Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
Buying anything on Amazon? Please use the Geekzone Amazon aff link.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9
1020 posts

Uber Geek
+1 received by user: 46


  Reply # 701458 15-Oct-2012 13:43 Send private message

Mark: Just to satisfy my own curiosity about whether my own ethics/morals are "normal" ...

Thumbs up or down if you think the blogger acted illegally or not.



Blogger has admitted that he specifically went looking for files he was not intended to have.

He claims he did so in a manner which required him to "break in" by mapping a drive (ok wasn't hard but the average joe isn't going to know).

He opened files he found, and he took files home (physically or over the internet, doesn't matter).  

He has also admitted that he knew when he did so that these files were of a private confidential nature and that they were not intended for him.

He has also admitted that he did not stop at the first instance but continued on, apparantly looking at thousands of files.

So yes, I believe he has acted in at least some ways illegally.





---
James Sleeman

My hobby - listing small amounts of interesting/useful hobby electronic components hardware and stuff on Trademe for cheap, all good geek stuff for the "maker" revolution ;-)

Tip for Trademe addicts: install an addon for your browser to get thumbs for all listings.

Awesome
4077 posts

Uber Geek
+1 received by user: 643

Trusted
Subscriber

  Reply # 701463 15-Oct-2012 13:49 Send private message

There have already been claims this has been raised (In a non public) way with MSD and nothing was done.

In which case, going public (as well as having the proof it was possible - something he couldn't do without copying the information) was what was needed to get this the appropriate attention.




Twitter: ajobbins

Choice!
713 posts

Ultimate Geek
+1 received by user: 24

Trusted
Subscriber

  Reply # 701465 15-Oct-2012 13:54 Send private message

KiwiNZ: Contact Mr Boyles executive assistant


I think you are grossly underestimating the seriousness of this issue.

2106 posts

Uber Geek
+1 received by user: 125

Trusted

  Reply # 701470 15-Oct-2012 13:59 Send private message

So from the press release (on now), they said that staff do not have access to all the information the kiosk did.

So that seems to point to elevated permissions of the kiosk user/group. Rather than guess/everyone access on all shares/file systems.




Previously known as psycik

NextPVR Based HTPC:

Gigabyte AMD A8 Brix --> Samsung LA46A650D via HDMI, SiliconDust HDHomeRun Dual DVB-T Tuner, NextPVR, Plex Plugin 
Clients:
Popcorn Hour A-100, 1xATV2, 1xATV3, Roku3
Windows 7 Ultimate Host (Plex Server)
3x2TB, 1x3TB, 1x4TB + 1x1.5TB using DriveBender, VMWare Workstation 10 with 1xW7, 2xW2k3 1xUbuntu 11.10 Desktop, 1xWHS2011, Plex, Crashplan, NextPVR channel for Plex

UnblockUS - Unblock your freedom

Voice Engineer @ Orcon
2016 posts

Uber Geek
+1 received by user: 480

Trusted
Orcon
Subscriber

  Reply # 701483 15-Oct-2012 14:19 Send private message

KiwiNZ:To me it is like entering a home to show that is is insecure and then ransacking that home etc.


Again not saying that it was legal but: MSD is a Government Department.  This is a service that we all pay for and expect them to protect the privacy of citizens.

What the reporter has done is not the same as breaking into a private citizen's house in any way, shape or form.  Nor is it the same as ransacking that house, he did not delete or corrupt any data.

BDFL
50460 posts

Uber Geek
+1 received by user: 4856

Administrator
Trusted
Geekzone
Subscriber

  Reply # 701484 15-Oct-2012 14:23 Send private message

KiwiNZ:
ajobbins: There have already been claims this has been raised (In a non public) way with MSD and nothing was done.

In which case, going public (as well as having the proof it was possible - something he couldn't do without copying the information) was what was needed to get this the appropriate attention.


And you know for sure that nothing was being done in the back ground in order to lessen disruption to the users of the service?


If anything was being done in the background then either
  • Kiosks would have turned off before this became public or
  • Permissions would have been changed before this became public.
I have the impression there's an underestimating of the seriousness of the situation, perhaps even ignoring the Privacy Act and its implications.






1302 posts

Uber Geek
+1 received by user: 193


  Reply # 701492 15-Oct-2012 14:28 Send private message

This whole thing is WOW.

The guy shouldn't be charged but I'm very curious about how he knew about the security flaw if he is not a beneficiary or someone who has receiving assistance.

 

I remember in high school typing directories into word to open a file explorer in off access drives.  Could never get to anything personal though, only games and UI settings

Choice!
713 posts

Ultimate Geek
+1 received by user: 24

Trusted
Subscriber

  Reply # 701504 15-Oct-2012 14:42 Send private message

KiwiNZ: You need to understand the Server permissions structure, Applications access and authorisation regimes. Auditing and checking. 


It's a fair assumption that most people reading this thread in the IT Pro forum will have a reasonable understanding of server permissions.

KiwiNZ: Turning off the Kiosks would cause considerable issues to the customer base and this persons actions have now ensured that.


