Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9
1006 posts

Uber Geek
+1 received by user: 42


  Reply # 701458 15-Oct-2012 13:43 Send private message

Mark: Just to satisfy my own curiosity about whether my own ethics/morals are "normal" ...

Thumbs up or down if you think the blogger acted illegally or not.



Blogger has admitted that he specifically went looking for files he was not intended to have.

He claims he did so in a manner which required him to "break in" by mapping a drive (ok wasn't hard but the average joe isn't going to know).

He opened files he found, and he took files home (physically or over the internet, doesn't matter).  

He has also admitted that he knew when he did so that these files were of a private confidential nature and that they were not intended for him.

He has also admitted that he did not stop at the first instance but continued on, apparantly looking at thousands of files.

So yes, I believe he has acted in at least some ways illegally.





---
James Sleeman

My hobby - listing small amounts of interesting/useful hobby electronic components hardware and stuff on Trademe for cheap, all good geek stuff for the "maker" revolution ;-)

Tip for Trademe addicts: install an addon for your browser to get thumbs for all listings.

Awesome
3964 posts

Uber Geek
+1 received by user: 561

Trusted
Subscriber

  Reply # 701463 15-Oct-2012 13:49 Send private message

There have already been claims this has been raised (In a non public) way with MSD and nothing was done.

In which case, going public (as well as having the proof it was possible - something he couldn't do without copying the information) was what was needed to get this the appropriate attention.




Twitter: ajobbins

Choice!
711 posts

Ultimate Geek
+1 received by user: 23

Trusted
Subscriber

  Reply # 701465 15-Oct-2012 13:54 Send private message

KiwiNZ: Contact Mr Boyles executive assistant


I think you are grossly underestimating the seriousness of this issue.

2045 posts

Uber Geek
+1 received by user: 118

Trusted

  Reply # 701470 15-Oct-2012 13:59 Send private message

So from the press release (on now), they said that staff do not have access to all the information the kiosk did.

So that seems to point to elevated permissions of the kiosk user/group. Rather than guess/everyone access on all shares/file systems.




Previously known as psycik

NextPVR Based HTPC:

Gigabyte AMD A8 Brix --> Samsung LA46A650D via HDMI, SiliconDust HDHomeRun Dual DVB-T Tuner, NextPVR, Plex Plugin 
Clients:
Popcorn Hour A-100, 1xATV2, 1xATV3, Roku3
Windows 7 Ultimate Host (Plex Server)
3x2TB, 1x3TB, 1x4TB + 1x1.5TB using DriveBender, VMWare Workstation 10 with 1xW7, 2xW2k3 1xUbuntu 11.10 Desktop, 1xWHS2011, Plex, Crashplan, NextPVR channel for Plex

UnblockUS - Unblock your freedom

Voice Engineer @ Orcon
1833 posts

Uber Geek
+1 received by user: 404

Trusted
Orcon
Subscriber

  Reply # 701483 15-Oct-2012 14:19 Send private message

KiwiNZ:To me it is like entering a home to show that is is insecure and then ransacking that home etc.


Again not saying that it was legal but: MSD is a Government Department.  This is a service that we all pay for and expect them to protect the privacy of citizens.

What the reporter has done is not the same as breaking into a private citizen's house in any way, shape or form.  Nor is it the same as ransacking that house, he did not delete or corrupt any data.

BDFL
49621 posts

Uber Geek
+1 received by user: 4465

Administrator
Trusted
Geekzone
Subscriber

  Reply # 701484 15-Oct-2012 14:23 Send private message

KiwiNZ:
ajobbins: There have already been claims this has been raised (In a non public) way with MSD and nothing was done.

In which case, going public (as well as having the proof it was possible - something he couldn't do without copying the information) was what was needed to get this the appropriate attention.


And you know for sure that nothing was being done in the back ground in order to lessen disruption to the users of the service?


If anything was being done in the background then either
  • Kiosks would have turned off before this became public or
  • Permissions would have been changed before this became public.
I have the impression there's an underestimating of the seriousness of the situation, perhaps even ignoring the Privacy Act and its implications.






1241 posts

Uber Geek
+1 received by user: 171


  Reply # 701492 15-Oct-2012 14:28 Send private message

This whole thing is WOW.

The guy shouldn't be charged but I'm very curious about how he knew about the security flaw if he is not a beneficiary or someone who has receiving assistance.

 

I remember in high school typing directories into word to open a file explorer in off access drives.  Could never get to anything personal though, only games and UI settings

Choice!
711 posts

Ultimate Geek
+1 received by user: 23

Trusted
Subscriber

  Reply # 701504 15-Oct-2012 14:42 Send private message

KiwiNZ: You need to understand the Server permissions structure, Applications access and authorisation regimes. Auditing and checking. 


It's a fair assumption that most people reading this thread in the IT Pro forum will have a reasonable understanding of server permissions.

KiwiNZ: Turning off the Kiosks would cause considerable issues to the customer base and this persons actions have now ensured that.


