It was hardly 'hacking' was it?

Forums › Off topic › It was hardly 'hacking' was it?

1 | 2 | 3 | 4 | 5 | 6 | 7

3606 posts

Uber Geek

ID Verified

Trusted

Lifetime subscriber

#1111175 19-Aug-2014 11:18

6FIEND: I'm not sure the "leaving the front door to your house open" analogies are entirely correct to use in this case.

Labour *PUBLISHED* this information in clear text on the public internet. There was no circumventing of any security. No backdoors access. Credit Card and private membership data should never have been stored on an Internet Webserver in the first place. Let alone in an unencrypted and unsecured form.

The correct analogy is that you took all of your valuable possessions and carried them all out to the street and left them lying beside the kerb. Nobody has to even enter your property to look through or take your stuff. (At least they didn't advertise the fact that they were having the equivalent of an un-manned garage sale ;-)

It is morally wrong to trawl through such material? Probably. Is it fair game to lambast someone for being so irresponsible with data that they have a "duty of care" to protect? ABSOLUTELY.

Like the duty of care in regards to responsible disclosure, anyone who works in the IT industry knows about it??? Rather than maximum political damage right?

wongtop

565 posts

Ultimate Geek

#1111178 19-Aug-2014 11:19

Regardless of whether it is legal or not I would have thought that the right thing to do would be inform the website owner that they have a security problem, rather than exploit it to go digging for dirt.

I would much rather that our politicians concentrated on developing ideas for progressing NZ and have a ideas contest, rather than digging for dirt and having a mudslinging contest. I only hope our politics doesn't become as dysfunctional as the US.

ajobbins

5052 posts

Uber Geek

Trusted

#1111179 19-Aug-2014 11:21

6FIEND: It is morally wrong to trawl through such material? Probably.

But is it also illegal to take said property away? Probably

Is it fair game to lambast someone for being so irresponsible with data that they have a "duty of care" to protect? ABSOLUTELY.

Agreed

Twitter: ajobbins

6FIEND

774 posts

Ultimate Geek
Inactive user

#1111199 19-Aug-2014 11:48

ajobbins:
6FIEND: It is morally wrong to trawl through such material? Probably.

But is it also illegal to take said property away? Probably

No more illegal than me quoting your comment and saving a local copy of it on my computer. By publishing it on the Internet, you are explicitly placing it in the public domain.

...or to extend my own analogy - the people who trawl the streets while the Auckland Inorganic Waste collections happen aren't engaging in illegal activity when they take things are they? (or are they? ;-)

My memory of the incident is a little vague now, but I don't remember that Slater published the membership data (apart from names) or any credit card details on his blog? He was merely revelling in the fact that Labour had had a very public IT security failure and was taking delight in demonstrating the extent of how serious it was.

BarTender

3606 posts

Uber Geek

ID Verified

Trusted

Lifetime subscriber

#1111202 19-Aug-2014 11:55

6FIEND: My memory of the incident is a little vague now, but I don't remember that Slater published the membership data (apart from names) or any credit card details on his blog? He was merely revelling in the fact that Labour had had a very public IT security failure and was taking delight in demonstrating the extent of how serious it was.

But you seem to be missing the main point of much of the arguments.

The fact that Labour had no security whatsoever, or that Slater is a scumbag of the highest order is nothing new.

The fact that a senior National Party staff member was in on it and actively celebrated the fact that he had a Dynamic IP is new... And extremely damming on the National Party.

That is the nub of the problem not the poor security on Labours site which we all agree is shocking.

Does anyone here find it remotely acceptable that a senior staff member of the National Party was poking around and assisting Slater with his dirty work. John Key refused to answer the question yesterday, and I suspect if asked again today he would still refuse.

That comes back to my argument of responsible disclosure and holding our senior officials in government to a higher standard.

bazzer

3438 posts

Uber Geek

Trusted

#1111221 19-Aug-2014 12:12

ajobbins: Much better conduct from the Greens: [source]

Greens show they can be trusted - with folders The Green Party showed a nice side of politics when it returned a misplaced folder to Nikki Kaye. Spotting the folder on a flight, a party staffer contacted colleagues about what to do and was told to return it to the food safety minister unread. A spokesman for Kaye confirmed the folder was misplaced, but that it contained ‘‘no sensitive information’’, with only a few speaking notes and printed pages from her diary. ‘‘She is very grateful to the Green Party staffer for picking it up.’’

