Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 
956 posts

Ultimate Geek
+1 received by user: 138

UberGroup

  Reply # 430086 23-Jan-2011 01:18
Send private message

NZTA's client you can download off the net, Nothing stopping a user with a login to get a vpn login aswell.

You need to remember that this was an attack from within, someone who had access and was meant to be shared the details, An attack vector extremely hard to minimise without compromising usability. Remember wireline is used all wholesale clients along with retail and retail partners. Running on a secure "red" network would be impossible as I know of many people who have access to wireline for their jobs using it on client's site's during meetings etc

2257 posts

Uber Geek
+1 received by user: 675

Trusted

  Reply # 430109 23-Jan-2011 08:39
Send private message

Beccara: NZTA's client you can download off the net, Nothing stopping a user with a login to get a vpn login aswell.

You need to remember that this was an attack from within, someone who had access and was meant to be shared the details, An attack vector extremely hard to minimise without compromising usability. Remember wireline is used all wholesale clients along with retail and retail partners. Running on a secure "red" network would be impossible as I know of many people who have access to wireline for their jobs using it on client's site's during meetings etc


And that is the problem, people with privileged access (much like the case of Vodafone AU) should have remembered that they signed a piece of paper saying they were going to be responsible for the use of that username and password.  VPN's or SSL Certs and such like do very little to increase security since the person was allowed to access the data they looked at.  Additional authentication factors such as One Time Password tokens or similar hardware devices (SSL Certificate on a smartcard) which are tied to one person are the only real way to improve security since a password can be handed on, but a OTP Token is a physical thing that only one person could have at one time.





 
 
 
 


BDFL - Memuneh
59399 posts

Uber Geek
+1 received by user: 10606

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 430112 23-Jan-2011 08:53
Send private message

It'd be the same if you gave your bank card and PIN to someone, then complained that there's money missing. It's not a technology problem, it's a people problem.

You can do all the background check you want, but if there's one bad person with access to some information then the risk is there.

If there are people willing to pay to get that information then the risk increases.

Still, no technology involved on the risk. You can use technology to try and prevent this happening (locking USB ports so people can't copy files, restricting VPN access to certain IP addresses only, etc) but then either you make it too hard for good people to work, or you just make the bad guy grab a pen and paper and manually copy the information s/he needs or wants.





60 posts

Master Geek


  Reply # 430148 23-Jan-2011 11:30
Send private message

Completely agree with freitasm, also keep in mind that noone seems to be disputing that it was a valid account that was used. The blame as i see it use lies entirely with the people that used it. the reality is that a lot more of your personal information would be protected by only a username/password, its just that the problem hasn't arisen, but that data is just as vulnerable. As someone that connects to multiple client networks i especially agree with "....you make it hard for good people to work". It wasn't 'hacked'  as most people think of systems being hacked, a valid user name and password was used. If hacking was involved, then you would expect that they would be using a multitude of accounts ,not just one .....

Cheers,
H


 



956 posts

Ultimate Geek
+1 received by user: 138

UberGroup

  Reply # 430309 23-Jan-2011 20:03
Send private message

And just to respond to someone earlier, Unlisted numbers can't be resolved in any way shape or form. Unless this has changed since the last time I was trained on it (Trainer made this point very clear)

BDFL - Memuneh
59399 posts

Uber Geek
+1 received by user: 10606

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 497617 25-Jul-2011 14:12
Send private message

The SFO (Serious Fraud Office) found no evidence of criminal offending after its investigation in this case. The Privacy Commissioner said its inquiries were also continuing...




1 | 2 
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

New Zealand hits peak broadband data
Posted 18-Jan-2018 12:21


Amazon Echo devices coming to New Zealand early February 2018
Posted 18-Jan-2018 10:53


$3.74 million for new electric vehicles in New Zealand
Posted 17-Jan-2018 11:27


Nova 2i: Value, not excitement from Huawei
Posted 17-Jan-2018 09:02


Less news in Facebook News Feed revamp
Posted 15-Jan-2018 13:15


Australian Government contract awarded to Datacom Connect
Posted 11-Jan-2018 08:37


Why New Zealand needs a chief technology officer
Posted 6-Jan-2018 13:59


Amazon release Silk Browser and Firefox for Fire TV
Posted 21-Dec-2017 13:42


New Chief Technology Officer role created
Posted 19-Dec-2017 22:18


All I want for Christmas is a new EV
Posted 19-Dec-2017 19:54


How clever is this: AI will create 2.3 million jobs by 2020
Posted 19-Dec-2017 19:52


NOW to deploy SD-WAN to regional councils
Posted 19-Dec-2017 19:46


Mobile market competition issues ComCom should watch
Posted 18-Dec-2017 10:52


New Zealand government to create digital advisory group
Posted 16-Dec-2017 08:47


Australia datum changes means whole country moving 1.8 metres north-east
Posted 16-Dec-2017 08:39



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.