Asked directly by Sky news yesterday, he said:

Well I have no evidence of that. The IT centre - our main centre, we’re standing outside here in Edinburgh, [is] nothing to do with overseas. Our UK backbone has seen substantial investment.

We put our sources' revelations regarding poor levels of knowledge in the handling of CA-7 to RBS spokespeople - and reminded the company's representatives of the job ad showing that at least some of the firm's CA-7 handlers were recruited in India this year, as we reported yesterday. We offered the company an opportunity to confirm that the critical blunder was committed by a UK-based rather than an India-based operator.

However the bank's spokesmen refused to offer any further comment. ®


corner spacer corner

Posted by Damien Biddulph on Mon 18th Jun 2012

Congratulations to Andy and Lisa on the birth of their Son...

Joseph George Kevin Guy who was born at 11:17 on 16th June, weighing 7lb, 12oz.

Our love and best wishes go to you all,  Lisa, Andy and Joe

From Discus

corner spacer corner

Posted by Damien Biddulph on Wed 13th Jun 2012

Congratulations to Damien and Natalie on the birth of their daughter... Phoebe Alex Biddulph was born at 11:01 weighing 7lb, 7oz. 

Our love and best wishes go to you all, Damien, Natalie, Chloe and Phoebe

from Discus

corner spacer corner

Posted by Damien Biddulph on Tue 12th Jun 2012

Tackling user questions on what's known so far on what happened to stolen LinkedIn data, and what can be done about it
By Jaikumar Vijayan
June 7, 2012 01:08 PM ET

Computerworld - Hackers have apparently accessed close to 6.5 million hashed passwords from a LinkedIn database and posted them and data associated with them online. So far, researchers say, about 60% of the unique passwords in the dump have been cracked and there are signs that the rest will soon be as well.

Here's some information for LinkedIn users specifically, and all Internet users in general.

What happened? Surprisingly, it's not clear yet exactly what happened.

Earlier this week, a 118MB file containing 6,458,020 hashed password was posted on a Russian hacker forum. The posters said they needed help in cracking the passwords.


How has LinkedIn responded publicly to the reports? The company has said precious little so far. Apart from a brief blog post confirming that "some" member passwords were compromised, the company has said nothing about the nature or scope of the compromise.

The company says it is investigating the incident.

Did the hackers obtain email addresses associated with the passwords? That remains unclear as well. To this point, only the passwords have surfaced online. But security analysts believe it's likely the hackers have accessed email addresses and other account data as well.

If User IDs were not obtained what's the big deal? If so, that would diminish the seriousness of the compromise. Typically however, password data is stored along with other account details. So if someone had access to the passwords, they very likely had access to other account information as well. The fact that the data has not surfaced could mean that either the hackers don't have it, or they simply haven't released it.

What does it mean to me? If you're a LinkedIn user, it's a good idea to change your password, especially if you use the same password to access other online accounts. Make sure to use a STRONG password.

If your password was compromised, you will not be able to use it to log into your LinkedIn account. LinkedIn has said that it is contacting users whose password has been compromised with instructions on how to reset their password. The company has made clear that the email with instructions on how to reset the password will NOT contain any links. If you have not received an email yet, or if you are still able to access your account using your old password, it means that either your password was not compromised, or that LinkedIn doesn't it yet.

What measures had LinkedIn taken to protect member passwords? Embarrassingly little, or so it appears so far, researchers say.

The breached passwords were all masked using a basic hashing algorithm known as SHA-1. Though SHA-1 offers a degree of protection against password cracking attempts, the protocol is by no means foolproof. Numerous password cracking tools tools and tables that contain pre-computed hashes for billions of passwords are easily available. Almost anyone can use these tables to decrypt almost any SHA-1 hash and recover it in plain text in in a matter of minutes. That explains why nearly all of the hashed passwords have been cracked already.

How could LinkedIn have done to protect the passwords better? Security experts say the company should have used a method known as "salting" to make its hashed passwords a lot harder to crack. In the salting process, a string of totally random characters is appended to a plaintext password before it is hashed. A salted hash is considered to be magnitudes times harder to crack than a regular SHA-1 hash. Salting is considered today to be an almost basic security practice for protecting passwords.

Mobile VideoSponsored by SybaseProtecting iPhone Data
Phones contain a significant amount of enterprise data. Learn how to configure and secure them centrally.How can users be sure that more data was not accessed? That information must come from LinkedIn. It's possible that only password data was stolen. It's equally possible that the intruders gained access to email addresses as well.

Data breachesLinkedIn provides breach update -- sort ofVupen Security denies it's been hackedFAQ: LinkedIn breach -- what members (and others) need to knowHackers crack more than 60% of breached LinkedIn passwordsUpdate: LinkedIn probing reports of massive breachSecurity Utah CTO Steps Down Following Data BreachUndergrad suspected in massive Univ. of Nebraska breachGameReplays lets hackers probe site after data breachRomanian authorities dismantle hacker group targeting government websitesN.J. mayor arrested on hacking, conspiracy chargesMore in Data Security
Similarly, it's possible that a lot more than 6.5 million passwords were compromised. LinkedIn has over 100 million members. It's possible that the hackers released the 6.5 million passwords to show they have the goods to anyone interested in purchasing the purloined data from them. LinkedIn can be a goldmine for identity thieves and phishers.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His e-mail address is jvijayan@computerworld.com.


corner spacer corner

Posted by Damien Biddulph on Wed 30th May 2012

Century lighting are now a shining light in the Discus portfolio of customers. They have asked Discus to look after their IT systems allowing them to concentrate on what they do best, design and manufacture a comprehensive range of industrial and commercial lighting products. We extend a warm welcome to Century Lighting and look forward to working with them. Thank you for this opportunity!

corner spacer corner

Posted by Damien Biddulph on Mon 28th May 2012


corner spacer corner

Posted by Damien Biddulph on Mon 28th May 2012

Cloud Storage
With cloud storage, you keep your data online, so that it can be accessed at any time and doesn't clog up your hard drive.

