BladeSec IA Logo

Company Information

Introduction
Company principles
Certifications and qualifications
Why choose BladeSec IA?
News and comment <

Products and Services

Typical work
Engaging us
Specific highlights

Travel Advice

More

Contact us
Privacy statement
Terms and conditions
Environment statement
Equality and diversity statement
 

Latest news and comment.

2024/07/22 - More on CloudStrike.
I see that CloudStrike has it's own Wikipedia page. However, I guess you know normal thresholds have been exceeded into geek levels when there's an xkcd comic about the situation. It was even a topic of conversation with a few familiar faces at the annual Intelligence Corps Day in Edinburgh on Saturday.

But in all seriousness, most people had never heard of CrowdStrike until Friday. And to be honest, I had no idea it's use was quite so widespread. It always struck me as a fairly niche product - that has previous for instability.

As usual, the criminals were quick to weaponise the world's most serious IT outage in the history of technology. It showed how quickly Windows admins along with Security and Communications Teams had to align to prevent a catastrophic incident becoming an awful lot worse. Interestingly, there has been some reasonable speculation how the current, post-pandemic hybrid, or home-working sanction will have contributed to extending the outage.

Despite the efforts of no-doubt tired, stressed and undervalued IT staff over the weekend, it looks like there will still be a backlog at GP surgeries, some flights still won't go and trains and banks will also be impacted.

I note that there are many "experts" have jumped on the bandwagon to proclaim how to fix things - but this really was almost a perfect storm. Fixing it requires a change to society's thinking - starting with understanding the difference between value and cost.

In other news, I see that Cellebrite assisted in the accessing of Trump's would-be assassin's phone - and did so in forty minutes.

2024/07/19 - Microsoft 365 and CrowdStrike.
As I was going to bed last night, there were rumours that MS365 was considerably "degraded". Come the morning and the news is full of a global outage caused - apparently - by a poor CrowdStrike update. I don't know whether this is due to the global situation, but this feels bad and much worse than the denials would suggest.

2024/07/02 - Vulnerability in OpenSSH.
Given how ubiquitous SSH is, this feels bad.

Clearly, there are caveats. It's not been proven on Windows or Apple variants, nor on 64 bit versions of Linux - and only glibc-based versions are vulnerable. Either way, with over a third of all internet facing versions of SSH proving to be vulnerable, it's time to patch - urgently.

Original finding from Qualys here.

2024/06/26 - USB slots in Toyotas.
Regular readers will know that occasionally, when we're not making unpopular statements, we occasionally throw up little nuggets of information on the basis that when published on the Internet, it will largely be there forever. Over the years we've dealt with gotchas when reflashing a Google Pixel, electrically checking automotive fuses quickly, lots about people whom I respect, news from the Isle of Lewis, upgrading Ubuntu, family mentions and stories about boats.

This time it's about the USB ports in some Toyotas.

I recently bought a new-to-me Toyota. It was the first vehicle I've ever bought that seemed to come with everything needed to make and receive phone calls and listen to music from a USB or by Bluetooth out of the box. (All my previous Subarus had to be "tweaked" slightly with after market hardware.) The frustration, however, arrived really quickly when trying to use the USB port as the car would play it in an entirely arbitrary order.

It meant that for the first 3 months of owning my new car, I had to resort to using the same CDs burnt with MP3s that I was forced to use in my last Subaru. Even upgrading the software made no difference.

The long and short of it is that I should have followed my hunch and not done so much internet searching. If you search for information on how to fix it, you will get lots of people tell you that it's playing the tracks in alphabetical order (it's not), according to the access time (definitely not) or by numerical track order according to the file metadata (nope again). There are even a few people that say that they managed to solve it by creating a playlist (an M3U file). That didn't work for me and indeed within the almost 1500 pages of manual, it did say that it didn't recognise playlists.

I should have followed my hunch.

The FAT drive specification is pretty basic and the car was basically playing the music in the order that it was copied to the stick. (I admit, there is some complexity around this, but broadly at a high level, it's as simple as I outline). To solve it, copy the files to the stick and run this as root on the unmounted device. Windows and Mac users will be pleased to know there are other similar programmes for different operating systems - but this isn't supposed to be easy!

You're welcome!

(And don't get me started why Toyota would put a USB port and 3.5mm audio socket vertically on the centre console. Sure, they're protected when they're not in use, but put in any USB memory stick and the audio socket remains exposed. Luckily, protective covers aren't expensive.)

2024/06/25 - Mr Assange pleading guilty.
I suppose it's the end of an era but I, for one, will be happy to see the end of the popular cult of the veneration of Mr Assange.

Whilst I accept my views are unpopular, I do wonder whether his fans have ever stopped to reflect on the impact his actions have had on the victims of his alleged crimes in Sweden. For an individual who stood up for justice, transparency and accountability; it is clear that he does not see those values represented amongst his own personal morals. And those who think that the atrocities WikiLeaks highlighted meant that ends justified the means, then they are deluded. As Wilfred Owen said, the "the first casualty of war is innocence". If anybody thinks the level of barbarism exhibited in the 2007 Baghdad air strike was somehow unique to that era, they remain deluded.

War is to go beyond hell. Sitting at home in a comfy seat, with an oat-milk skinny latte leaving likes on everything social media throws up is not war.

It's not even a worthy commentary on the utter destruction and personal loss.

2024/06/24 - News round-up.
A few interesting things happened just as we were finishing on Friday:-

  • Whilst this is undoubtedly the right thing to do, Russia remains very happy to and is competent operating on foreign soil. I hope this ends well - especially for the family of Ms Sturgess.
  • I still dislike the term "cyber" as in "cyber-security". It doesn't matter how the attack is conveyed, the target is information, power and money. The increasingly interconnected society means that what happens in the virtual world has an increasing impact on the real world. There is a reason BladeSec IA do information assurance and not "cyber".
  • This was a brave statement to make in the current climate and especially as the representative of the National Federation of Sub-Postmasters. It feels naive at best.
  • The comments from Mr Thompson make me wonder how this will pan out.
Having been involved in the roll out of many new information systems over the years, nothing ever hits the ground 100% perfectly - but you can put guardrails around that to limit the damage and prevent it becoming calamitous. And ensuring all changes are tracked and attributable is elementary.

2024/06/20 - Kicking the wronged when they're down.
I did say that I wasn't going to dwell any longer on the fate of the poor folk that have been wronged in the Horizon Post Office scandal, however things have hit a new low today. The Post Office have referred themselves to the Information Commissioner for disclosing the details of 555 sub-postmasters who sued them in 2017.

This was a national disgrace when it happened. It became far worse when the Post Office failed to remediate legitimate third party concerns. It perpetuated the travesty by failing to do any of it in a reasonable timescale. Instead, the Post Office continue to find ways to make it far, far worse.

2024/05/05 - Russia outed as behind NHS major incident.
It's been confirmed. This is right from the military playbook and so it worries me what will happen tomorrow....

2024/05/04 - NHS severely impacted by security incident.
On the same day that the D-Day veterans arrive in France to commemorate the 80TH Anniversary of the Normandy Landings, the NHS in London have declared a major incident. The attack has been made against a provider of pathology services resulting in the cancellation and movement of a number of treatments.

I'd wager Russia are behind this.

And the date is significant.

And the NHS being a target is deliberate.

It's sickening.... But there is no Geneva Convention in the virtual world - even when it impacts the physical world.

2024/05/23 - PSNI facing £750k fine from the ICO.
Following on from the data breach last year I do find myself in two minds about this. Ignoring the fact that the size of the fine is largely speculation at the minute, (The BA one went from £183.39 million to £20 million) I personally don't think that the ICO's penalty regime entirely works.

The bottom line is that right now, every public sector organisation is facing huge budget cuts. They face a daily onslaught of people who rightly exert their legal right to obtain information on their operations, or to access the information that they hold about that individual. Each of these requests takes up a hugely significant proportion of time and effort to resolve.

Back when I was the inaugural Data Protection Officer for a public sector organisation at the roll out of the Freedom of Information (Scotland) Act, I operated largely singularly. Now most public sector organisations have entire departments dealing with public requests. That is a massive cost that, for the most part, is entirely unrecoverable, yet it forms part of the legal obligations of that organisation.

