Roguedent

'....Broadsword requesting JPA password.....over'

Rev I. Tin

'...roger, wait out...'

The Helpful Stacker

"Say again last Broadsword, message garbled..."

maniac55

'Standby Broadsword, the pigs are lining up for departure..'

moosemaster

As far as I can see this is a legitimate concern, shared by most people who've ever had any dealings with previous MoD IT projects.

Let's face it, if Barclays can cock it up with the amount of money they pour into things, what makes anyone think the MoD won't given our shoe-string budget.

JPA has enough trouble getting my pay correct without someone else deliberately trying to get it wrong!!

The Helpful Stacker

Even leaving personnel security issues aside this security oversight could damage the RAF in other ways.

If someone were to mess about with JPA in such a way as to stop wage payments one month to a large amount of personnel you have the potential for at least a massive hit on morale and at worst a chance of mutiny/work to rule.

Bluntend

And yet at the same time as the fundamental security of JPA is being ignored by the grown ups, were having new ID card holders thrust on us. These ones now need to be colour coded - to improve security. Obvious really...

Fox-1

Personally, the security of my personal details are far more important than being paid on time. I expected there to be teething troubles with the new IT system, but I also expected security to be the prime consideration for a Military IT system.

However, as no IT system is fully secure, why was this not a consideration before the issue was decided?

GreenWings

I got mine here this morning at your secret Cambridgeshire stn's little sister stn in Beds. All the stn staff are toeing the policy line, but no one's saying where this marvellous initiative came from. Is it going to be another RAF-wide waste of money and effort or did someone discover a few boxes leftover at the ID Badge Holder IPT at Wyton?

The Fishheads here are grumbling too, because they have to wear a light blue one

formertonkaplum

What is this talk of ID card holders? Are they being issued RAF wide? Can anyone elaborate?

Can we think of no better place to spend money? Like a computer system that can drive JPA and allow more than 80 people to log on at once?

What next...
Royal Air Force rucksack..................... no, done that.
Royal Air Force badge for cs95............. no, done that.
Tactical Badge for CS95...................... no, done that.

ScapegoatisaSolution

Not wanting to get this thread chopped but what is the difference with a 'http' site and a 'https' site? Why would the civvy HRMS system be on a 'https' site and JPA on a 'http' site?
Apparently the money that should have been paid to me by JPA but didn't get to my account is in a 'computer black hole.' Well that makes it alright then...
A Scapegoat is Better Than a Solution...

WhiteOvies

Greenwings:
If the fishheads over at the Beds are moaning you should hear the crabs at the Cambs place. All Service personnel to wear dark blue badge holders! At least they're not purple!

Talking Radalt

"Limited Edition" keyfobs on e-Bay? ......

scroggs

Yes, BOAC is a Moderator of this and every forum here at Pprune, as am I and a number of others, including (of course) Danny and Pprune Towers. Not even 'Military Aircrew' can be left completely to its own devices!

Scroggs

BOAC

Just to add: as you can see the thread is now 'back' - all 'joined up' for ease of viewing. Please feel free to use PPRune to air your concerns - the press DO read these forums.

However -

I understand the motive behind the thread is to ensure that the details of serving personnel remain secure. With that in mind, when you post here:-

1) This forum is fully open to everyone. Do not post information which you know to be 'sensitive'. That will result in moderation again and probably denial of access for you.

2) Do not degrade the security of your colleagues' information by giving those with a less noble motive any hints.

As Scroggs has pointed out, an eye is kept on the forum and advice sought when necessary.

Do not waste the opportunity you have here.

Edit:

A note (for the paranoid ) regarding the 'secure padlock' referred to in an earlier post - #53. A while back I read on a computer security site that these 'padlocks' can be 'forged'. I do not know if other OS's will do this, but with WinXp if you double click on the padlock it will tell you to whom the certificate is issued, as a double check

BleepBleep

Mike,

Forgive my naivety, but JPA can only be accessed by someone on the DII or RLI; ie closed netwoks so there is a measure of security already - added to the fact that even authorised users can not gain access so we have total security!!

