Today's most viewed
| NEWS | | | | | SPORT |  | | | | | | INTERVIEWS | | | | | | | | MIDWEEK TV | | | COMPETITIONS | | | | | | |
|
|
|
Bank details safe after computer thefts
THE ORGANISERS of an international music festival say customers' details are safe after their website servers were stolen from a High Wycombe software company.
Burglars broke into the offices of Opal communications company in Cressex Business Park at around 10.30pm on Sunday. They used a stepladder to gain access to a first floor window.
When inside they stole computer accessories, software and hard drives including those used to power the website of the World of Music, Arts and Dance (WOMAD) music festival.
The festival is organised by Real World , a company owned by musician Peter Gabriel, and is scheduled to be held at a site near Malmesbury, Wiltshire in July. There are other WOMAD events in countries across the world.
Andy Wood, spokesman for Real World, said: "There were a number of items that were stolen.
"We had servers stolen, the result being that we had to set up in a completely different location."
The theft of the servers has caused the WOMAD website to crash.
Mr Wood said that all of the confidential information of customers who bought tickets to the festival are stored in a secure location, so no bank details have been lost.
1:04pm Thursday 8th May 2008
Print 
Email this 
CommentPosted by: Mario, Bucks on 1:28pm Thu 8 May 08
I'm sorry, but this story is complete hogwash.
Anyone familiar with computers and the like would know that if servers are stolen then information can be gleaned.
The other "secure location" is purely there for disaster recovery purposes, and has a faithful copy of all the data on the original servers.
So, either WOMAD's servers have been stolen or not. I see from the story they have been stolen.
Therefore confidential customer information is now available to the perpetrators.
Stop lying you treacherous oafs!
I'm sorry, but this story is complete hogwash.
Anyone familiar with computers and the like would know that if servers are stolen then information can be gleaned.
The other "secure location" is purely there for disaster recovery purposes, and has a faithful copy of all the data on the original servers.
So, either WOMAD's servers have been stolen or not. I see from the story they have been stolen.
Therefore confidential customer information is now available to the perpetrators.
Stop lying you treacherous oafs!
Posted by: Ivor on 2:12pm Thu 8 May 08
Now perhaps everyone will see the dangers of the new-fangled computers that have come to blight our everyday lives....
Did they not have security doors, alarms and have their computers bolted down to prevent theft?
Now perhaps everyone will see the dangers of the new-fangled computers that have come to blight our everyday lives....
Did they not have security doors, alarms and have their computers bolted down to prevent theft?
Posted by: davejones, Beaconsfield on 3:11pm Thu 8 May 08
[quote][bold]Mario[/bold] wrote:
I'm sorry, but this story is complete hogwash. Anyone familiar with computers and the like would know that if servers are stolen then information can be gleaned. The other "secure location" is purely there for disaster recovery purposes, and has a faithful copy of all the data on the original servers. So, either WOMAD's servers have been stolen or not. I see from the story they have been stolen. Therefore confidential customer information is now available to the perpetrators. Stop lying you treacherous oafs![/quote] Anyone familiar with computers would know that a webserver is unlikly to hold the database as well.
I think it's your IT knowledge that's hogwash.
Mario wrote:
I'm sorry, but this story is complete hogwash. Anyone familiar with computers and the like would know that if servers are stolen then information can be gleaned. The other "secure location" is purely there for disaster recovery purposes, and has a faithful copy of all the data on the original servers. So, either WOMAD's servers have been stolen or not. I see from the story they have been stolen. Therefore confidential customer information is now available to the perpetrators. Stop lying you treacherous oafs!
Anyone familiar with computers would know that a webserver is unlikly to hold the database as well.
I think it's your IT knowledge that's hogwash.
Posted by: Blaze Falconburger, HW on 3:34pm Thu 8 May 08
Really depends how the servers were set up, if badly then the webservers would also host the database. If not the database would be split and hosted on the backend - though this could be irrelevant if the back end physically sits next to the front end and both were nicked!
In any case, storing personal/card details really should be stored on encrypted disks only. The servers should be physically secured down in a security cage if they are important!
Really depends how the servers were set up, if badly then the webservers would also host the database. If not the database would be split and hosted on the backend - though this could be irrelevant if the back end physically sits next to the front end and both were nicked!
