Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5 | 6 | 7
2384 posts

Uber Geek
+1 received by user: 799

Trusted
Lifetime subscriber

  Reply # 1111175 19-Aug-2014 11:18
Send private message

6FIEND: I'm not sure the "leaving the front door to your house open" analogies are entirely correct to use in this case.

Labour *PUBLISHED* this information in clear text on the public internet.  There was no circumventing of any security.  No backdoors access.  Credit Card and private membership data should never have been stored on an Internet Webserver in the first place.  Let alone in an unencrypted and unsecured form.

The correct analogy is that you took all of your valuable possessions and carried them all out to the street and left them lying beside the kerb.  Nobody has to even enter your property to look through or take your stuff.  (At least they didn't advertise the fact that they were having the equivalent of an un-manned garage sale ;-)

It is morally wrong to trawl through such material?  Probably.  Is it fair game to lambast someone for being so irresponsible with data that they have a "duty of care" to protect?  ABSOLUTELY.


Like the duty of care in regards to responsible disclosure, anyone who works in the IT industry knows about it??? Rather than maximum political damage right?





537 posts

Ultimate Geek
+1 received by user: 37


  Reply # 1111178 19-Aug-2014 11:19
Send private message

Regardless of whether it is legal or not I would have thought that the right thing to do would be inform the website owner that they have a security problem, rather than exploit it to go digging for dirt.

I would much rather that our politicians concentrated on developing ideas for progressing NZ and have a ideas contest, rather than digging for dirt and having a mudslinging contest.  I only hope our politics doesn't become as dysfunctional as the US.


Awesome
4805 posts

Uber Geek
+1 received by user: 1061

Trusted
Subscriber

  Reply # 1111179 19-Aug-2014 11:21
One person supports this post
Send private message

6FIEND: It is morally wrong to trawl through such material?  Probably. 

But is it also illegal to take said property away? Probably

Is it fair game to lambast someone for being so irresponsible with data that they have a "duty of care" to protect?  ABSOLUTELY.

Agreed







Twitter: ajobbins


606 posts

Ultimate Geek
+1 received by user: 537


  Reply # 1111199 19-Aug-2014 11:48
Send private message

ajobbins:
6FIEND: It is morally wrong to trawl through such material?  Probably. 

But is it also illegal to take said property away? Probably


No more illegal than me quoting your comment and saving a local copy of it on my computer.  By publishing it on the Internet, you are explicitly placing it in the public domain.

...or to extend my own analogy - the people who trawl the streets while the Auckland Inorganic Waste collections happen aren't engaging in illegal activity when they take things are they? (or are they?  ;-)

My memory of the incident is a little vague now, but I don't remember that Slater published the membership data (apart from names) or any credit card details on his blog?  He was merely revelling in the fact that Labour had had a very public IT security failure and was taking delight in demonstrating the extent of how serious it was.

2384 posts

Uber Geek
+1 received by user: 799

Trusted
Lifetime subscriber

  Reply # 1111202 19-Aug-2014 11:55
Send private message

6FIEND: My memory of the incident is a little vague now, but I don't remember that Slater published the membership data (apart from names) or any credit card details on his blog?  He was merely revelling in the fact that Labour had had a very public IT security failure and was taking delight in demonstrating the extent of how serious it was.


But you seem to be missing the main point of much of the arguments.

The fact that Labour had no security whatsoever, or that Slater is a scumbag of the highest order is nothing new.

The fact that a senior National Party staff member was in on it and actively celebrated the fact that he had a Dynamic IP is new... And extremely damming on the National Party.

That is the nub of the problem not the poor security on Labours site which we all agree is shocking.

Does anyone here find it remotely acceptable that a senior staff member of the National Party was poking around and assisting Slater with his dirty work. John Key refused to answer the question yesterday, and I suspect if asked again today he would still refuse.

That comes back to my argument of responsible disclosure and holding our senior officials in government to a higher standard.