However, the real reason I have an issue with the penalty regime is that fining the body responsible for the (in this case, a human error) breach, doesn't help the victims. Instead, it impacts the funds available to the body to take appropriate corrective action. They may be able to pay another suitably senior individual to validate responses to official requests prior to sending them out which would prevent this ever happening again. They may be able to invest in suitable automation; to prevent this happening again. They may even be able to pay their victims more than the paltry £500 the PSNI are giving each of their staff.

And that's why in the current economic situation, I would suggest that the ICO's approach for fining public sector organisations is flawed.

Whilst I am criticising the ICO, I may as well highlight that they are permitted to keep a portion of the fines they raise. I appreciate that what I said above makes a case for increasing their fines, but I'd point out that the ICO have been trying to increase the scope of their operations at least since 2017. As recently, as yesterday they were rattling their swords on something that is for preview in Windows 11, that may never actually go live! On the other hand, they don't seem to be terribly interested in flaws in Apple's and GL-iNet's geolocation services that have existed for years.

2024/05/05 - A less Googled future.
I have previously mentioned my use of LineageOS and just how successful it was bringing a fully patched Android 14 distribution to a Motorola Moto G7 Plus that was supposed to stop getting updates at Android 10. Well, one update after Android 14 arrived, it was apparent that it too was no longer supported - which wasn't bad for a phone of that age

That prompted an investigation to determine what that phone should be replaced with. I had spent a lot of time reading about GrapheneOS and the work it was doing on containerisation for Google applications, as well as redirecting Google Play Service calls to GrapheneOS. It was interesting enough for me to want to give it a go. Because it only works on Google Pixels, I had to order one of them and because a Google Pixel 7 can run both LineageOS and GrapheneOS (clearly not at the same time!) I ordered one of them. Another benefit was that stock was being run down ahead of the Pixel 9 appearing.

Yesterday I installed GrapheneOS. It was pretty easy, following the instructions and I had a play. A day later, I'm replacing it with the stock Google firmware ahead of flashing LineageOS onto it this afternoon.

The reason is that GrapheneOS clearly has a very niche market and I don't think it's me. Whilst I don't want to depend on Google applications and services, BladeSec IA does use Google cloud infrastructure for our business e-mail, contacts, calendaring and tasks. As a consequence, I do expect a new phone to be able to handle those four things - not necessarily out of the box, but with as little effort as possible. It's clear that GrapheneOS is too much in the privacy camp.

Try as I might, I could not get the FOSS Calendar application I use, to synchronise to Google. I managed to get everything else working - in the end. On the basis that it synchronised my Tasks, I freely admit that it was probably me doing something wrong that prevented my calendar working. The problem was that having exerted a few hours trying to work it out (and I even read the online manual whilst it was flashing; worryingly, it goes from explaining Android gestures to storage permissions) I have opted to revert to LineageOS.

And that's where I find things now. LineageOS strongly suggests only installing it from the stock image. You would think that would be easy enough - Google even provides a web page to help you do it. And that's the point of this update as there are a few nuances that I thought may help people in the future.

Firstly, I chose to do it on Chrome from Windows 10. We have a solitary remaining Windows laptop that's used for all sorts of things. If I need to run some stuff that I can't look at, it will always go somewhere else other than a production machine. Hence, reverting the firmware to stock was always going to happen there.

My Pixel 7 appeared under "Portable Device" in the Windows Device Manager. It seemed to support my notion that I had followed the instructions to install the Windows USB device drivers. It did strike me as odd that Windows said that it was running the most up-to-date drivers already, but I'll circle back to that in a second.

The next issue is that the Google website doesn't actually seem to tell you how to prepare the device until after it fails. You need to enable Developer Mode, enable USB debugging and enable OEM unlocking. (I won't tell you how to do that as this isn't supposed to be easy!). When you enable USB debugging, it is easier to click "Always" under "Trust the computer". You are, after all, reflashing the firmware - the decision won't persist.

All went well and the online flashing tool was able to find my Pixel. I was able to click the option to reinstall the public firmware and my Pixel rebooted into the bootloader.

That's where the wheels came off.

