Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5 | 6 | 7
2268 posts

Uber Geek
+1 received by user: 679

Trusted

  Reply # 1111175 19-Aug-2014 11:18
Send private message

6FIEND: I'm not sure the "leaving the front door to your house open" analogies are entirely correct to use in this case.

Labour *PUBLISHED* this information in clear text on the public internet.  There was no circumventing of any security.  No backdoors access.  Credit Card and private membership data should never have been stored on an Internet Webserver in the first place.  Let alone in an unencrypted and unsecured form.

The correct analogy is that you took all of your valuable possessions and carried them all out to the street and left them lying beside the kerb.  Nobody has to even enter your property to look through or take your stuff.  (At least they didn't advertise the fact that they were having the equivalent of an un-manned garage sale ;-)

It is morally wrong to trawl through such material?  Probably.  Is it fair game to lambast someone for being so irresponsible with data that they have a "duty of care" to protect?  ABSOLUTELY.


Like the duty of care in regards to responsible disclosure, anyone who works in the IT industry knows about it??? Rather than maximum political damage right?





536 posts

Ultimate Geek
+1 received by user: 37


  Reply # 1111178 19-Aug-2014 11:19
Send private message

Regardless of whether it is legal or not I would have thought that the right thing to do would be inform the website owner that they have a security problem, rather than exploit it to go digging for dirt.

I would much rather that our politicians concentrated on developing ideas for progressing NZ and have a ideas contest, rather than digging for dirt and having a mudslinging contest.  I only hope our politics doesn't become as dysfunctional as the US.


 
 
 
 


Awesome
4781 posts

Uber Geek
+1 received by user: 1059

Trusted
Subscriber

  Reply # 1111179 19-Aug-2014 11:21
One person supports this post
Send private message

6FIEND: It is morally wrong to trawl through such material?  Probably. 

But is it also illegal to take said property away? Probably

Is it fair game to lambast someone for being so irresponsible with data that they have a "duty of care" to protect?  ABSOLUTELY.

Agreed







Twitter: ajobbins


453 posts

Ultimate Geek
+1 received by user: 410


  Reply # 1111199 19-Aug-2014 11:48
Send private message

ajobbins:
6FIEND: It is morally wrong to trawl through such material?  Probably. 

But is it also illegal to take said property away? Probably


No more illegal than me quoting your comment and saving a local copy of it on my computer.  By publishing it on the Internet, you are explicitly placing it in the public domain.

...or to extend my own analogy - the people who trawl the streets while the Auckland Inorganic Waste collections happen aren't engaging in illegal activity when they take things are they? (or are they?  ;-)

My memory of the incident is a little vague now, but I don't remember that Slater published the membership data (apart from names) or any credit card details on his blog?  He was merely revelling in the fact that Labour had had a very public IT security failure and was taking delight in demonstrating the extent of how serious it was.

2268 posts

Uber Geek
+1 received by user: 679

Trusted

  Reply # 1111202 19-Aug-2014 11:55
Send private message

6FIEND: My memory of the incident is a little vague now, but I don't remember that Slater published the membership data (apart from names) or any credit card details on his blog?  He was merely revelling in the fact that Labour had had a very public IT security failure and was taking delight in demonstrating the extent of how serious it was.


But you seem to be missing the main point of much of the arguments.

The fact that Labour had no security whatsoever, or that Slater is a scumbag of the highest order is nothing new.

The fact that a senior National Party staff member was in on it and actively celebrated the fact that he had a Dynamic IP is new... And extremely damming on the National Party.

That is the nub of the problem not the poor security on Labours site which we all agree is shocking.

Does anyone here find it remotely acceptable that a senior staff member of the National Party was poking around and assisting Slater with his dirty work. John Key refused to answer the question yesterday, and I suspect if asked again today he would still refuse.

That comes back to my argument of responsible disclosure and holding our senior officials in government to a higher standard.





3275 posts

Uber Geek
+1 received by user: 207

Trusted

  Reply # 1111221 19-Aug-2014 12:12
Send private message

ajobbins: Much better conduct from the Greens: [source]

Greens show they can be trusted - with folders The Green Party showed a nice side of politics when it returned a misplaced folder to Nikki Kaye. Spotting the folder on a flight, a party staffer contacted colleagues about what to do and was told to return it to the food safety minister unread. A spokesman for Kaye confirmed the folder was misplaced, but that it contained ‘‘no sensitive information’’, with only a few speaking notes and printed pages from her diary. ‘‘She is very grateful to the Green Party staffer for picking it up.’’

I have no doubt that this is simply because this was the best outcome for the Greens rather than for any altruistic reasons. By returning the folder that contained "no sensitive information" they can paint themselves as the good guys. I wonder what would've happened if the folder had contained something they could use?