3282 posts

Uber Geek
+1 received by user: 208

Trusted

  Reply # 1111221 19-Aug-2014 12:12
Send private message

ajobbins: Much better conduct from the Greens: [source]

Greens show they can be trusted - with folders The Green Party showed a nice side of politics when it returned a misplaced folder to Nikki Kaye. Spotting the folder on a flight, a party staffer contacted colleagues about what to do and was told to return it to the food safety minister unread. A spokesman for Kaye confirmed the folder was misplaced, but that it contained ‘‘no sensitive information’’, with only a few speaking notes and printed pages from her diary. ‘‘She is very grateful to the Green Party staffer for picking it up.’’

I have no doubt that this is simply because this was the best outcome for the Greens rather than for any altruistic reasons. By returning the folder that contained "no sensitive information" they can paint themselves as the good guys. I wonder what would've happened if the folder had contained something they could use?

JWR

738 posts

Ultimate Geek
+1 received by user: 236


  Reply # 1111280 19-Aug-2014 13:36

bazzer:
ajobbins: Much better conduct from the Greens: [source]

Greens show they can be trusted - with folders The Green Party showed a nice side of politics when it returned a misplaced folder to Nikki Kaye. Spotting the folder on a flight, a party staffer contacted colleagues about what to do and was told to return it to the food safety minister unread. A spokesman for Kaye confirmed the folder was misplaced, but that it contained ‘‘no sensitive information’’, with only a few speaking notes and printed pages from her diary. ‘‘She is very grateful to the Green Party staffer for picking it up.’’

I have no doubt that this is simply because this was the best outcome for the Greens rather than for any altruistic reasons. By returning the folder that contained "no sensitive information" they can paint themselves as the good guys. I wonder what would've happened if the folder had contained something they could use?


A bit of reading comprehension called for here.

The Green Party staffer was told to return the folder unread!

It is irrelevant whether he information was sensitive or not.

Awesome
4805 posts

Uber Geek
+1 received by user: 1061

Trusted
Subscriber

  Reply # 1111282 19-Aug-2014 13:37
Send private message

bazzer:

I have no doubt that this is simply because this was the best outcome for the Greens rather than for any altruistic reasons. By returning the folder that contained "no sensitive information" they can paint themselves as the good guys. I wonder what would've happened if the folder had contained something they could use?


Now you're just being a conspiracy theorist ;)




Twitter: ajobbins


3111 posts

Uber Geek
+1 received by user: 946

Trusted
Lifetime subscriber

  Reply # 1111295 19-Aug-2014 14:02
Send private message

Lias:
freitasm: At the end it would come down to this: it is still illegal (as pointed before) to access information from a computer system without authorisation. This is in the current law.


That is one possible interpretation of that law, but not I suspect one that would withstand significant scrutiny. Firstly the offence is accessing the computer system, not the information on it. Secondly, having a public facing web server on the internet that doesn't require any form of authentication to view content implies that the public are permitted a certain degree of access, and the law very clearly includes an exemption that it "does not apply if a person who is authorised to access a computer system accesses that computer system for a purpose other than the one for which that person was given access." 

IANAL, but I strongly suspect any charges filed under these circumstances would get laughed out of court. It would also explain why no charges were filed at the time the incident occurred.

I don't know if Rick Shera or Judge Harvey frequent these forums but it would be interesting to hear their take.


I can see where your coming from but it's not quite as simple as that. There's screeds of case law to take into account, not just what's said in the Act itself. If it were as simple as you suggest, a good many fraud cases would have fewer charges laid and cases such as this would [at least partly] fail.

939 posts

Ultimate Geek
+1 received by user: 26


  Reply # 1111300 19-Aug-2014 14:15
Send private message

This wasn't a case of Labour leaving the front door open. It was Labour putting out all their dirt laundry on the sidewalk for any passerby to see! Very foolish.




939 posts

Ultimate Geek
+1 received by user: 26


  Reply # 1111302 19-Aug-2014 14:19
Send private message

JWR:
bazzer:
ajobbins: Much better conduct from the Greens: [source]

Greens show they can be trusted - with folders The Green Party showed a nice side of politics when it returned a misplaced folder to Nikki Kaye. Spotting the folder on a flight, a party staffer contacted colleagues about what to do and was told to return it to the food safety minister unread. A spokesman for Kaye confirmed the folder was misplaced, but that it contained ‘‘no sensitive information’’, with only a few speaking notes and printed pages from her diary. ‘‘She is very grateful to the Green Party staffer for picking it up.’’