Nothing I did would allow my laptop to see the Pixel. I went back into Windows Device Manager, and I spotted that the Pixel was now listed under "Other Devices", but with a yellow warning triangle. A quick right click and offer of the USB device drivers I had previously tried to apply when it was a "Portable Device" and low, happiness was restored.

I'm typing this as the original stock firmware is downloading. This afternoon, I will install LineageOS after updating the phone on the stock Google software. Hopefully, it'll be easier as it's something I've done many, many times before.

2024/04/29 - Threat in the news.
This was quite timely as we completed a specialised threat assessment briefing for a government client last week. Other notable issues in the last twelve months also include a significant increase in "Social Media Auditors".

2024/04/24 - Website issue.
It's approaching the annual renewal of our website SSL certificate. I thought it was odd when our service provider (Namesco) started the renewal yesterday, when the certificate expires at the beginning of June. I thought it was odd, when I received two lots of verification e-mails from the provider of the SSL certificate. And I thought it was odd when the website stopped serving off HTTPS late yesterday afternoon.

We've taken the SSL redirect off, so that you can read the website in glorious insecurity until Namesco have resolved the issue. The website doesn't actually capture any sensitive or personal data, so this won't impact on much except your browser telling you that the connection is insecure.

2024/04/16 - A world away.
I'm just back from a heavily curtailed trip to the Isle of Lewis. I try to avoid catching up with information security news and gossip whilst there. It's so much more important to see friends, however there are two interesting articles from Bruce Schneier that are worth repeating:-

  • Bruce has expanded his memorial article on Ross Anderson.
  • Bruce then goes on to explain in his usual accessible way, how the internet dodged a bullet when the XZ Utils library was subject to a nation-state attack. If it doesn't chill you to the bone, it should as it would have entirely compromised the security and integrity of SSH.
2024/04/04 - At risk notice has now been withdrawn.
This afternoon's work has been completed and all is working again.

2024/04/04 - Reminder of this afternoon's at risk notice for CJSM networking.
Work is due to commence at 15:00. An update shall be posted following it's completion.

2024/03/31 - At last a good use for artificial intelligence?
Last night, I had an epiphany regarding the current apathy towards politics and politicians (on both side of the divide). I had this notion where what passes for artificial intelligence could be tasked to generate a word cloud of terms associated with each major political party on a daily basis using material from mainstream media and news sites dated within the last month. Thus, it would exclude the bias exhibited in social media, and be immediately more consumable by the populace. Technically it wouldn't require AI, but it seems like a good way to get funding for the project!

I suspect I was reflecting on this. I can't relate to the why but I do find it utterly heart-breaking. If this genuinely helps, then perhaps it is the best use of generative artificial intelligence so far.

2024/03/30 - Death of Ross Anderson.
There can't be many folk of a certain age that work in the information security field that aren't aware of Ross and the work that he did - especially in crypto. I have even quoted him on this website and so, I am saddened with the sudden announcement on Friday. In the mid-nineties, my boss at the time was also a Cambridge grad, so I think I met Ross a couple of times in 1995 or 1996. His insights were always thought provoking and I would hope that a bit of his intellectual curiosity rubbed off on me, if not then, but certainly in more recent times.

The Cambridge technology field was surprisingly well acquainted with each other. It was due to a legacy of those times that I've always supported Cambridge during the annual boat race - and there's a little bit of me thinks Ross would have welcomed today's result in both the men's and woman's races.
--
(Updated 2024/04/02 to link to Bruce Schneier's far more insightful post about Ross.)
(Updated 2023/04/04 to include a link to The Register's obituary.)

2024/03/27 - At risk notice: Changes to the CJSM secure e-mail service.
BladeSec IA use a service provided by the Ministry of Justice to securely route e-mails to government and policing colleagues. This service requires some changes to be made and therefore we are announcing an "At Risk Period" where CJSM e-mails shall not be routed to us between 15:00 and 17:00 on Thursday the 4TH of April. Because of the nature of the change, please monitor the items you send to us for "bounce-back" messages. If you receive such an e-mail, please resend it after the at-risk period has expired.

The normal internet e-mail shall remain unaffected by this change.