JWR

730 posts

Ultimate Geek
+1 received by user: 236


  Reply # 1111280 19-Aug-2014 13:36
Send private message

bazzer:
ajobbins: Much better conduct from the Greens: [source]

Greens show they can be trusted - with folders The Green Party showed a nice side of politics when it returned a misplaced folder to Nikki Kaye. Spotting the folder on a flight, a party staffer contacted colleagues about what to do and was told to return it to the food safety minister unread. A spokesman for Kaye confirmed the folder was misplaced, but that it contained ‘‘no sensitive information’’, with only a few speaking notes and printed pages from her diary. ‘‘She is very grateful to the Green Party staffer for picking it up.’’

I have no doubt that this is simply because this was the best outcome for the Greens rather than for any altruistic reasons. By returning the folder that contained "no sensitive information" they can paint themselves as the good guys. I wonder what would've happened if the folder had contained something they could use?


A bit of reading comprehension called for here.

The Green Party staffer was told to return the folder unread!

It is irrelevant whether he information was sensitive or not.

Awesome
4781 posts

Uber Geek
+1 received by user: 1059

Trusted
Subscriber

  Reply # 1111282 19-Aug-2014 13:37
Send private message

bazzer:

I have no doubt that this is simply because this was the best outcome for the Greens rather than for any altruistic reasons. By returning the folder that contained "no sensitive information" they can paint themselves as the good guys. I wonder what would've happened if the folder had contained something they could use?


Now you're just being a conspiracy theorist ;)




Twitter: ajobbins


3009 posts

Uber Geek
+1 received by user: 881

Trusted
Subscriber

  Reply # 1111295 19-Aug-2014 14:02
Send private message

Lias:
freitasm: At the end it would come down to this: it is still illegal (as pointed before) to access information from a computer system without authorisation. This is in the current law.


That is one possible interpretation of that law, but not I suspect one that would withstand significant scrutiny. Firstly the offence is accessing the computer system, not the information on it. Secondly, having a public facing web server on the internet that doesn't require any form of authentication to view content implies that the public are permitted a certain degree of access, and the law very clearly includes an exemption that it "does not apply if a person who is authorised to access a computer system accesses that computer system for a purpose other than the one for which that person was given access." 

IANAL, but I strongly suspect any charges filed under these circumstances would get laughed out of court. It would also explain why no charges were filed at the time the incident occurred.

I don't know if Rick Shera or Judge Harvey frequent these forums but it would be interesting to hear their take.


I can see where your coming from but it's not quite as simple as that. There's screeds of case law to take into account, not just what's said in the Act itself. If it were as simple as you suggest, a good many fraud cases would have fewer charges laid and cases such as this would [at least partly] fail.

933 posts

Ultimate Geek
+1 received by user: 26


  Reply # 1111300 19-Aug-2014 14:15
Send private message

This wasn't a case of Labour leaving the front door open. It was Labour putting out all their dirt laundry on the sidewalk for any passerby to see! Very foolish.




Who I am: multi time Ironman finisher, University of Auckland graduate, Freelancer (mainly focused on website development, message me for work).

twitter.com/TersoIT

933 posts

Ultimate Geek
+1 received by user: 26


  Reply # 1111302 19-Aug-2014 14:19
Send private message

JWR:
bazzer:
ajobbins: Much better conduct from the Greens: [source]

Greens show they can be trusted - with folders The Green Party showed a nice side of politics when it returned a misplaced folder to Nikki Kaye. Spotting the folder on a flight, a party staffer contacted colleagues about what to do and was told to return it to the food safety minister unread. A spokesman for Kaye confirmed the folder was misplaced, but that it contained ‘‘no sensitive information’’, with only a few speaking notes and printed pages from her diary. ‘‘She is very grateful to the Green Party staffer for picking it up.’’

I have no doubt that this is simply because this was the best outcome for the Greens rather than for any altruistic reasons. By returning the folder that contained "no sensitive information" they can paint themselves as the good guys. I wonder what would've happened if the folder had contained something they could use?


A bit of reading comprehension called for here.

The Green Party staffer was told to return the folder unread!

It is irrelevant whether he information was sensitive or not.


LOL! As if anybody believe that.....

I can 100% guarantee  that if it had been juicy secret inside info then that knowledge would've been passed along.

They simply weighed up a very simple equation, do they gain more positive media from this than the value they'd get from the info contained? Of course when it is boring no sensitive info, the answer is the former.




Who I am: multi time Ironman finisher, University of Auckland graduate, Freelancer (mainly focused on website development, message me for work).

twitter.com/TersoIT

273 posts

Ultimate Geek
+1 received by user: 57

Subscriber

  Reply # 1111303 19-Aug-2014 14:20
One person supports this post
Send private message

What seems to be missing here is that the information from the Labour Party website was not used at all. It was accessed yes, but no action was taken with the  credit card details or the e-mail address. Nothing was "taken" from the website.  The example quoted by MF isn't relevant (If you leave your house unlocked and someone walks in, is it ok for your TV to be gone?) because noting was stolen. Looked at yes, but not stolen.  

