Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
Buying anything on Amazon? Please use the Geekzone Amazon aff link.




3701 posts

Uber Geek
+1 received by user: 948

Trusted

Topic # 110691 14-Oct-2012 23:21 Send private message

Heres an infosec nightmare for you on a late sunday night - this will be front page news tomorrow:
http://publicaddress.net/onpoint/msds-leaky-servers/

Try and reach the bottom of the article without dying inside.

Now trending on twitter
https://twitter.com/search/realtime?q=%23wtfmsd&src=hash

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9
Captain Awesome
278 posts

Ultimate Geek
+1 received by user: 16

Subscriber

  Reply # 701187 14-Oct-2012 23:35 Send private message

This sort of security makes me want to bang my head on a wall. How can any trained network technician be this stupid?





94 posts

Master Geek
+1 received by user: 2


  Reply # 701188 14-Oct-2012 23:35 Send private message

Wow that's a pretty big stuff up.

3043 posts

Uber Geek
+1 received by user: 223

Trusted
Subscriber

  Reply # 701189 14-Oct-2012 23:37 Send private message

HAHAHAHA.

Must be looked after by the networking support arm of Wheedle's developers.





1391 posts

Uber Geek
+1 received by user: 156


  Reply # 701194 14-Oct-2012 23:52 Send private message

These are the same people that won't let you put a little USB stick in to their workstation to transfer a CV and cover letter on to their computer.





Sometimes what you don't get is a blessing in disguise!

1209 posts

Uber Geek
+1 received by user: 265


  Reply # 701195 14-Oct-2012 23:54 Send private message

lol this is pretty amusing, but not overly surprising at all.





mjb

922 posts

Ultimate Geek
+1 received by user: 21

Trusted

  Reply # 701197 15-Oct-2012 00:00 Send private message

404 on pa.net already...

edit: no, that's the space on the end of the URL in the OP.




contentsofsignaturemaysettleduringshipping



3701 posts

Uber Geek
+1 received by user: 948

Trusted

  Reply # 701199 15-Oct-2012 00:06 Send private message

mjb: 404 on pa.net already...

edit: no, that's the space on the end of the URL in the OP.


Cheers, im used to forums auto creating hyperlink bbcode for me.

546 posts

Ultimate Geek
+1 received by user: 31

Subscriber

  Reply # 701200 15-Oct-2012 00:09 Send private message

*double facepalm*

mjb

922 posts

Ultimate Geek
+1 received by user: 21

Trusted

  Reply # 701201 15-Oct-2012 00:10 Send private message

eXDee: Cheers, im used to forums auto creating hyperlink bbcode for me.


No problem.


Now that I've read the story... it's a really sad situation when I'm just totally not surprised.




contentsofsignaturemaysettleduringshipping

1018 posts

Uber Geek
+1 received by user: 46


  Reply # 701211 15-Oct-2012 02:38 Send private message

I think if I had been the one to find such a security problem, I would have reported it anonymously to the ministry, police, and privacy commisioner.

Probably was not a good idea to say...
1. that he performed a specific action to get the access (mapped a drive through the Open File dialog in Word)
2. searched through files which he unquestionably knew he was not supposed to access
3. read files which he unquestionably knew he was not supposed to access
4. sounds like he actually might have sent the files to himself as well
5. he says he was tipped off about  it, which means that somebody he knew (or anon) had access before him

At the least, the guy is probably going to have his computers seized for analysis and be interviewed by police.




---
James Sleeman

My hobby - listing small amounts of interesting/useful hobby electronic components hardware and stuff on Trademe for cheap, all good geek stuff for the "maker" revolution ;-)

Tip for Trademe addicts: install an addon for your browser to get thumbs for all listings.

2533 posts

Uber Geek
+1 received by user: 252

Trusted
Subscriber

  Reply # 701219 15-Oct-2012 07:50 Send private message

sleemanj: I think if I had been the one to find such a security problem, I would have reported it anonymously to the ministry, police, and privacy commisioner.

Probably was not a good idea to say...
1. that he performed a specific action to get the access (mapped a drive through the Open File dialog in Word)
2. searched through files which he unquestionably knew he was not supposed to access
3. read files which he unquestionably knew he was not supposed to access
4. sounds like he actually might have sent the files to himself as well
5. he says he was tipped off about  it, which means that somebody he knew (or anon) had access before him

At the least, the guy is probably going to have his computers seized for analysis and be interviewed by police.


Probably not actually.  If YOU did it, then sure.  But he's a journalist, even if for a small but popular blogging network.  They won't risk the bad PR from attacking the press directly because the press will close ranks and make the government out to be the devil incarnate.

The sad thing is that I know other government departments with similar issues.

BDFL
50362 posts

Uber Geek
+1 received by user: 4864

Administrator
Trusted
Geekzone
Subscriber

  Reply # 701225 15-Oct-2012 08:14 Send private message

The bad thing is that the kiosks will be pulled, the endpoint will be blamed, but the fact actual information is available to people who should not see it (internally) will not be addressed.





gjm

678 posts

Ultimate Geek
+1 received by user: 73


  Reply # 701234 15-Oct-2012 09:03 Send private message

just read the blog entry....unbelievable. There is no face big enough in the world to contain the number of palms required for this. It looks like it may have even been possible to copy over some of their hyper v machines??? Is this the department that was just talking about making a new database for at risk children that would definitely be secure or was that a different one?




[Amstrad CPC 6128: 128k Memory: 3 inch floppy drive: Colour Screen]

BDFL
50362 posts

Uber Geek
+1 received by user: 4864

Administrator
Trusted
Geekzone
Subscriber

  Reply # 701239 15-Oct-2012 09:06 Send private message

The government will "investigate" and nothing will come out of it.

They spend money in important things. Things that show up and get votes. Backend IT infrastructure doesn't get votes.




2047 posts

Uber Geek
+1 received by user: 286

Trusted
Subscriber

  Reply # 701246 15-Oct-2012 09:15 Send private message

Which organisation was contracted to setup the security?

 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9
View this topic in a long page with up to 500 replies per page Create new topic




Twitter »
Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





Trending now »

Hot discussions in our forums right now:

Crew Drinking on Flights - Why!?
Created by networkn, last reply by Dratsab on 21-Dec-2014 22:04 (27 replies)
Pages... 2


Police Camera Van Disguise
Created by Reanalyse, last reply by lNomNoml on 21-Dec-2014 23:33 (75 replies)
Pages... 3 4 5


Do I have the right to return this?
Created by corksta, last reply by kiwibro111 on 21-Dec-2014 23:54 (45 replies)
Pages... 2 3


Slaughter of Innocents
Created by networkn, last reply by networkn on 19-Dec-2014 17:46 (64 replies)
Pages... 3 4 5


Spray Foam Insulation
Created by AACTech, last reply by timbosan on 19-Dec-2014 16:58 (36 replies)
Pages... 2 3


Couriers starting to charge for redelivery
Created by mattwnz, last reply by rendezvous on 19-Dec-2014 11:45 (78 replies)
Pages... 4 5 6


Google Chromecast now available in New Zealand
Created by freitasm, last reply by michelangelonz on 20-Dec-2014 10:38 (155 replies)
Pages... 9 10 11


forgot how to unlock a car door
Created by joker97, last reply by joker97 on 21-Dec-2014 07:34 (53 replies)
Pages... 2 3 4



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.