2024/03/25 - More on the British Library attack.
The Register comes to the same conclusion that we did. The opinion piece goes further pointing out parallels between air accident investigation and the importance of the British Library report. As we said before, the details need to be shared with every senior in every organisation. El Reg's article largely ends by pointing out that there is no IA version of the Civil Aviation Authority to call out criminal mismanagement (although negligence seems more appropriate). It remains a chilling read.

2024/03/18 - News round-up.
There are a few things that we've been remiss in not mentioning:-

Firstly: This breaks my heart as much as an article in The Field listing details of the men who died between the signing of the 1918 Armistice Agreement at 5:45 and when it was announced on the 11TH hour, of the 11TH day of the 11TH month. If you work within IT or the technology industry, you owe it to those Post Masters who died having been falsely prosecuted to ensure that it never happens again. Never.

Secondly: Moving onto the digital attack that occurred in October last year against The British Library. In an relatively unprecedented demonstration of openness a review of the incident was published at the beginning of the month. The details of that, including the apparent attack vectors, should be shared with every senior in every organisation.

Next: There's been a massive outcry about a family photo that was posted by The Princess of Wales to social media on Mother's Day. It was "kill-filed" by various media outlets as having been doctored. Given that Google actually advertises the Pixel phone by highlighting the reality-altering features of the Magic Editor, my view is "how can we trust any image from a modern phone as being undoctored?". I get annoyed at my Nokia G22 that regularly does things that AI thinks improves the image resulting in a cartoony feel - and there is no way to switch it off. No. I think we should be grateful that the Princess of Wales edited the image by hand rather than using AI. After all, it's the minute flaws that show it's hand crafted.

Finally: Many folk who work in this sector will be aware that Professor Fred Piper died on the 12TH of March. Whilst many people knew Fred from Royal Holloway, where he was the founding director of the Information Security Group there, I knew him as one of the founders of the Institute of Information Security Professionals in 2006. The IISP went on to became the Chartered Institute of Information Security built on much of the work that Fred did, from the Skills Framework to the academic network. Not only was he one of the founding Directors, but he held the role until 2014 where he helped influence information assurance in academia and the wider industry. He was one of the humblest, most engaging academics, I knew and I will miss him.

2024/03/06 - Safer Travel, 2024.
We're delighted that it's finally arrived, albeit a week late. That was simply down to work commitments!

Eagle-eyed readers will notice there are very few updates between the final issue of 2023 and this one. We make no apology for that as it represents a different way of working. We normally spend hours trying to integrate all the necessary changes into the first edition of the subsequent year at the same time as fielding enquiries from folk who say, "Safer Travel is out of date" without actually contributing for it. Hence, this version has only received minor changes.

Watch this space.... We suspect the next issue will top out at over 200 pages!

2024/02/26 - The Calcutta Cup.
It was a bit of a fraught trip back from the Outer Hebrides on Saturday. The kick off for the Calcutta Cup was scheduled about twenty minutes before we made land. It meant that those first few minutes where England looked so incredibly dominant was by means of a very sporadic, poor quality mobile signal.

By the time we had checked into our hotel in Ullapool, and I had unpacked all the dog kit, Scotland had started their retaliation and were ahead - something that England never recovered from.

The match was notable for more than just the fourth successive Scottish win. Credit must go to Duhan van der Merwe for completing the first ever hat-trick by a Scotland player against England. His personal performance was the stuff legends are made from.

2024/02/15 - Backdoored encryption is illegal.
The European Court of Human Rights (ECHR) has issued a decision highlighting that laws that require the deliberate weakening of encryption violate the European Convention on Human Rights. This is something that will be awkward for the UK's Online Safety Act, 2023 and it's largely unenforceable and now non-compliant spying clause.

The mechanisms behind the decision make for interesting reading too, as we largely have to thank our friends(!) in Russia for this finding. It gets even weirder than that, as it was a legal challenge against Russia's Federal Security Service (the FSB) who demanded technical information from Telegram in order to assist in the decryption of a user's communications in 2017. The user originally challenged the order in Russia unsuccessfully - unsurprisingly. The thing was, somebody clearly overlooked the fact that Russia was a technically a member of the Council of Europe from from 1996 until its invasion of Ukraine in 2022. This means that the appeal, lodged in 2019 had to be considered by the ECHR until a decision was made; which it now has.