I have no doubt that this is simply because this was the best outcome for the Greens rather than for any altruistic reasons. By returning the folder that contained "no sensitive information" they can paint themselves as the good guys. I wonder what would've happened if the folder had contained something they could use?

JWR

821 posts

Ultimate Geek

#1111280 19-Aug-2014 13:36

bazzer:
ajobbins: Much better conduct from the Greens: [source]

Greens show they can be trusted - with folders The Green Party showed a nice side of politics when it returned a misplaced folder to Nikki Kaye. Spotting the folder on a flight, a party staffer contacted colleagues about what to do and was told to return it to the food safety minister unread. A spokesman for Kaye confirmed the folder was misplaced, but that it contained ‘‘no sensitive information’’, with only a few speaking notes and printed pages from her diary. ‘‘She is very grateful to the Green Party staffer for picking it up.’’

I have no doubt that this is simply because this was the best outcome for the Greens rather than for any altruistic reasons. By returning the folder that contained "no sensitive information" they can paint themselves as the good guys. I wonder what would've happened if the folder had contained something they could use?

A bit of reading comprehension called for here.

The Green Party staffer was told to return the folder unread!

It is irrelevant whether he information was sensitive or not.

Sharesies

Trade NZ and US shares and funds with Sharesies (affiliate link).

ajobbins

5052 posts

Uber Geek

Trusted

#1111282 19-Aug-2014 13:37

bazzer:

I have no doubt that this is simply because this was the best outcome for the Greens rather than for any altruistic reasons. By returning the folder that contained "no sensitive information" they can paint themselves as the good guys. I wonder what would've happened if the folder had contained something they could use?

Now you're just being a conspiracy theorist ;)

Twitter: ajobbins

Dratsab

3946 posts

Uber Geek

Trusted

Lifetime subscriber

#1111295 19-Aug-2014 14:02

Lias:
freitasm: At the end it would come down to this: it is still illegal (as pointed before) to access information from a computer system without authorisation. This is in the current law.

That is one possible interpretation of that law, but not I suspect one that would withstand significant scrutiny. Firstly the offence is accessing the computer system, not the information on it. Secondly, having a public facing web server on the internet that doesn't require any form of authentication to view content implies that the public are permitted a certain degree of access, and the law very clearly includes an exemption that it "does not apply if a person who is authorised to access a computer system accesses that computer system for a purpose other than the one for which that person was given access."

IANAL, but I strongly suspect any charges filed under these circumstances would get laughed out of court. It would also explain why no charges were filed at the time the incident occurred.

I don't know if Rick Shera or Judge Harvey frequent these forums but it would be interesting to hear their take.

I can see where your coming from but it's not quite as simple as that. There's screeds of case law to take into account, not just what's said in the Act itself. If it were as simple as you suggest, a good many fraud cases would have fewer charges laid and cases such as this would [at least partly] fail.

dman

953 posts

Ultimate Geek

#1111300 19-Aug-2014 14:15

This wasn't a case of Labour leaving the front door open. It was Labour putting out all their dirt laundry on the sidewalk for any passerby to see! Very foolish.

https://www.youtube.com/c/SoundSpeeding

dman

953 posts

Ultimate Geek

#1111302 19-Aug-2014 14:19

JWR:
bazzer:
ajobbins: Much better conduct from the Greens: [source]

Greens show they can be trusted - with folders The Green Party showed a nice side of politics when it returned a misplaced folder to Nikki Kaye. Spotting the folder on a flight, a party staffer contacted colleagues about what to do and was told to return it to the food safety minister unread. A spokesman for Kaye confirmed the folder was misplaced, but that it contained ‘‘no sensitive information’’, with only a few speaking notes and printed pages from her diary. ‘‘She is very grateful to the Green Party staffer for picking it up.’’

