MTAS and other NHS websites
ukcrypto@chiark.greenend.org.uk
ukcrypto at chiark.greenend.org.uk
Sat, 5 May 2007 05:35:14 -0400
>
> That's very interesting. So they were accustomed to using the directory
> as a way of distributing non-public information.
Some of it was public - the Competition Ratios (ie number of people =20
applying for each job) were in a subfolder eg =20
www.mtas.nhs.uk/info/ST_2007_1/CRST3.pdf
The main /info folder was used for semi-public information. It wasn't =20
openly advertised, but must have been intended for use by Deaneries =20
and other Interested Parties. The directory could be listed, so it was =20
easy to see when new fles were uploaded.
>
>
>> Someone presumably uploaded some highly confidential data into this =20
>> folder. A handful of people would have seen it. Unluckily for =20
>> MTAS, one of those people was Channel 4 News.
>
> Oh come on. "Unluckily"? The data was deliberately forwarded to Ch4
> News by a doctor, in order to embarrass DH.
Er what I meant was ' it was unlucky for MTAS that a doctor saw it so =20
quickly'. It seems likely that the file was put there on a short-term =20
basis so that it could be quickly disseminated. They might have got =20
away with it. For all I knw, they might have even done it on a =20
regularish basis. Unluckily, they got spotted.
>
> --=20
> Pete Mitchell
----------------------------------------------------------------
Reserve your free e-mail@egypt.com, http://www.egypt.com
Spam free & Virus clean web based mail service
Report abuse to abuse@egypt.com