Thankfully those kiosks have now been turned off. Sure a small number of people have been inconvenienced by this, but that's nothing compared to the tens or hundreds of thousands of people that have had their private and sensitive information exposed to anyone with a bit of computer knowledge.


KiwiNZ: I can assure you I am fully aware of the seriousness and consequences of what is happening probably more so than anyone currently involved with this thread.  


No, I really don't think you realise the seriousness of the situation.

843 posts

Ultimate Geek
+1 received by user: 131


  Reply # 701510 15-Oct-2012 14:51 Send private message

I'm also wondering that if he viewed all those thousands of files .... did he edit any ?




BDFL
49621 posts

Uber Geek
+1 received by user: 4465

Administrator
Trusted
Geekzone
Subscriber

  Reply # 701517 15-Oct-2012 15:00 Send private message

Because some of the comments in this thread. For example "Turning off the Kiosks would cause considerable issues to the customer base and this persons actions have now ensured that."

Turning off the kiosks would impact some people, sure. But immediately cut off access to any information to external parties. Then let the witch hunt begin.

If this is a problem that was known for some time then there's no excuses for the kiosks to still be available as it were.

Defending the option of leaving the kiosks on while access to this information was available is simply unbelievable.




Choice!
711 posts

Ultimate Geek
+1 received by user: 23

Trusted
Subscriber

  Reply # 701519 15-Oct-2012 15:01 Send private message

What he said.

Awesome
3964 posts

Uber Geek
+1 received by user: 561

Trusted
Subscriber

  Reply # 701520 15-Oct-2012 15:01 Send private message

KiwiNZ: [Removed on request]


If this is true, yet the kiosks can access all of this and more, they must be running on some kind of elevated permissions account. But why? Assumably they are running some pretty basic apps (Web browser, Office) and are linked to a printer and the internet. I can't see why they would need elevated permissions. In fact, I see no reason why they need to be on the corporate network at all. They should be segregated off totally.

As mentioned before, it seems that this security flaw has been raised with MSD quietly in the past, and nothing was done. Obviously you have inside knowledge, so one can assume you are employed directly or indirectly by the MSD - which could explain why (IMHO) you come across as biased towards defending them.

While Mr Ng may have technically broken the law, he seems to have done so 'for the greater good', has done so I an open, transparent and co-operative way and seemingly without malicious intent. If they decided to sue him over this I think any court would have to consider the context in which this has happened.




Twitter: ajobbins

437 posts

Ultimate Geek
+1 received by user: 9
Inactive user


  Reply # 701532 15-Oct-2012 15:19 Send private message

KiwiNZ: With all due respect I believe that most here are basing their statements on what the press, of course they are the source of ALL fact, are saying.



That sentence makes no sense. Same as your argument really.

Awesome
3964 posts

Uber Geek
+1 received by user: 561

Trusted
Subscriber

  Reply # 701533 15-Oct-2012 15:19 Send private message

KiwiNZ: With all due respect I believe that most here are basing their?statements?on what?the?press, of course they are the source of ALL fact, are saying.



Until MSD come out and publicly say otherwise, what is in the media is all we have to go on.

The actions of the MSD since this story broke only seem to back up and provide credibility to what is currently being reported




Twitter: ajobbins

Choice!
711 posts

Ultimate Geek
+1 received by user: 23

Trusted
Subscriber

  Reply # 701537 15-Oct-2012 15:24 Send private message

KiwiNZ: With all due respect I believe that most here are basing their statements on what the press, of course they are the source of ALL fact, are saying.


Well I watched the press conference today and neither Brendan Boyle nor Paula Bennett denied anything that had been reported. So unless you're saying that the reporter did not get access to all that private data, then I'm quite happy going with the facts as reported.

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9
View this topic in a long page with up to 500 replies per page Create new topic




Twitter »
Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:




News »

Trending now »
Hot discussions in our forums right now:

Moment of Truth?
Created by BarTender, last reply by Geektastic on 22-Sep-2014 10:13 (410 replies)
Pages... 26 27 28


Festival of Democracy
Created by gzt, last reply by Geektastic on 21-Sep-2014 23:11 (117 replies)
Pages... 6 7 8


Predict E(l)ection 2014 & win
Created by nakedmolerat, last reply by networkn on 22-Sep-2014 08:51 (80 replies)
Pages... 4 5 6


IOS8 - Network Load
Created by FireEngine, last reply by raytaylor on 20-Sep-2014 16:55 (45 replies)
Pages... 2 3


Maybe some politicians should go back to school?
Created by jarledb, last reply by DarthKermit on 18-Sep-2014 18:27 (31 replies)
Pages... 2 3


Capital gain tax on property vs other investments.
Created by rayonline, last reply by Geektastic on 22-Sep-2014 09:51 (29 replies)
Pages... 2


Will My VDSL gets better?
Created by coconuts, last reply by Saranis on 21-Sep-2014 11:54 (29 replies)
Pages... 2


6.6Mb/s "in spec" for Torbay, Auckland?
Created by theasset13, last reply by theasset13 on 20-Sep-2014 17:13 (28 replies)
Pages... 2



Geekzone Live »
Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.