Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9
1018 posts

Uber Geek
+1 received by user: 46


  Reply # 701458 15-Oct-2012 13:43 Send private message

Mark: Just to satisfy my own curiosity about whether my own ethics/morals are "normal" ...

Thumbs up or down if you think the blogger acted illegally or not.



Blogger has admitted that he specifically went looking for files he was not intended to have.

He claims he did so in a manner which required him to "break in" by mapping a drive (ok wasn't hard but the average joe isn't going to know).

He opened files he found, and he took files home (physically or over the internet, doesn't matter).  

He has also admitted that he knew when he did so that these files were of a private confidential nature and that they were not intended for him.

He has also admitted that he did not stop at the first instance but continued on, apparantly looking at thousands of files.

So yes, I believe he has acted in at least some ways illegally.





---
James Sleeman

My hobby - listing small amounts of interesting/useful hobby electronic components hardware and stuff on Trademe for cheap, all good geek stuff for the "maker" revolution ;-)

Tip for Trademe addicts: install an addon for your browser to get thumbs for all listings.

Awesome
4021 posts

Uber Geek
+1 received by user: 584

Trusted
Subscriber

  Reply # 701463 15-Oct-2012 13:49 Send private message

There have already been claims this has been raised (In a non public) way with MSD and nothing was done.

In which case, going public (as well as having the proof it was possible - something he couldn't do without copying the information) was what was needed to get this the appropriate attention.




Twitter: ajobbins

Choice!
711 posts

Ultimate Geek
+1 received by user: 24

Trusted
Subscriber

  Reply # 701465 15-Oct-2012 13:54 Send private message

KiwiNZ: Contact Mr Boyles executive assistant


I think you are grossly underestimating the seriousness of this issue.

2073 posts

Uber Geek
+1 received by user: 119

Trusted

  Reply # 701470 15-Oct-2012 13:59 Send private message

So from the press release (on now), they said that staff do not have access to all the information the kiosk did.

So that seems to point to elevated permissions of the kiosk user/group. Rather than guess/everyone access on all shares/file systems.




Previously known as psycik

NextPVR Based HTPC:

Gigabyte AMD A8 Brix --> Samsung LA46A650D via HDMI, SiliconDust HDHomeRun Dual DVB-T Tuner, NextPVR, Plex Plugin 
Clients:
Popcorn Hour A-100, 1xATV2, 1xATV3, Roku3
Windows 7 Ultimate Host (Plex Server)
3x2TB, 1x3TB, 1x4TB + 1x1.5TB using DriveBender, VMWare Workstation 10 with 1xW7, 2xW2k3 1xUbuntu 11.10 Desktop, 1xWHS2011, Plex, Crashplan, NextPVR channel for Plex

UnblockUS - Unblock your freedom

Voice Engineer @ Orcon
1940 posts

Uber Geek
+1 received by user: 439

Trusted
Orcon
Subscriber

  Reply # 701483 15-Oct-2012 14:19 Send private message

KiwiNZ:To me it is like entering a home to show that is is insecure and then ransacking that home etc.


Again not saying that it was legal but: MSD is a Government Department.  This is a service that we all pay for and expect them to protect the privacy of citizens.

What the reporter has done is not the same as breaking into a private citizen's house in any way, shape or form.  Nor is it the same as ransacking that house, he did not delete or corrupt any data.

BDFL
49997 posts

Uber Geek
+1 received by user: 4646

Administrator
Trusted
Geekzone
Subscriber

  Reply # 701484 15-Oct-2012 14:23 Send private message

KiwiNZ:
ajobbins: There have already been claims this has been raised (In a non public) way with MSD and nothing was done.

In which case, going public (as well as having the proof it was possible - something he couldn't do without copying the information) was what was needed to get this the appropriate attention.


And you know for sure that nothing was being done in the back ground in order to lessen disruption to the users of the service?


If anything was being done in the background then either
  • Kiosks would have turned off before this became public or
  • Permissions would have been changed before this became public.
I have the impression there's an underestimating of the seriousness of the situation, perhaps even ignoring the Privacy Act and its implications.






1290 posts

Uber Geek
+1 received by user: 191


  Reply # 701492 15-Oct-2012 14:28 Send private message

This whole thing is WOW.

The guy shouldn't be charged but I'm very curious about how he knew about the security flaw if he is not a beneficiary or someone who has receiving assistance.

 

I remember in high school typing directories into word to open a file explorer in off access drives.  Could never get to anything personal though, only games and UI settings

Choice!
711 posts

Ultimate Geek
+1 received by user: 24

Trusted
Subscriber

  Reply # 701504 15-Oct-2012 14:42 Send private message

KiwiNZ: You need to understand the Server permissions structure, Applications access and authorisation regimes. Auditing and checking. 


It's a fair assumption that most people reading this thread in the IT Pro forum will have a reasonable understanding of server permissions.

KiwiNZ: Turning off the Kiosks would cause considerable issues to the customer base and this persons actions have now ensured that.


