Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsSpark New Zealand (including Skinny and BigPipe)Wireline database compromised
View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 
Beccara
1469 posts

Uber Geek

ID Verified

  #430086 23-Jan-2011 01:18
Send private message

NZTA's client you can download off the net, Nothing stopping a user with a login to get a vpn login aswell.

You need to remember that this was an attack from within, someone who had access and was meant to be shared the details, An attack vector extremely hard to minimise without compromising usability. Remember wireline is used all wholesale clients along with retail and retail partners. Running on a secure "red" network would be impossible as I know of many people who have access to wireline for their jobs using it on client's site's during meetings etc



BarTender
3606 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #430109 23-Jan-2011 08:39
Send private message

Beccara: NZTA's client you can download off the net, Nothing stopping a user with a login to get a vpn login aswell.

You need to remember that this was an attack from within, someone who had access and was meant to be shared the details, An attack vector extremely hard to minimise without compromising usability. Remember wireline is used all wholesale clients along with retail and retail partners. Running on a secure "red" network would be impossible as I know of many people who have access to wireline for their jobs using it on client's site's during meetings etc


And that is the problem, people with privileged access (much like the case of Vodafone AU) should have remembered that they signed a piece of paper saying they were going to be responsible for the use of that username and password.  VPN's or SSL Certs and such like do very little to increase security since the person was allowed to access the data they looked at.  Additional authentication factors such as One Time Password tokens or similar hardware devices (SSL Certificate on a smartcard) which are tied to one person are the only real way to improve security since a password can be handed on, but a OTP Token is a physical thing that only one person could have at one time.

freitasm
BDFL - Memuneh
79314 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #430112 23-Jan-2011 08:53
Send private message

It'd be the same if you gave your bank card and PIN to someone, then complained that there's money missing. It's not a technology problem, it's a people problem.

You can do all the background check you want, but if there's one bad person with access to some information then the risk is there.

If there are people willing to pay to get that information then the risk increases.

Still, no technology involved on the risk. You can use technology to try and prevent this happening (locking USB ports so people can't copy files, restricting VPN access to certain IP addresses only, etc) but then either you make it too hard for good people to work, or you just make the bad guy grab a pen and paper and manually copy the information s/he needs or wants.





Please support Geekzone by subscribing, or using one of our referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSync 



hamistheman
82 posts

Master Geek


  #430148 23-Jan-2011 11:30
Send private message

Completely agree with freitasm, also keep in mind that noone seems to be disputing that it was a valid account that was used. The blame as i see it use lies entirely with the people that used it. the reality is that a lot more of your personal information would be protected by only a username/password, its just that the problem hasn't arisen, but that data is just as vulnerable. As someone that connects to multiple client networks i especially agree with "....you make it hard for good people to work". It wasn't 'hacked'  as most people think of systems being hacked, a valid user name and password was used. If hacking was involved, then you would expect that they would be using a multitude of accounts ,not just one .....

Cheers,
H


 

Beccara
1469 posts

Uber Geek

ID Verified

  #430309 23-Jan-2011 20:03
Send private message

And just to respond to someone earlier, Unlisted numbers can't be resolved in any way shape or form. Unless this has changed since the last time I was trained on it (Trainer made this point very clear)

freitasm
BDFL - Memuneh
79314 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #497617 25-Jul-2011 14:12
Send private message

The SFO (Serious Fraud Office) found no evidence of criminal offending after its investigation in this case. The Privacy Commissioner said its inquiries were also continuing...




Please support Geekzone by subscribing, or using one of our referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSync 

1 | 2 
View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00

eero Pro 7 Review
Posted 23-Jul-2025 12:07

BeeStation Plus Review
Posted 21-Jul-2025 14:21

eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01

WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32

RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26

Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24

Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05

Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01

Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01

Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22

Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46

Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42

D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34

Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







RSS feeds
Main feed
Forums feed
Copyright
©2002-2025 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Affiliate links
Samsung
AliExpress
Wise
Sharesies
GoodSync
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright