Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 
954 posts

Ultimate Geek
+1 received by user: 138

UberGroup

  Reply # 430086 23-Jan-2011 01:18
Send private message

NZTA's client you can download off the net, Nothing stopping a user with a login to get a vpn login aswell.

You need to remember that this was an attack from within, someone who had access and was meant to be shared the details, An attack vector extremely hard to minimise without compromising usability. Remember wireline is used all wholesale clients along with retail and retail partners. Running on a secure "red" network would be impossible as I know of many people who have access to wireline for their jobs using it on client's site's during meetings etc

2237 posts

Uber Geek
+1 received by user: 652

Trusted

  Reply # 430109 23-Jan-2011 08:39
Send private message

Beccara: NZTA's client you can download off the net, Nothing stopping a user with a login to get a vpn login aswell.

You need to remember that this was an attack from within, someone who had access and was meant to be shared the details, An attack vector extremely hard to minimise without compromising usability. Remember wireline is used all wholesale clients along with retail and retail partners. Running on a secure "red" network would be impossible as I know of many people who have access to wireline for their jobs using it on client's site's during meetings etc


And that is the problem, people with privileged access (much like the case of Vodafone AU) should have remembered that they signed a piece of paper saying they were going to be responsible for the use of that username and password.  VPN's or SSL Certs and such like do very little to increase security since the person was allowed to access the data they looked at.  Additional authentication factors such as One Time Password tokens or similar hardware devices (SSL Certificate on a smartcard) which are tied to one person are the only real way to improve security since a password can be handed on, but a OTP Token is a physical thing that only one person could have at one time.





 
 
 
 


BDFL - Memuneh
59054 posts

Uber Geek
+1 received by user: 10338

Administrator
Trusted
Geekzone
Subscriber

  Reply # 430112 23-Jan-2011 08:53
Send private message

It'd be the same if you gave your bank card and PIN to someone, then complained that there's money missing. It's not a technology problem, it's a people problem.

You can do all the background check you want, but if there's one bad person with access to some information then the risk is there.

If there are people willing to pay to get that information then the risk increases.

Still, no technology involved on the risk. You can use technology to try and prevent this happening (locking USB ports so people can't copy files, restricting VPN access to certain IP addresses only, etc) but then either you make it too hard for good people to work, or you just make the bad guy grab a pen and paper and manually copy the information s/he needs or wants.





60 posts

Master Geek


  Reply # 430148 23-Jan-2011 11:30
Send private message

Completely agree with freitasm, also keep in mind that noone seems to be disputing that it was a valid account that was used. The blame as i see it use lies entirely with the people that used it. the reality is that a lot more of your personal information would be protected by only a username/password, its just that the problem hasn't arisen, but that data is just as vulnerable. As someone that connects to multiple client networks i especially agree with "....you make it hard for good people to work". It wasn't 'hacked'  as most people think of systems being hacked, a valid user name and password was used. If hacking was involved, then you would expect that they would be using a multitude of accounts ,not just one .....

Cheers,
H


 



954 posts

Ultimate Geek
+1 received by user: 138

UberGroup

  Reply # 430309 23-Jan-2011 20:03
Send private message

And just to respond to someone earlier, Unlisted numbers can't be resolved in any way shape or form. Unless this has changed since the last time I was trained on it (Trainer made this point very clear)

BDFL - Memuneh
59054 posts

Uber Geek
+1 received by user: 10338

Administrator
Trusted
Geekzone
Subscriber

  Reply # 497617 25-Jul-2011 14:12
Send private message

The SFO (Serious Fraud Office) found no evidence of criminal offending after its investigation in this case. The Privacy Commissioner said its inquiries were also continuing...




1 | 2 
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

UFB killer app: Speed
Posted 17-Nov-2017 17:01


The case for RSS — MacSparky
Posted 13-Nov-2017 14:35


WordPress and Indieweb: Take control of your online presence — 6:30 GridAKL Nov 30
Posted 11-Nov-2017 13:43


Chorus reveals technology upgrade for schools, students
Posted 10-Nov-2017 10:28


Vodafone says Internet of Things (IoT) crucial for digital transformation
Posted 10-Nov-2017 10:06


Police and Facebook launch AMBER Alerts system in NZ
Posted 9-Nov-2017 10:49


Amazon debuts Fire TV Stick Basic Edition in over 100 new countries
Posted 8-Nov-2017 05:34


Vodafone VoIP transition to start this month
Posted 7-Nov-2017 12:33


Spark enhances IoT network capability
Posted 7-Nov-2017 11:33


Vocus NZ sale and broadband competition
Posted 6-Nov-2017 14:36


Hawaiki reaches key milestone in landmark deep-sea fibre project
Posted 4-Nov-2017 13:53


Countdown launches new proximity online shopping app
Posted 4-Nov-2017 13:50


Nokia 3310 to be available through Spark New Zealand
Posted 4-Nov-2017 13:31


Nest launches in New Zealand
Posted 4-Nov-2017 12:31


Active wholesale as Chorus tackles wireless challenge
Posted 3-Nov-2017 10:55



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.