Ministry of Social Development security woes

Check our new Geekzone Price Comparison web site for electronics prices in New Zealand.

Forums › IT Pro › Ministry of Social Development security woes

eXDee

2852 posts

Uber Geek

Trusted

Topic # 110691 14-Oct-2012 23:21
Heres an infosec nightmare for you on a late sunday night - this will be front page news tomorrow: http://publicaddress.net/onpoint/msds-leaky-servers/ Try and reach the bottom of the article without dying inside. Now trending on twitter https://twitter.com/search/realtime?q=%23wtfmsd&src=hash

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9

221 posts

Master Geek

Reply # 701187 14-Oct-2012 23:35
This sort of security makes me want to bang my head on a wall. How can any trained network technician be this stupid?

Strongbad1905

86 posts

Master Geek

Reply # 701188 14-Oct-2012 23:35
Wow that's a pretty big stuff up.

Zeon

2382 posts

Uber Geek

Trusted

Subscriber

Reply # 701189 14-Oct-2012 23:37
HAHAHAHA. Must be looked after by the networking support arm of Wheedle's developers.

DravidDavid

732 posts

Ultimate Geek

Reply # 701194 14-Oct-2012 23:52
These are the same people that won't let you put a little USB stick in to their workstation to transfer a CV and cover letter on to their computer. Sometimes what you don't get it a blessing in disguise!

l43a2

804 posts

Ultimate Geek

Reply # 701195 14-Oct-2012 23:54
lol this is pretty amusing, but not overly surprising at all.

mjb

902 posts

Ultimate Geek

Trusted

Subscriber

Reply # 701197 15-Oct-2012 00:00
404 on pa.net already... edit: no, that's the space on the end of the URL in the OP. contentsofsignaturemaysettleduringshipping

eXDee

2852 posts

Uber Geek

Trusted

Reply # 701199 15-Oct-2012 00:06
mjb: 404 on pa.net already... edit: no, that's the space on the end of the URL in the OP. Cheers, im used to forums auto creating hyperlink bbcode for me.

tigercorp

404 posts

Ultimate Geek

Subscriber

Reply # 701200 15-Oct-2012 00:09
double facepalm

mjb

902 posts

Ultimate Geek

Trusted

Subscriber

Reply # 701201 15-Oct-2012 00:10
eXDee: Cheers, im used to forums auto creating hyperlink bbcode for me. No problem. Now that I've read the story... it's a really sad situation when I'm just totally not surprised. contentsofsignaturemaysettleduringshipping

sleemanj

900 posts

Ultimate Geek

Reply # 701211 15-Oct-2012 02:38
I think if I had been the one to find such a security problem, I would have reported it anonymously to the ministry, police, and privacy commisioner. Probably was not a good idea to say... 1. that he performed a specific action to get the access (mapped a drive through the Open File dialog in Word) 2. searched through files which he unquestionably knew he was not supposed to access 3. read files which he unquestionably knew he was not supposed to access 4. sounds like he actually might have sent the files to himself as well 5. he says he was tipped off about it, which means that somebody he knew (or anon) had access before him At the least, the guy is probably going to have his computers seized for analysis and be interviewed by police. --- James Sleeman My hobby - listing small amounts of interesting/useful hobby electronic components hardware and stuff on Trademe for cheap, all good geek stuff for the "maker" revolution ;-) Tip for Trademe addicts: install an addon for your browser to get thumbs for all listings.

Kyanar

1939 posts

Uber Geek

Trusted

Subscriber

Reply # 701219 15-Oct-2012 07:50
sleemanj: I think if I had been the one to find such a security problem, I would have reported it anonymously to the ministry, police, and privacy commisioner. Probably was not a good idea to say... 1. that he performed a specific action to get the access (mapped a drive through the Open File dialog in Word) 2. searched through files which he unquestionably knew he was not supposed to access 3. read files which he unquestionably knew he was not supposed to access 4. sounds like he actually might have sent the files to himself as well 5. he says he was tipped off about it, which means that somebody he knew (or anon) had access before him At the least, the guy is probably going to have his computers seized for analysis and be interviewed by police. Probably not actually. If YOU did it, then sure. But he's a journalist, even if for a small but popular blogging network. They won't risk the bad PR from attacking the press directly because the press will close ranks and make the government out to be the devil incarnate. The sad thing is that I know other government departments with similar issues.

freitasm

BDFL
43795 posts

Uber Geek

Administrator

Trusted

Geekzone

Subscriber

Reply # 701225 15-Oct-2012 08:14
The bad thing is that the kiosks will be pulled, the endpoint will be blamed, but the fact actual information is available to people who should not see it (internally) will not be addressed. Mauricio Freitas (Geekzone Admin, Devil's Advocate, my blog, technology disclosure, my tweets, Web Performance Optimization) Geekzone Price comparison \| Amazon Kindle order page \| How to get the best out of Geekzone \| New Zealand IT Jobs \| Geekzone News \| Jinglebugs

gjm

490 posts

Ultimate Geek

Reply # 701234 15-Oct-2012 09:03
just read the blog entry....unbelievable. There is no face big enough in the world to contain the number of palms required for this. It looks like it may have even been possible to copy over some of their hyper v machines??? Is this the department that was just talking about making a new database for at risk children that would definitely be secure or was that a different one?

freitasm

BDFL
43795 posts

Uber Geek

Administrator

Trusted

Geekzone

Subscriber

Reply # 701239 15-Oct-2012 09:06
The government will "investigate" and nothing will come out of it. They spend money in important things. Things that show up and get votes. Backend IT infrastructure doesn't get votes. Mauricio Freitas (Geekzone Admin, Devil's Advocate, my blog, technology disclosure, my tweets, Web Performance Optimization) Geekzone Price comparison \| Amazon Kindle order page \| How to get the best out of Geekzone \| New Zealand IT Jobs \| Geekzone News \| Jinglebugs

insane

1279 posts

Uber Geek

Trusted

Reply # 701246 15-Oct-2012 09:15
Which organisation was contracted to setup the security?

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9