Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9
1001 posts

Uber Geek
+1 received by user: 39


  Reply # 701458 15-Oct-2012 13:43 Send private message

Mark: Just to satisfy my own curiosity about whether my own ethics/morals are "normal" ...

Thumbs up or down if you think the blogger acted illegally or not.



Blogger has admitted that he specifically went looking for files he was not intended to have.

He claims he did so in a manner which required him to "break in" by mapping a drive (ok wasn't hard but the average joe isn't going to know).

He opened files he found, and he took files home (physically or over the internet, doesn't matter).  

He has also admitted that he knew when he did so that these files were of a private confidential nature and that they were not intended for him.

He has also admitted that he did not stop at the first instance but continued on, apparantly looking at thousands of files.

So yes, I believe he has acted in at least some ways illegally.





---
James Sleeman

My hobby - listing small amounts of interesting/useful hobby electronic components hardware and stuff on Trademe for cheap, all good geek stuff for the "maker" revolution ;-)

Tip for Trademe addicts: install an addon for your browser to get thumbs for all listings.

Awesome
3845 posts

Uber Geek
+1 received by user: 367

Trusted
Subscriber

  Reply # 701463 15-Oct-2012 13:49 Send private message

There have already been claims this has been raised (In a non public) way with MSD and nothing was done.

In which case, going public (as well as having the proof it was possible - something he couldn't do without copying the information) was what was needed to get this the appropriate attention.




Twitter: ajobbins

Choice!
706 posts

Ultimate Geek
+1 received by user: 17

Trusted
Subscriber

  Reply # 701465 15-Oct-2012 13:54 Send private message

KiwiNZ: Contact Mr Boyles executive assistant


I think you are grossly underestimating the seriousness of this issue.

1994 posts

Uber Geek
+1 received by user: 109

Trusted

  Reply # 701470 15-Oct-2012 13:59 Send private message

So from the press release (on now), they said that staff do not have access to all the information the kiosk did.

So that seems to point to elevated permissions of the kiosk user/group. Rather than guess/everyone access on all shares/file systems.




Previously known as psycik

NextPVR Based HTPC:

2 x HVR3000 - DVB-S - Freeview, HVR3000 - DVB-T Freeview|HD, Nova-T 500 - Dual Freeview|HD, Digital Coax --> Yamaha RX-v540, 8600GT --> Samsung LA46A650D via HDMI
Clients:
Popcorn Hour A-100, 1xATV2, 1xATV3, Roku3
Windows 7 Ultimate Host (Plex Server)
3x2TB, 1x3TB, 1x4TB + 1x1.5TB using DriveBender, VMWare Workstation 10 with 1xW7, 2xW2k3 1xUbuntu 11.10 Desktop, 1xWHS2011, Plex, Crashplan

UnblockUS - Unblock your freedom

Voice Engineer @ Orcon
1775 posts

Uber Geek
+1 received by user: 380

Trusted
Orcon
Subscriber

  Reply # 701483 15-Oct-2012 14:19 Send private message

KiwiNZ:To me it is like entering a home to show that is is insecure and then ransacking that home etc.


Again not saying that it was legal but: MSD is a Government Department.  This is a service that we all pay for and expect them to protect the privacy of citizens.

What the reporter has done is not the same as breaking into a private citizen's house in any way, shape or form.  Nor is it the same as ransacking that house, he did not delete or corrupt any data.

BDFL
49160 posts

Uber Geek
+1 received by user: 4159

Administrator
Trusted
Geekzone
Subscriber

  Reply # 701484 15-Oct-2012 14:23 Send private message

KiwiNZ:
ajobbins: There have already been claims this has been raised (In a non public) way with MSD and nothing was done.

In which case, going public (as well as having the proof it was possible - something he couldn't do without copying the information) was what was needed to get this the appropriate attention.


And you know for sure that nothing was being done in the back ground in order to lessen disruption to the users of the service?


If anything was being done in the background then either
  • Kiosks would have turned off before this became public or
  • Permissions would have been changed before this became public.
I have the impression there's an underestimating of the seriousness of the situation, perhaps even ignoring the Privacy Act and its implications.






1133 posts

Uber Geek
+1 received by user: 140


  Reply # 701492 15-Oct-2012 14:28 Send private message

This whole thing is WOW.

The guy shouldn't be charged but I'm very curious about how he knew about the security flaw if he is not a beneficiary or someone who has receiving assistance.

 

I remember in high school typing directories into word to open a file explorer in off access drives.  Could never get to anything personal though, only games and UI settings

Choice!
706 posts

Ultimate Geek
+1 received by user: 17

Trusted
Subscriber

  Reply # 701504 15-Oct-2012 14:42 Send private message

KiwiNZ: You need to understand the Server permissions structure, Applications access and authorisation regimes. Auditing and checking. 


It's a fair assumption that most people reading this thread in the IT Pro forum will have a reasonable understanding of server permissions.

KiwiNZ: Turning off the Kiosks would cause considerable issues to the customer base and this persons actions have now ensured that.


Thankfully those kiosks have now been turned off. Sure a small number of people have been inconvenienced by this, but that's nothing compared to the tens or hundreds of thousands of people that have had their private and sensitive information exposed to anyone with a bit of computer knowledge.


KiwiNZ: I can assure you I am fully aware of the seriousness and consequences of what is happening probably more so than anyone currently involved with this thread.  


No, I really don't think you realise the seriousness of the situation.

808 posts

Ultimate Geek
+1 received by user: 118


  Reply # 701510 15-Oct-2012 14:51 Send private message

I'm also wondering that if he viewed all those thousands of files .... did he edit any ?




BDFL
49160 posts

Uber Geek
+1 received by user: 4159

Administrator
Trusted
Geekzone
Subscriber

  Reply # 701517 15-Oct-2012 15:00 Send private message

Because some of the comments in this thread. For example "Turning off the Kiosks would cause considerable issues to the customer base and this persons actions have now ensured that."

Turning off the kiosks would impact some people, sure. But immediately cut off access to any information to external parties. Then let the witch hunt begin.

If this is a problem that was known for some time then there's no excuses for the kiosks to still be available as it were.

Defending the option of leaving the kiosks on while access to this information was available is simply unbelievable.




Choice!
706 posts

Ultimate Geek
+1 received by user: 17

Trusted
Subscriber

  Reply # 701519 15-Oct-2012 15:01 Send private message

What he said.

Awesome
3845 posts

Uber Geek
+1 received by user: 367

Trusted
Subscriber

  Reply # 701520 15-Oct-2012 15:01 Send private message

KiwiNZ: [Removed on request]


If this is true, yet the kiosks can access all of this and more, they must be running on some kind of elevated permissions account. But why? Assumably they are running some pretty basic apps (Web browser, Office) and are linked to a printer and the internet. I can't see why they would need elevated permissions. In fact, I see no reason why they need to be on the corporate network at all. They should be segregated off totally.

As mentioned before, it seems that this security flaw has been raised with MSD quietly in the past, and nothing was done. Obviously you have inside knowledge, so one can assume you are employed directly or indirectly by the MSD - which could explain why (IMHO) you come across as biased towards defending them.

While Mr Ng may have technically broken the law, he seems to have done so 'for the greater good', has done so I an open, transparent and co-operative way and seemingly without malicious intent. If they decided to sue him over this I think any court would have to consider the context in which this has happened.




Twitter: ajobbins

437 posts

Ultimate Geek
+1 received by user: 9
Inactive user


  Reply # 701532 15-Oct-2012 15:19 Send private message

KiwiNZ: With all due respect I believe that most here are basing their statements on what the press, of course they are the source of ALL fact, are saying.



That sentence makes no sense. Same as your argument really.

Awesome
3845 posts

Uber Geek
+1 received by user: 367

Trusted
Subscriber

  Reply # 701533 15-Oct-2012 15:19 Send private message

KiwiNZ: With all due respect I believe that most here are basing their?statements?on what?the?press, of course they are the source of ALL fact, are saying.



Until MSD come out and publicly say otherwise, what is in the media is all we have to go on.

The actions of the MSD since this story broke only seem to back up and provide credibility to what is currently being reported




Twitter: ajobbins

Choice!
706 posts

Ultimate Geek
+1 received by user: 17

Trusted
Subscriber

  Reply # 701537 15-Oct-2012 15:24 Send private message

KiwiNZ: With all due respect I believe that most here are basing their statements on what the press, of course they are the source of ALL fact, are saying.


Well I watched the press conference today and neither Brendan Boyle nor Paula Bennett denied anything that had been reported. So unless you're saying that the reporter did not get access to all that private data, then I'm quite happy going with the facts as reported.

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9
View this topic in a long page with up to 500 replies per page Create new topic




Twitter »
Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:




News »

Trending now »
Hot discussions in our forums right now:

Hierarchy of a mistake: Gerry Brownlee
Created by joker97, last reply by nathan on 26-Jul-2014 04:30 (68 replies)
Pages... 3 4 5


Dick Smith in Continual Sale Mode
Created by Dynamic, last reply by Dunnersfella on 28-Jul-2014 22:07 (55 replies)
Pages... 2 3 4


Logitech K400r HTPC Cordless Keyboard Half Price
Created by Dynamic, last reply by Blanch on 28-Jul-2014 22:16 (25 replies)
Pages... 2


VF, why you lie to me?
Created by kenkeniff, last reply by quickymart on 28-Jul-2014 21:45 (24 replies)
Pages... 2


2 x PS4s to give away. Geekzone members only.
Created by BigPipeNZ, last reply by steve98 on 28-Jul-2014 21:51 (23 replies)
Pages... 2


Checking UHF aerial is working
Created by OnceBitten, last reply by B1GGLZ on 28-Jul-2014 21:49 (21 replies)
Pages... 2


Bridge Work - Auckland
Created by networkn, last reply by jeffnz on 28-Jul-2014 21:18 (19 replies)
Pages... 2


Is chorus going to deliberately slow adsl internet down
Created by rugrat, last reply by juha on 26-Jul-2014 14:25 (54 replies)
Pages... 2 3 4



Geekzone Live »
Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.