Thankfully those kiosks have now been turned off. Sure a small number of people have been inconvenienced by this, but that's nothing compared to the tens or hundreds of thousands of people that have had their private and sensitive information exposed to anyone with a bit of computer knowledge.


KiwiNZ: I can assure you I am fully aware of the seriousness and consequences of what is happening probably more so than anyone currently involved with this thread.  


No, I really don't think you realise the seriousness of the situation.

891 posts

Ultimate Geek
+1 received by user: 149


  Reply # 701510 15-Oct-2012 14:51 Send private message

I'm also wondering that if he viewed all those thousands of files .... did he edit any ?




BDFL
49997 posts

Uber Geek
+1 received by user: 4646

Administrator
Trusted
Geekzone
Subscriber

  Reply # 701517 15-Oct-2012 15:00 Send private message

Because some of the comments in this thread. For example "Turning off the Kiosks would cause considerable issues to the customer base and this persons actions have now ensured that."

Turning off the kiosks would impact some people, sure. But immediately cut off access to any information to external parties. Then let the witch hunt begin.

If this is a problem that was known for some time then there's no excuses for the kiosks to still be available as it were.

Defending the option of leaving the kiosks on while access to this information was available is simply unbelievable.




Choice!
711 posts

Ultimate Geek
+1 received by user: 24

Trusted
Subscriber

  Reply # 701519 15-Oct-2012 15:01 Send private message

What he said.

Awesome
4021 posts

Uber Geek
+1 received by user: 584

Trusted
Subscriber

  Reply # 701520 15-Oct-2012 15:01 Send private message

KiwiNZ: [Removed on request]


If this is true, yet the kiosks can access all of this and more, they must be running on some kind of elevated permissions account. But why? Assumably they are running some pretty basic apps (Web browser, Office) and are linked to a printer and the internet. I can't see why they would need elevated permissions. In fact, I see no reason why they need to be on the corporate network at all. They should be segregated off totally.

As mentioned before, it seems that this security flaw has been raised with MSD quietly in the past, and nothing was done. Obviously you have inside knowledge, so one can assume you are employed directly or indirectly by the MSD - which could explain why (IMHO) you come across as biased towards defending them.

While Mr Ng may have technically broken the law, he seems to have done so 'for the greater good', has done so I an open, transparent and co-operative way and seemingly without malicious intent. If they decided to sue him over this I think any court would have to consider the context in which this has happened.




Twitter: ajobbins

437 posts

Ultimate Geek
+1 received by user: 9
Inactive user


  Reply # 701532 15-Oct-2012 15:19 Send private message

KiwiNZ: With all due respect I believe that most here are basing their statements on what the press, of course they are the source of ALL fact, are saying.



That sentence makes no sense. Same as your argument really.

Awesome
4021 posts

Uber Geek
+1 received by user: 584

Trusted
Subscriber

  Reply # 701533 15-Oct-2012 15:19 Send private message

KiwiNZ: With all due respect I believe that most here are basing their?statements?on what?the?press, of course they are the source of ALL fact, are saying.



Until MSD come out and publicly say otherwise, what is in the media is all we have to go on.

The actions of the MSD since this story broke only seem to back up and provide credibility to what is currently being reported




Twitter: ajobbins

Choice!
711 posts

Ultimate Geek
+1 received by user: 24

Trusted
Subscriber

  Reply # 701537 15-Oct-2012 15:24 Send private message

KiwiNZ: With all due respect I believe that most here are basing their statements on what the press, of course they are the source of ALL fact, are saying.


Well I watched the press conference today and neither Brendan Boyle nor Paula Bennett denied anything that had been reported. So unless you're saying that the reporter did not get access to all that private data, then I'm quite happy going with the facts as reported.

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9
View this topic in a long page with up to 500 replies per page Create new topic




Twitter »
Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





Trending now »

Hot discussions in our forums right now:

Government Limos
Created by networkn, last reply by Bung on 31-Oct-2014 12:39 (94 replies)
Pages... 5 6 7


Snap refuses to replace faulty gear
Created by Brendan, last reply by MadEngineer on 28-Oct-2014 19:07 (92 replies)
Pages... 5 6 7


Shutup and take my money (via NFC on my mobile phone)
Created by sxz, last reply by sonyxperiageek on 31-Oct-2014 22:34 (24 replies)
Pages... 2


How good is your general Science Knowledge?
Created by Aredwood, last reply by Sideface on 1-Nov-2014 18:32 (47 replies)
Pages... 2 3 4


OneDrive code giveaway - go!
Created by freitasm, last reply by PhantomNVD on 1-Nov-2014 10:31 (36 replies)
Pages... 2 3


Uber: a cheaper taxi ride?
Created by kingdragonfly, last reply by livisun on 31-Oct-2014 14:47 (34 replies)
Pages... 2 3


Sky will be 'upgrading software' of My Sky to connect to internet. What does that mean?
Created by Geektastic, last reply by TwoSeven on 1-Nov-2014 17:43 (30 replies)
Pages... 2


DDos Protection from ISP
Created by charsleysa, last reply by freitasm on 31-Oct-2014 12:11 (46 replies)
Pages... 2 3 4



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.