On a different note, the system is so effective Innsworth can post someone and both the individual and post can disappear in a matter of seconds. Really makes you feel safe doesn't it!!!

By the way, what's this about pass holders? Sorry to seem dense but I've only just found this site and haven't worked my way through all of the articles posted.

Almost_done

Ahhh the DII/RLI closed networks (or woks if you prefer), now do you or does a colleague at work have an IGS account? Well the IGS account is a secure(ish) way of using the Internet via the RLI Intranet. See where I am going here.

Such that the packets that you send out and recieve are passed through a series of Firewalls, but our system does not use SSL, however; there are far more intelligent persons outside of the RAF playing in hacking clubs etc... just for the thrill of getting into the Government/Military domains, for nothing than mere kicks. They brag about their achivements to each other and other Hackers via secure e-mail systems (more secure than we use in some cases) and share the information. At present the most secure way of operating a web based environment is using SSL or S-HTTP.

Now do we as a military work in a web based environment?

Now a geek explanation;
Secure Sockets Layer, a protocol developed by Netscape for transmitting private documents via the Internet. SSL uses a cryptographic system that uses two keys to encrypt data − a public key known to everyone and a private or secret key known only to the recipient of the message. Both Netscape Navigator and Internet Explorer support SSL, and many Web sites use the protocol to obtain confidential user information, such as credit card numbers.By convention, URLs that require an SSL connection start with https: instead of http:.
Another protocol for transmitting data securely over the World Wide Web is Secure HTTP (S-HTTP). Whereas SSL creates a secure connection between a client and a server, over which any amount of data can be sent securely, S-HTTP is designed to transmit individual messages securely. SSL and S-HTTP, therefore, can be seen as complementary rather than competing technologies. Both protocols have been approved by the Internet Engineering Task Force (IETF) as a standard.

Where as HTTP code is written and encoded and decoded in plain text as it were (look at is as transmitting in clear if you will), this is what the backbone of all our systems operate on. Yes this still requires someone to get into the RLI but as 591 have proved it is not hard to do. They are constantly attacking our own systems to prove our own defences (and sterling job they are doing too).

Again however; the Pentagon, NASA and our dear old UK Gov have proved to be vulnerable to attack and have hackers knocking at their doors all the time normally to show up and embariss said Company/Gov etc..., eventually one will get in and if he/she wishes can wreak havoc in our systems and we will be none the wiser, now if they get in and are intent on doing harm to us or our systems, ??????????????

Farfrompuken

JPA. Well, well, well.

The chinless wonders that are 'running' our cr@ppy little militia are harping on about ETHOS, FTDS, Expeditionary Air Force and all sorts of other pointless tosh-like buzzwords, whilst the real 'Ethos' is: Civilianisation, HSAW, Redundancies, LEAN, Base closures, fleet cuts, joke procurement, adoption of inappropriate business practices in the MoD, cost slashing in vital areas whilst wasting 00000s of £s on projects like Icarus that's useless and JPA that fails to pay you on time and is not secure. Brilliant!!

I do hope that at the cocktail party, whenever that may be, the 'work strand' are all presented with their P45s for such an appalling failiure. Hold on, how are they going to get those? Nooooooo.......JPA?!*@

The bottom line is no-one will be accountable. It won't get sorted and we'll all suffer as a resullt. The X-Factor needs a serious boost to keep people away from professionally run organisations.

We're on Bingo Goodwill.

markerboy

Lets face facts. If the government can get away witrh ruining the NHS, slashing the armed forces, sh@@ing who they, why should some high ranking official be held accountable for a little problem like JPA. When will our so called "leadership" wise up and see what's happening on the shop floor.

I for one am growing a little tired off being sent around rhe world, to protect people who bomb me, then coming home to find i haven't even been paid for the pleasure.

End rant.,...

indie cent

Farfrompuken, you're spot on.

But don't forget, we got a whole 3% pay rise.

Why-oh-why did I take the FRI.

Does anybody at the top know or care about any of this - people unpaid; security questions; capped expenses; admin burden - no sorry - nightmare... and a cocktail party indeed..!!! For f sake.