cheekybids
Well-Known Member
- Joined
- 18 Sep 2009
- Messages
- 10,999
The culture & training should have warned about sharing passwords, clicking on links. Awareness improves security.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
PL charge City for alleged breaches of financial rules
- Thread starter ayrshire_blue
- Start date
The culture & training should have warned about sharing passwords, clicking on links. Awareness improves security.
halfcenturyup
Well-Known Member
- Joined
- 12 Oct 2009
- Messages
- 12,566
You'd be surprised how a lot of companies and government agencies still operate ;-) It has gotten better in the last 5 years, also in part due to more stringent GDPR rules. In the past I've even had to block access to several systems because I noticed one of our contractors using 1 account for all their employees. Every day it's a real slug to convince people to follow more secure procedures and techniques, but it's often seen as overzealous and inconvenient, or this will never happen so we won't implement this. It does still keep me in a job as a security officer mind :-)
Fair enough. I would have thought the old maxim "Once bitten twice shy" applies, but what do I know? :)
decmancity
Well-Known Member
- Joined
- 7 Nov 2010
- Messages
- 13,046
It was a third party scouting system.Never said you don't remove creds/disable access to people who leave so not sure what the point is.
Also I don't disagree on password only based access.I said if they used an existing user's credentials removing the creds of the person who left may be irrelevant because we don't know technically how the system was accessed such as VPN or another approach. We don't know enough about the system in question e.g. was it SaaS based run by a 3rd party accessible from anywhere? So we should avoid assumptions.
As far as we know, City contacted them and said X has left, disable his access.
But then X gets to liverpool, logs in and finds he still has access to his dashboard with the city content on.
Did City follow up with the firm and confirm his access was removed?
Did they send an email to the wrong company?
decmancity
Well-Known Member
- Joined
- 7 Nov 2010
- Messages
- 13,046
I have been in IT my entire career, working at billion dollar companies and in our most recent round of phishing training. The head of IT security got caught out.No expert in computer security but it seems to me that, any way you look at it, the security protocols in place must have been dreadful in 2012 and 2018. Password protection is one of the most basic security procedures around. Weren't the employees sharing passwords in 2010/11 and it took a year or so to identify the wrongful access? As for email attachments, surely they should have been scanned by an anti-virus software before being made available to employees? Pretty sure we were doing that when I had a corporate account. Any risk and the attachment wasn't delivered. And that was well before 2018 ....
Interested in the views of any professionals on here.
Shit happens, nothing is infallible.
asahartford1
Well-Known Member
- Joined
- 15 Nov 2016
- Messages
- 8,878
The fans of other clubs believed we were cheats long before the charges. The media made sure that was the case. The majority of people have a belief system created by the media. The outcome of a tribunal won't change that, the media will continue to manipulate, cajole and ultimately decide the truth.
He who controls the media, controls the minds of the people
N oam Chomsky
He who controls the media, controls the minds of the people
N oam Chomsky
nmc
Well-Known Member
Cr
But…. That’s not what happened. The Liverpool employee when he left City acquired someone else’s login details and used those - not his old City credentials. Demonstrates clear evidence of wanting to hack the system by using login details never issued to them and Liverpool FC were clearly comfortable accessing and using data that clearly wasn’t theirs.
It was a third party scouting system.
As far as we know, City contacted them and said X has left, disable his access.
But then X gets to liverpool, logs in and finds he still has access to his dashboard with the city content on.
Did City follow up with the firm and confirm his access was removed?
Did they send an email to the wrong company?
But…. That’s not what happened. The Liverpool employee when he left City acquired someone else’s login details and used those - not his old City credentials. Demonstrates clear evidence of wanting to hack the system by using login details never issued to them and Liverpool FC were clearly comfortable accessing and using data that clearly wasn’t theirs.
cheekybids
Well-Known Member
- Joined
- 18 Sep 2009
- Messages
- 10,999
In badly run companies these rights and roles are often found in several systems and sites therefore making it very hard to gauge which accounts someone has used. In more mature environments these rights are assigned using formal procedures with roles which can and should be revoked whenever someone leaves the company.
In this case someone left City, but their account was still there. Even worse, it was still active. A big nono. Therefore City should have had a better procedure for leaving users where all rights and roles are automatically revoked on the last day.
That didn’t happen.
I think he already has one. There is an English language newspaper in AbuDhabi, called the National. It is State owned. Nick McGeehan who has written about City very critically once wrote for it. Then he was not bothered about Human rights but changed his tune when the paper dispensed with his services.Khaldoon needs to create his own media operation.
Paper
Tv
Report it on the socials.
Soon enough the information would get balanced against the legacy media.
On all seriousness, we need to be spreading our innocence on the socials. The rest no one cares about anymore.
Didsbury Dave
Well-Known Member
- Joined
- 1 Feb 2007
- Messages
- 38,189
That’s not true at all. The “cheats” narrative started properly at the beginning of last season when the other clubs were deducted points.The fans of other clubs believed we were cheats long before the charges. The media made sure that was the case. The majority of people have a belief system created by the media. The outcome of a tribunal won't change that, the media will continue to manipulate, cajole and ultimately decide the truth.
He who controls the media, controls the minds of the people
N oam Chomsky
johnnytapia
Well-Known Member
- Joined
- 29 Feb 2012
- Messages
- 10,757
“even though they have only 1 PL title .All I am saying is that there are very naive people in City from owners to fans if you think that strong PR is not needed to take this club forward and make it ti this super club they want it to be.
We have been very lucky to win so much and the moments Aquero, Gundo to promote us but we cant trust that we will be winning all the time, look at this season.
Alot if Liverpool fans went to the CL final without tickets and tried to go insite the statium , thats why the france police did what they did.
The PR macine for Liverpool went into overtime and today it was all on the france police and UEFA.
There are alot of Liverpool fans in Scandanavia, Ireland,UK even though they have only 1 PL title .
It is becouse of PR .
It is becouse of PR .” Nah, it’s because of City.