In any case, storing personal/card details really should be stored on encrypted disks only. The servers should be physically secured down in a security cage if they are important!
Posted by: Blaze Falconburger, HW on 3:34pm Thu 8 May 08
Really depends how the servers were set up, if badly then the webservers would also host the database. If not the database would be split and hosted on the backend - though this could be irrelevant if the back end physically sits next to the front end and both were nicked!
In any case, storing personal/card details really should be stored on encrypted disks only. The servers should be physically secured down in a security cage if they are important!
Really depends how the servers were set up, if badly then the webservers would also host the database. If not the database would be split and hosted on the backend - though this could be irrelevant if the back end physically sits next to the front end and both were nicked!
In any case, storing personal/card details really should be stored on encrypted disks only. The servers should be physically secured down in a security cage if they are important!
Posted by: Blaze Falconburger, HW on 3:35pm Thu 8 May 08
Really depends how the servers were set up, if badly then the webservers would also host the database. If not the database would be split and hosted on the backend - though this could be irrelevant if the back end physically sits next to the front end and both were nicked!
In any case, storing personal/card details really should be stored on encrypted disks only. The servers should be physically secured down in a security cage if they are important!
Really depends how the servers were set up, if badly then the webservers would also host the database. If not the database would be split and hosted on the backend - though this could be irrelevant if the back end physically sits next to the front end and both were nicked!
In any case, storing personal/card details really should be stored on encrypted disks only. The servers should be physically secured down in a security cage if they are important!
Posted by: h/w vioce, High Wycombe on 4:44pm Thu 8 May 08
Mario you buffoon stop posting comments on things you don't have a faintest clue about you moron
Mario you buffoon stop posting comments on things you don't have a faintest clue about you moron
Posted by: Mario, Bucks on 7:36pm Thu 8 May 08
Look, it is rare for web servers and databases to be hosted at different locations, fact!
Why has the firm gone to the papers with this theft (potentially damaging for the business), unless some serious sh*t has been stolen?
Look, it is rare for web servers and databases to be hosted at different locations, fact!
Why has the firm gone to the papers with this theft (potentially damaging for the business), unless some serious sh*t has been stolen?
Posted by: davejones, Beaconsfield on 8:16pm Thu 8 May 08
Mario - You seem to have little or no knowledge of webservers, it's extremely common to have them in a different physical location to the database.
Blaze - It's highly likely the disks were encrypted and you would normally try and apply the security measure to the whole server room rather then individual servers with "security cages". The reason the cabs are normally bolted to the floor is more H&S then physical security.
Maybe the firm has gone to the papers to assure any customers their details are safe, if they were trying to cover it up surely they would keep quiet?
Mario - You seem to have little or no knowledge of webservers, it's extremely common to have them in a different physical location to the database.
Blaze - It's highly likely the disks were encrypted and you would normally try and apply the security measure to the whole server room rather then individual servers with "security cages". The reason the cabs are normally bolted to the floor is more H&S then physical security.
Maybe the firm has gone to the papers to assure any customers their details are safe, if they were trying to cover it up surely they would keep quiet?
Posted by: Wycombe Resident, High Wycombe on 11:23pm Thu 8 May 08
@Mario - It's rare that people's brains are elsewhere than in their head although it seems Mario has a less conventional configuration on that score.
Demonstration enough of how a little knowledge goes a long way to make empty vessels make a load of noise.
You're not one of these "computer consultants" fleecing the Wycombe public by trying to blind them with your warped view of computer science are you?
@Mario - It's rare that people's brains are elsewhere than in their head although it seems Mario has a less conventional configuration on that score.
Demonstration enough of how a little knowledge goes a long way to make empty vessels make a load of noise.
You're not one of these "computer consultants" fleecing the Wycombe public by trying to blind them with your warped view of computer science are you?
Posted by: Blaze Falconburger, HW on 9:28am Fri 9 May 08
@Davejones - I agree, most comms rooms I've been in have secured controlled access of varying methods - but one thing that is often overlooked is the physical security of the servers once access has been gained inside the room.
Security cages for the servers are just another step of physical security that the thieves have to go to in order to steal the server or the disks. Nothing to do with H&S, more often requested by auditors. It depends how secure you want your data - individual cages for each server will take up much more room than a rack, but like anything security related, it is a trade off depending on the level of security you require.