Microsoft Skydrive offers 7GB if free storage, and software with easy to use "drag and drop " folders on your desktop. Additional space costs £6.20/year for 27GB (www.skydrive.live.com)

Dropbox is compatible with just about everything, and lets you share your space with others with an emailed invitation. You start with 2GB. and gain 500MB for each friend you introduce (www.dropbox.com)

Google Drive is simple to use, and offers 5GB of free space. However, it doesn't let you edit Microsoft Office documents and the web interface and Android apps "have rough edges" (www.drive.google.com)

YouSendIt has apps for Apple and Android, and a web interface for Mac and PC. Its apps are the only ones on test that let you edit Office docs. but "irritatingly" the edits always save as PDFs (www.yousendit.com)

Source The Sunday Times

corner spacer corner

Posted by Damien Biddulph on Mon 28th May 2012

Should mobile phones be banned from classrooms?
The chief inspector of schools is calling for their prohibition, says Catherine Bennett, and many teachers heartily concur. But this problem isn't limited to children. When it comes to being distracted by phones, parents are just as bad: they blithely tap away during meetings or meals. Politicians are the worst offenders. It's becoming ever more common to see MPs "curled over their phones and iPads in the chamber or tweeting incessantly", presumably in the belief that this "multi-distractedness is a token of cool super-modernity". David Cameron's inability to stop fiddling with gadgets even extended to the Royal wedding, during which he apparently used a quiet moment to text Jeremy Clarkson. A few aisles away. David Furnish seemed to be likewise engaged next to his partner, Elton John, who looked on with that expression of "blank indulgence routinely adopted by people whose companions" indulge in such rude behaviour. How can we expect children to behave better with their phones' when we set them such a bad example?

Catherine Bennett
The Observer

corner spacer corner

Posted by Damien Biddulph on Sat 26th May 2012

Thousands of UK websites are now in breach of a law that dictates what they can log about visitors.

European laws that define what details sites can record in text files called cookies came into force on 26 May.

Cookies are widely used to customise what repeat visitors see on a site and by advertisers to track users online.

The Information Commissioner's Office (ICO) said it would offer help to non-compliant sites rather than take legal action against them.

Action plan

The regulations say websites must get "informed consent" from users before they record any detailed information in the cookies they store on visitors' computers.

Among websites that have complied with the law, getting consent has involved a pop-up box that explains the changes. Users are then asked to click to consent to having information recorded and told what will happen if they refuse.

UK firms have had 12 months to prepare for the change and the ICO has spent much of that time reminding businesses about their obligations.

The ICO has also updated its policy to allow organisations to use "implied consent" to comply. This means users do not have to make an explicit choice. Instead, their continued use of a site would be taken to mean they are happy for information to be gathered.

However, it was a "concern" for the ICO that so many sites were not yet compliant, said Dave Evans, group manager at the ICO who has led its work on cookies in the last 18 months. However, he added, it was not necessarily easy for companies to comply with the laws because of the amount of work it involved.

On busy sites, he said, an audit of current cookie practices could take time because of the sheer number of cookie files they regularly issue, monitor and update.

Mr Evans said the ICO was expecting sites that were not compliant to be able to demonstrate what work they had done in the last year to get ready.

Fines for non-compliance were unlikely to be levied, he said, because there was little risk that a non-compliant site would cause a serious breach of data protection laws that was likely to cause substantial damage and distress to a user.

It was planning to use formal undertakings or enforcement notices to make sites take action, he said.

"Those are setting out the steps we think they need to take in order to become compliant and when we expect them to be taking those steps," he said. "If they comply with one of those notices or sign one of those undertakings they are committing to doing this properly and that's the main point."

As well as advising firms, the ICO has also issued guidance to the public that explains what cookies are, how to change cookie settings and how to complain if they are worried about a site's policy.

Source: BBC Technology Online

corner spacer corner

Posted by Damien Biddulph on Wed 9th May 2012

J C Ivison are a well known florist in Lichfield and the shop has been in the Ivison family since 1932. They cater for all floristry requirements from weddings to events, funerals to corporate events and every day occasions like birthdays etc.

Ivison The Lichfield Florist has asked Discus to provide them with a new website and an online shop.

Thank you for choosing Discus.

corner spacer corner

Veeam Specialist Microsoft Small Business Specialists Birmingham Microsoft Gold Certified Partner Birmingham Siemens Solution 1 Reseller Birmingham Sonicwall Specialists Birmingham Business Link Approved Birmingham Fujitsu Primergy Certified Partner Birmingham Facebook Follow us on Twitter ESET NOD32 VMWare
IT Support
IT Services
IT Solutions
Get Support Now
© 2019 Discus Systems plc. All rights reserved. Content Management by Verve Digital