Thankfully those kiosks have now been turned off. Sure a small number of people have been inconvenienced by this, but that's nothing compared to the tens or hundreds of thousands of people that have had their private and sensitive information exposed to anyone with a bit of computer knowledge.


KiwiNZ: I can assure you I am fully aware of the seriousness and consequences of what is happening probably more so than anyone currently involved with this thread.  


No, I really don't think you realise the seriousness of the situation.

918 posts

Ultimate Geek
+1 received by user: 170


  Reply # 701510 15-Oct-2012 14:51 Send private message

I'm also wondering that if he viewed all those thousands of files .... did he edit any ?




BDFL
50460 posts

Uber Geek
+1 received by user: 4856

Administrator
Trusted
Geekzone
Subscriber

  Reply # 701517 15-Oct-2012 15:00 Send private message

Because some of the comments in this thread. For example "Turning off the Kiosks would cause considerable issues to the customer base and this persons actions have now ensured that."

Turning off the kiosks would impact some people, sure. But immediately cut off access to any information to external parties. Then let the witch hunt begin.

If this is a problem that was known for some time then there's no excuses for the kiosks to still be available as it were.

Defending the option of leaving the kiosks on while access to this information was available is simply unbelievable.




Choice!
713 posts

Ultimate Geek
+1 received by user: 24

Trusted
Subscriber

  Reply # 701519 15-Oct-2012 15:01 Send private message

What he said.

Awesome
4077 posts

Uber Geek
+1 received by user: 643

Trusted
Subscriber

  Reply # 701520 15-Oct-2012 15:01 Send private message

KiwiNZ: [Removed on request]


If this is true, yet the kiosks can access all of this and more, they must be running on some kind of elevated permissions account. But why? Assumably they are running some pretty basic apps (Web browser, Office) and are linked to a printer and the internet. I can't see why they would need elevated permissions. In fact, I see no reason why they need to be on the corporate network at all. They should be segregated off totally.

As mentioned before, it seems that this security flaw has been raised with MSD quietly in the past, and nothing was done. Obviously you have inside knowledge, so one can assume you are employed directly or indirectly by the MSD - which could explain why (IMHO) you come across as biased towards defending them.

While Mr Ng may have technically broken the law, he seems to have done so 'for the greater good', has done so I an open, transparent and co-operative way and seemingly without malicious intent. If they decided to sue him over this I think any court would have to consider the context in which this has happened.




Twitter: ajobbins

437 posts

Ultimate Geek
+1 received by user: 9
Inactive user


  Reply # 701532 15-Oct-2012 15:19 Send private message

KiwiNZ: With all due respect I believe that most here are basing their statements on what the press, of course they are the source of ALL fact, are saying.



That sentence makes no sense. Same as your argument really.

Awesome
4077 posts

Uber Geek
+1 received by user: 643

Trusted
Subscriber

  Reply # 701533 15-Oct-2012 15:19 Send private message

KiwiNZ: With all due respect I believe that most here are basing their?statements?on what?the?press, of course they are the source of ALL fact, are saying.



Until MSD come out and publicly say otherwise, what is in the media is all we have to go on.

The actions of the MSD since this story broke only seem to back up and provide credibility to what is currently being reported




Twitter: ajobbins

Choice!
713 posts

Ultimate Geek
+1 received by user: 24

Trusted
Subscriber

  Reply # 701537 15-Oct-2012 15:24 Send private message

KiwiNZ: With all due respect I believe that most here are basing their statements on what the press, of course they are the source of ALL fact, are saying.


Well I watched the press conference today and neither Brendan Boyle nor Paula Bennett denied anything that had been reported. So unless you're saying that the reporter did not get access to all that private data, then I'm quite happy going with the facts as reported.

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9
View this topic in a long page with up to 500 replies per page Create new topic




Twitter »
Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





Trending now »

Hot discussions in our forums right now:

Has Spark (Telecom) locked their iphone 6 ?
Created by anewguy2014, last reply by michaelmurfy on 17-Dec-2014 14:32 (25 replies)
Pages... 2


forgot how to unlock a car door
Created by joker97, last reply by joker97 on 19-Dec-2014 19:10 (49 replies)
Pages... 2 3 4


Police Camera Van Disguise
Created by Reanalyse, last reply by joker97 on 20-Dec-2014 11:41 (46 replies)
Pages... 2 3 4


In defence of cats
Created by Rikkitic, last reply by DarthKermit on 17-Dec-2014 15:40 (68 replies)
Pages... 3 4 5


Slaughter of Innocents
Created by networkn, last reply by networkn on 19-Dec-2014 17:46 (64 replies)
Pages... 3 4 5


How is iParcel these days?
Created by peejayw, last reply by surfisup1000 on 18-Dec-2014 21:45 (19 replies)
Pages... 2


Spray Foam Insulation
Created by AACTech, last reply by timbosan on 19-Dec-2014 16:58 (36 replies)
Pages... 2 3


How to upload 150GB of photos to iCloud?
Created by josephhinvest, last reply by timbosan on 17-Dec-2014 15:05 (35 replies)
Pages... 2 3



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.