@Davejones - I agree, most comms rooms I've been in have secured controlled access of varying methods - but one thing that is often overlooked is the physical security of the servers once access has been gained inside the room.
Security cages for the servers are just another step of physical security that the thieves have to go to in order to steal the server or the disks. Nothing to do with H&S, more often requested by auditors. It depends how secure you want your data - individual cages for each server will take up much more room than a rack, but like anything security related, it is a trade off depending on the level of security you require.
Posted by: Blaze Falconburger, HW on 9:28am Fri 9 May 08
@Davejones - I agree, most comms rooms I've been in have secured controlled access of varying methods - but one thing that is often overlooked is the physical security of the servers once access has been gained inside the room.
Security cages for the servers are just another step of physical security that the thieves have to go to in order to steal the server or the disks. Nothing to do with H&S, more often requested by auditors. It depends how secure you want your data - individual cages for each server will take up much more room than a rack, but like anything security related, it is a trade off depending on the level of security you require.
@Davejones - I agree, most comms rooms I've been in have secured controlled access of varying methods - but one thing that is often overlooked is the physical security of the servers once access has been gained inside the room.
Security cages for the servers are just another step of physical security that the thieves have to go to in order to steal the server or the disks. Nothing to do with H&S, more often requested by auditors. It depends how secure you want your data - individual cages for each server will take up much more room than a rack, but like anything security related, it is a trade off depending on the level of security you require.
Posted by: Blaze Falconburger, HW on 9:28am Fri 9 May 08
@Davejones - I agree, most comms rooms I've been in have secured controlled access of varying methods - but one thing that is often overlooked is the physical security of the servers once access has been gained inside the room.
Security cages for the servers are just another step of physical security that the thieves have to go to in order to steal the server or the disks. Nothing to do with H&S, more often requested by auditors. It depends how secure you want your data - individual cages for each server will take up much more room than a rack, but like anything security related, it is a trade off depending on the level of security you require.
@Davejones - I agree, most comms rooms I've been in have secured controlled access of varying methods - but one thing that is often overlooked is the physical security of the servers once access has been gained inside the room.
Security cages for the servers are just another step of physical security that the thieves have to go to in order to steal the server or the disks. Nothing to do with H&S, more often requested by auditors. It depends how secure you want your data - individual cages for each server will take up much more room than a rack, but like anything security related, it is a trade off depending on the level of security you require.
Posted by: Mario, Bucks on 11:08am Fri 9 May 08
davejones, get real.
For the piddling amount of data held for this firm no way would the data and web servers be at two locations, it's a tuppence halfpenny managed service contract!
We are not talking about BP or GSK corporate data here, but some WOMAD ticket data for pities sake!
davejones, get real.
For the piddling amount of data held for this firm no way would the data and web servers be at two locations, it's a tuppence halfpenny managed service contract!
We are not talking about BP or GSK corporate data here, but some WOMAD ticket data for pities sake!
Posted by: davejones, Beaconsfield on 11:24am Fri 9 May 08
Blaze - Fair enough, I accept they could offer some benefit, I've never seen them used though.
Most datacenters I've been in would seek to prevent access to intruder’s full stop and wouldn't accept the compromise of the additional space required for a small extra security measure. Generally the hardware value is of little or no concern so encrypting the data and preventing access is seen as adequate.
The H&S comment is valid because all cabs tend to be secured so they can’t tip when you extend the racks, either to each other or to the floor. This has nothing to do with security.
Mario - Do you have any extra information on the site that is not stated in the article or are you merely hypothesising? It is standard practice to hold the website and the database on separate servers and there is no reason to have these in the same physical location. It states in the article that this is how it was done, yet you apparently don't believe this. Unless you have an inside source I believe you are just trying to stir some controversy where there is none.
Blaze - Fair enough, I accept they could offer some benefit, I've never seen them used though.
Most datacenters I've been in would seek to prevent access to intruder’s full stop and wouldn't accept the compromise of the additional space required for a small extra security measure. Generally the hardware value is of little or no concern so encrypting the data and preventing access is seen as adequate.
The H&S comment is valid because all cabs tend to be secured so they can’t tip when you extend the racks, either to each other or to the floor. This has nothing to do with security.