 

Did the Labour Party let its subscribers and donors know that their credit card details and e-mail addresses had been potentially exposed?  Have they informed them of this breach in their privacy?  Did they let the relevant financial institutions know as I believe they are required to do so? I really don't know the answer to these questions but haven't seen any mention of it.  




Tinshed
Wellington, New Zealand


2268 posts

Uber Geek
+1 received by user: 679

Trusted

  Reply # 1111311 19-Aug-2014 14:40
One person supports this post
Send private message

Tinshed: What seems to be missing here is that the information from the Labour Party website was not used at all. It was accessed yes, but no action was taken with the  credit card details or the e-mail address. Nothing was "taken" from the website.  The example quoted by MF isn't relevant (If you leave your house unlocked and someone walks in, is it ok for your TV to be gone?) because noting was stolen. Looked at yes, but not stolen.   Did the Labour Party let its subscribers and donors know that their credit card details and e-mail addresses had been potentially exposed?  Have they informed them of this breach in their privacy?  Did they let the relevant financial institutions know as I believe they are required to do so? I really don't know the answer to these questions but haven't seen any mention of it.  


Already covered in this thread and previously said by the PM that he admitted Ede downloaded the database backup and having a poke through it on his local machine.

Which goes back to the post above:

"Does the PM or anyone in National think it's appropriate that Ede who was a senior staffer went through a Labour Party database?"

Feel free to listen to the PM not answer the same question asked to him many times yesterday on Radio NZ's Morning Report.

Around 4 mins 30 into it is where the direct question was asked and avoided.

How difficult is it for National supporters to understand it's completely inappropriate.





933 posts

Ultimate Geek
+1 received by user: 26


  Reply # 1111312 19-Aug-2014 14:41
Send private message

Exactly Tinshed, people get very very confused over this concept of "Intellectual Property".

Thinking mistakenly that it is like physical property that gets stolen. But no, when a person takes your tv, you no longer have it. But if a person "takes" information from  you, you still have it! The only possibly crime that might really happen now is if they misuse it. Which I believe did not happen with the case of Labour.

Thus all the hard questions must now be asked of Labour..... did they inform their members of their lax security and their breach? Did they contact the relevant financial institutions / banks over this too?




Who I am: multi time Ironman finisher, University of Auckland graduate, Freelancer (mainly focused on website development, message me for work).

twitter.com/TersoIT

2268 posts

Uber Geek
+1 received by user: 679

Trusted

  Reply # 1111314 19-Aug-2014 14:43
One person supports this post
Send private message

dman: Exactly Tinshed, people get very very confused over this concept of "Intellectual Property".

Thinking mistakenly that it is like physical property that gets stolen. But no, when a person takes your tv, you no longer have it. But if a person "takes" information from  you, you still have it! The only possibly crime that might really happen now is if they misuse it. Which I believe did not happen with the case of Labour.

Thus all the hard questions must now be asked of Labour..... did they inform their members of their lax security and their breach? Did they contact the relevant financial institutions / banks over this too?


Please.. as a National support I would love your response in regards to the basic question:

"Does the PM or anyone in National think it's appropriate that Ede who was a senior staffer went through a Labour Party database?"

It's such a simple question, why can't anyone in National answer it?

Edit: At least English has said something.





1 | 2 | 3 | 4 | 5 | 6 | 7
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

CPTPP text and National Interest Analysis released for public scrutiny
Posted 21-Feb-2018 19:43


Foodstuffs to trial digitised shopping trolleys
Posted 21-Feb-2018 18:27


2018: The year of zero-login, smart cars & the biometrics of things
Posted 21-Feb-2018 18:25


Intel reimagines data centre storage with new 3D NAND SSDs
Posted 16-Feb-2018 15:21


Ground-breaking business programme begins in Hamilton
Posted 16-Feb-2018 10:18


Government to continue search for first Chief Technology Officer
Posted 12-Feb-2018 20:30


Time to take Appleā€™s iPad Pro seriously
Posted 12-Feb-2018 16:54


New Fujifilm X-A5 brings selfie features to mirrorless camera
Posted 9-Feb-2018 09:12


D-Link ANZ expands connected smart home with new HD Wi-Fi cameras
Posted 9-Feb-2018 09:01


Dragon Professional for Mac V6: Near perfect dictation
Posted 9-Feb-2018 08:26


OPPO announces R11s with claims to be the picture perfect smartphone
Posted 2-Feb-2018 13:28


Vocus Communications wins a place on the TaaS panel
Posted 26-Jan-2018 15:16


SwipedOn raises $1 million capital
Posted 26-Jan-2018 15:15


Slingshot offers unlimited gigabit fibre for under a ton
Posted 25-Jan-2018 13:51


Spark doubles down on wireless broadband
Posted 24-Jan-2018 15:44



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.