I have no doubt that this is simply because this was the best outcome for the Greens rather than for any altruistic reasons. By returning the folder that contained "no sensitive information" they can paint themselves as the good guys. I wonder what would've happened if the folder had contained something they could use?

A bit of reading comprehension called for here.

The Green Party staffer was told to return the folder unread!

It is irrelevant whether he information was sensitive or not.

LOL! As if anybody believe that.....

I can 100% guarantee that if it had been juicy secret inside info then that knowledge would've been passed along.

They simply weighed up a very simple equation, do they gain more positive media from this than the value they'd get from the info contained? Of course when it is boring no sensitive info, the answer is the former.

https://www.youtube.com/c/SoundSpeeding

Tinshed

278 posts

Ultimate Geek

#1111303 19-Aug-2014 14:20

What seems to be missing here is that the information from the Labour Party website was not used at all. It was accessed yes, but no action was taken with the credit card details or the e-mail address. Nothing was "taken" from the website. The example quoted by MF isn't relevant (If you leave your house unlocked and someone walks in, is it ok for your TV to be gone?) because noting was stolen. Looked at yes, but not stolen.

Did the Labour Party let its subscribers and donors know that their credit card details and e-mail addresses had been potentially exposed? Have they informed them of this breach in their privacy? Did they let the relevant financial institutions know as I believe they are required to do so? I really don't know the answer to these questions but haven't seen any mention of it.

Tinshed
Wellington, New Zealand

BarTender

3606 posts

Uber Geek

ID Verified

Trusted

Lifetime subscriber

#1111311 19-Aug-2014 14:40

Tinshed: What seems to be missing here is that the information from the Labour Party website was not used at all. It was accessed yes, but no action was taken with the credit card details or the e-mail address. Nothing was "taken" from the website. The example quoted by MF isn't relevant (If you leave your house unlocked and someone walks in, is it ok for your TV to be gone?) because noting was stolen. Looked at yes, but not stolen. Did the Labour Party let its subscribers and donors know that their credit card details and e-mail addresses had been potentially exposed? Have they informed them of this breach in their privacy? Did they let the relevant financial institutions know as I believe they are required to do so? I really don't know the answer to these questions but haven't seen any mention of it.

Already covered in this thread and previously said by the PM that he admitted Ede downloaded the database backup and having a poke through it on his local machine.

Which goes back to the post above:

"Does the PM or anyone in National think it's appropriate that Ede who was a senior staffer went through a Labour Party database?"

Feel free to listen to the PM not answer the same question asked to him many times yesterday on Radio NZ's Morning Report.

Around 4 mins 30 into it is where the direct question was asked and avoided.

How difficult is it for National supporters to understand it's completely inappropriate.

dman

953 posts

Ultimate Geek

#1111312 19-Aug-2014 14:41

Exactly Tinshed, people get very very confused over this concept of "Intellectual Property".

Thinking mistakenly that it is like physical property that gets stolen. But no, when a person takes your tv, you no longer have it. But if a person "takes" information from you, you still have it! The only possibly crime that might really happen now is if they misuse it. Which I believe did not happen with the case of Labour.

Thus all the hard questions must now be asked of Labour..... did they inform their members of their lax security and their breach? Did they contact the relevant financial institutions / banks over this too?

https://www.youtube.com/c/SoundSpeeding

BarTender

3606 posts

Uber Geek

ID Verified

Trusted

Lifetime subscriber

#1111314 19-Aug-2014 14:43

dman: Exactly Tinshed, people get very very confused over this concept of "Intellectual Property".

Thinking mistakenly that it is like physical property that gets stolen. But no, when a person takes your tv, you no longer have it. But if a person "takes" information from you, you still have it! The only possibly crime that might really happen now is if they misuse it. Which I believe did not happen with the case of Labour.

Thus all the hard questions must now be asked of Labour..... did they inform their members of their lax security and their breach? Did they contact the relevant financial institutions / banks over this too?

Please.. as a National support I would love your response in regards to the basic question:

"Does the PM or anyone in National think it's appropriate that Ede who was a senior staffer went through a Labour Party database?"

It's such a simple question, why can't anyone in National answer it?

Edit: At least English has said something.

1 | 2 | 3 | 4 | 5 | 6 | 7