Good manners saves me from making a comment citing both the UK Government and Russia in the same sentence!

2024/02/01 - Safer Travel 2024.
Now that we have passed the inordinately busy January and started into February, we can start to plan for the pro-bono and expenses-only work we do. Part of that is the first edition of the 2024 version of Safer Travel.

There are a number of modifications that are outstanding; mainly around having a "plan B", and what it should look like whilst dealing with disasters in foreign places. Equally, now that everybody has become an expert on videoconferencing, there's a never ending stream of advice on that particular front that we need to sort through. We hope to have the first edition for 2024 in place by the end of February as the changes are not terribly extensive. When that's sorted there will be a significant review in time for the second edition. As always, we will try to get it out prior to the Scottish summer holidays.

In a related note, this year marks my 25TH wedding anniversary and we have some very interesting, and extensive travel planned for much later in the year. I think the travel shall encompass every form of travel that is listed in Safer Travel. Whilst I didn't set out to do this, it feels that that highlights how extensive the anniversary travel is!

2024/01/21 - Network upgrade - Work completed.
As with all these things, we ended up starting half an hour late, but broadly everything went to plan. All services are back on-line as of 12:30.

2024/01/21 - Network upgrade - Work commencing.
The router upgrade as highlighted below is scheduled to commence at 10:00. Another message shall be posted when everything's back to normal.

2024/01/15 - Network upgrade.
BladeSec IA need to swap out a network router that will shortly be end-of-lifed. We are proposing to undertake this on the morning of Sunday the 21ST of January when it will have no impact on any customers. In the last 24 hours, the router has exhibited some instability, and so we may need to bring forward the change. In this case, we shall only do this after customer reports have been issued / collected and so a short-notice outage would occur after 14:00 on the stated day.

It must be emphasised that whilst the outage will have no affect on customers, this will result in no connectivity for internal BladeSec IA information systems. Whilst e-mail and the BladeSec IA website shall continue to be fully operational, the gateway and customer reporting servers shall be taken offline. Any customer having a critical issue, should use the appropriate telephone contact rather than e-mail during this time.

The customer facing service shall be fully operational by 08:00 on Monday 22ND.

2024/01/10 - The Post Office scandal - the last word.
I think that it's fair to say that the public reaction to Mr Bates vs. The Post Office has been unprecedented.

At long last the poor souls that have been battling to get their reputations and livelihoods back, fair compensation and even widespread recognition are on the brink of achieving all this. This is great and shows the power of the media. That said, I do find myself irritated that it took a TV dramatisation for it to enter the public conscience and for it to be prioritised by politicians and criminal justice organisations. Only now are we seeing a force of thought, and the potential prosecution of responsible staff in Post Office Limited and Fujitsu.

What is wrong with society that it took a fact-based work of fiction to fix such an atrocity?

2024/01/09 - Website updates.
We have finally relented, and fully automated the mechanism we use to post news and comments, and other changes to the BladeSec IA website. It should mean that these will appear more regularly rather than in blocks of two or three (or not at all). The only bit that we can't do automatically is purge the cache from the content delivery network, however, most changes should percolate through in less than 24 hours despite this.

2024/01/05 - Mr Bates vs. The Post Office.
It was a very impressive dramatisation, and serves to highlight the outstanding predicament of so many sub-postmasters.

If you haven't watched it, please do so on STV Player or ITVX.

This programme should be mandatory viewing for senior civil servants, MPs, MSPs and all directors and C-Level executives of organisations of national interest. If you think you can get away with it or that what you do doesn't affect people's lives, to quote Abe Lincoln, "You can fool some of the people all of the time, and all of the people some of the time, but you can not fool all of the people all of the time". And that's the rub; the internet is "all of the people". In this day and age, eventually, somehow, even against the odds, no matter how careful you are, and despite NDAs and confidentiality agreements... The truth will always come out.

2024/01/02 - For Rebecca....
I watched the first episode of Mr Bates vs. The Post Office in absolute horror. I had a knot in my stomach as the entire disregard for humanity played out. I have never witnessed a dramatisation that so closely mirrored the reason BladeSec IA does what it does. We don't sell boxes and every bit of consultancy is backed by fact and decades of experience. We value the integrity of our's and client data just as much as the confidentiality and availability and that means that our customers trust us - to safeguard vulnerable adults, or to ensure children's voices are heard, to police environment enforcement and to manage evidence forensically. We do it, not just because it's important, but because people's lives depend on it.

As the credits rolled on the first episode, I was reminded of the point my late father lost faith in banking. He was an old-school bank manager that liked pens, paper and writing everything down. (This was one piece of advice that I have ruthlessly stuck to - If you write it down, you don't go wrong.) When his bank was computerised, the closing balance did not tally with the paper record that he had insisted was maintained. I recall that it was not a massive amount, but because he had sought evidence that the computer system was accurate, one of his tellers was quickly able to identify that the amount outstanding was, to the penny, the same as the funds held in the charity and non-profit accounts. When my father phoned the helpline to point this out, whomever he spoke to realised that that category of account had not been transferred onto the computer system. My father maintained that he heard some typing, and the outstanding balance on his branch was changed to nil. He maintained that if somebody can do that without seeing the evidence of the cash at hand or without the authority of the branch manager, computerisation was always going to be met with suspicion.

My father was lucky in some ways as ultimately, his bank made the transition reasonably well, although I note that I had cause to complain to a different bank several years later, when I went to get a mini-statement from an ATM and discovered that the date the statement was issued was three days prior to the "last transaction".

That's why this remains so important....

2024/01/01 - Happy New Year!
Unlike recent years, we've decided to stay put, and so I am penning this from the security cart shed rather than the Isle of Lewis. Perhaps it is something to do with the fact that we're entering the thirteenth year of BladeSec IA.... or maybe not.

Looking back at the last three months, we've been inordinately busy, doing inordinately interesting things for our inordinately special clients. We're delighted to have a couple of new clients on-board who have been very vocal in championing our skills and abilities with other bodies.

I continue to look in frustration at the "traditional" consultancy sector. It is clear that it survives by never admitting failure, never scaling to provide best value and pandering to procurement by being so large, it can't fail - except to deliver best value client focused programmes. Many government departments are bought into the hype looking for "digital delivery partners" that can offer "development, hosting, administration, infrastructure, security services, data centre, on-prem, cloud, hybrid, UK-based, security cleared and ready-by-a-week-Tuesday". If that were divided up into smaller lots, you can imagine the value that would be provided to the tax-payer; all in return for an overarching programme manager - and you never know, some programmes may deliver to time, to budget, to specification.

With that, here is our tongue in cheek look at the last twelve months:-

  • Average distance travelled to work: 12.7 miles.
  • Distance to farthest job: Over 5000 miles.
  • Oddest destination to be back in: Stirling.
  • Value of donations made by BladeSec IA to support good causes: £225-00.
  • Amount of time donated by BladeSec IA staff pro-bono: 26 days.
  • Date the magenta toner was finally replaced in the office laser printer: 21ST December, 2023 (Technically, it was still going, but they're all so old, it's getting a bit grainy.)
  • The number of times, Suilly the security cart shed dog has had to be taught recall: 5 (and counting).
  • Number of dummies eaten by Suilly the security cart shed hound: 3.
  • Number of dummies lost by Suilly the security cart shed hound: Nil (was 2, but then he found them again).
  • Oddest item bought on-line by a member of BladeSec IA staff: A set of "cleaning picks". (Which I am told are for getting into really small areas!)
  • Top ten albums on the security cart shed playlist: Road by Alice Cooper, Felsenfest by dArtagnan, All We Have Is Now by Elephant Sessions, Soapbox Heroes by Enter the Haggis, IMPERIA by Ghost, Starcatcher by Greta Van Fleet, Live from Nowhere in Particular by Joe Bonamassa, Gettin' Old and Growin' Up both by Luke Combs and Live at The Old Fruitmarket by Rura.
  • Average score given to Indiana Jones and the Dial of Destiny: Seven out of ten. (Considerably better than Crystal Skulls!)
  • Amount of money received by BladeSec IA for anything other than consultancy: £nil. (Was it ever going to be anything else?
  • Number of technology products sold By BladeSec IA: None.
Happy New Year!


Click here for older News & Comment.