Mario - Do you have any extra information on the site that is not stated in the article or are you merely hypothesising? It is standard practice to hold the website and the database on separate servers and there is no reason to have these in the same physical location. It states in the article that this is how it was done, yet you apparently don't believe this. Unless you have an inside source I believe you are just trying to stir some controversy where there is none.
Posted by: Alexander, Wycombe on 10:43pm Fri 9 May 08
davejones, the "standard practice" for managed service providers or hosting firms who are targetting small businesses is to hold web services and databases at the same location!
Many of these service providers only have one location!
davejones, the "standard practice" for managed service providers or hosting firms who are targetting small businesses is to hold web services and databases at the same location!
Many of these service providers only have one location!
Posted by: Mario, Bucks on 11:00am Sat 10 May 08
I don't have any "inside information" on this. Why don't you ask the firm to make a categoric statement about siting arrangements for web servers and databases?
Wycombe Resident, just read your garble. I'd lay of the whisky that late at night, your probably over the limit when you get behind the wheel in the morning.
I don't have any "inside information" on this. Why don't you ask the firm to make a categoric statement about siting arrangements for web servers and databases?
Wycombe Resident, just read your garble. I'd lay of the whisky that late at night, your probably over the limit when you get behind the wheel in the morning.
Posted by: Steve, Totteridge Hill on 9:09am Sun 11 May 08
[bold]Safe... I believe them[/bold] ...and the cheque's in the post and I won't come...on Thursday... ;-)
Safe... I believe them ...and the cheque's in the post and I won't come...on Thursday... ;-)
Posted by: davejones, Beaconsfield on 5:51pm Sun 11 May 08
Mario see the article above "Mr Wood said that all of the confidential information of customers who bought tickets to the festival are stored in a secure location, so no bank details have been lost."
so what's you're point?
Alexander - this may be standard practice for very small webhosts aimed at residential customers, however it is not common for larger companies offer SMB services such as the above.
Mario see the article above "Mr Wood said that all of the confidential information of customers who bought tickets to the festival are stored in a secure location, so no bank details have been lost."
so what's you're point?
Alexander - this may be standard practice for very small webhosts aimed at residential customers, however it is not common for larger companies offer SMB services such as the above.
Posted by: Wycombe Resident, High Wycombe on 6:18pm Sun 11 May 08
@Mario: You know what they say "Garble in - garble out" ;-)
If you knew anything about the semantics involved you'd realise that it actually makes a lot more sense to have the database separate - it easier and less expensive to do it that way. So whilst I agree with your evaluation of the realities of what goes on in small datacentres not matching up to what *should* go on - it's much more likely that the database is separate - it's a lot simpler and cost effective to do it that way.
You may still be broadly right about the security aspects as the database server may be no more physically secure than the web server and it was just luck that it didn't get nicked.
But it would actually take more work to start with and on an ongoing basis to have everything on the same physical server - so it's very unlikely and, therefore, the story is as believable as a press release can be I'm afraid.
@Mario: You know what they say "Garble in - garble out" ;-)
If you knew anything about the semantics involved you'd realise that it actually makes a lot more sense to have the database separate - it easier and less expensive to do it that way. So whilst I agree with your evaluation of the realities of what goes on in small datacentres not matching up to what *should* go on - it's much more likely that the database is separate - it's a lot simpler and cost effective to do it that way.
You may still be broadly right about the security aspects as the database server may be no more physically secure than the web server and it was just luck that it didn't get nicked.
But it would actually take more work to start with and on an ongoing basis to have everything on the same physical server - so it's very unlikely and, therefore, the story is as believable as a press release can be I'm afraid.
What are these links for?
If you liked this article and would like to share it with others on the web who might be searching for good content we've made it easy for you to do it.
At the bottom of all articles, you'll see links to six sites. These sites - commonly called 'social bookmark' or 'social news' sites - have large communities of web users who share and rate interesting, useful and fun things on the web.
Clicking the links will automatically add the address of the story you are reading to one of these sites, letting you share it with others. Each site will ask you to register to share stories. Registration is free and once a member, you can store, recommend and search for stories that interest you.
More on Digg
More on del.icio.us
More on Furl
More on reddit
More on NowPublic/
More on Yahoo!