I have no doubt that this is simply because this was the best outcome for the Greens rather than for any altruistic reasons. By returning the folder that contained "no sensitive information" they can paint themselves as the good guys. I wonder what would've happened if the folder had contained something they could use?


A bit of reading comprehension called for here.

The Green Party staffer was told to return the folder unread!

It is irrelevant whether he information was sensitive or not.


LOL! As if anybody believe that.....

I can 100% guarantee  that if it had been juicy secret inside info then that knowledge would've been passed along.

They simply weighed up a very simple equation, do they gain more positive media from this than the value they'd get from the info contained? Of course when it is boring no sensitive info, the answer is the former.




277 posts

Ultimate Geek
+1 received by user: 57

Subscriber

  Reply # 1111303 19-Aug-2014 14:20
One person supports this post
Send private message

What seems to be missing here is that the information from the Labour Party website was not used at all. It was accessed yes, but no action was taken with the  credit card details or the e-mail address. Nothing was "taken" from the website.  The example quoted by MF isn't relevant (If you leave your house unlocked and someone walks in, is it ok for your TV to be gone?) because noting was stolen. Looked at yes, but not stolen.  

 

Did the Labour Party let its subscribers and donors know that their credit card details and e-mail addresses had been potentially exposed?  Have they informed them of this breach in their privacy?  Did they let the relevant financial institutions know as I believe they are required to do so? I really don't know the answer to these questions but haven't seen any mention of it.  




Tinshed
Wellington, New Zealand


2384 posts

Uber Geek
+1 received by user: 799

Trusted
Lifetime subscriber

  Reply # 1111311 19-Aug-2014 14:40
One person supports this post
Send private message

Tinshed: What seems to be missing here is that the information from the Labour Party website was not used at all. It was accessed yes, but no action was taken with the  credit card details or the e-mail address. Nothing was "taken" from the website.  The example quoted by MF isn't relevant (If you leave your house unlocked and someone walks in, is it ok for your TV to be gone?) because noting was stolen. Looked at yes, but not stolen.   Did the Labour Party let its subscribers and donors know that their credit card details and e-mail addresses had been potentially exposed?  Have they informed them of this breach in their privacy?  Did they let the relevant financial institutions know as I believe they are required to do so? I really don't know the answer to these questions but haven't seen any mention of it.  


Already covered in this thread and previously said by the PM that he admitted Ede downloaded the database backup and having a poke through it on his local machine.

Which goes back to the post above:

"Does the PM or anyone in National think it's appropriate that Ede who was a senior staffer went through a Labour Party database?"

Feel free to listen to the PM not answer the same question asked to him many times yesterday on Radio NZ's Morning Report.

Around 4 mins 30 into it is where the direct question was asked and avoided.

How difficult is it for National supporters to understand it's completely inappropriate.





939 posts

Ultimate Geek
+1 received by user: 26


  Reply # 1111312 19-Aug-2014 14:41
Send private message

Exactly Tinshed, people get very very confused over this concept of "Intellectual Property".

Thinking mistakenly that it is like physical property that gets stolen. But no, when a person takes your tv, you no longer have it. But if a person "takes" information from  you, you still have it! The only possibly crime that might really happen now is if they misuse it. Which I believe did not happen with the case of Labour.

Thus all the hard questions must now be asked of Labour..... did they inform their members of their lax security and their breach? Did they contact the relevant financial institutions / banks over this too?




2384 posts

Uber Geek
+1 received by user: 799

Trusted
Lifetime subscriber

  Reply # 1111314 19-Aug-2014 14:43
One person supports this post
Send private message

dman: Exactly Tinshed, people get very very confused over this concept of "Intellectual Property".

Thinking mistakenly that it is like physical property that gets stolen. But no, when a person takes your tv, you no longer have it. But if a person "takes" information from  you, you still have it! The only possibly crime that might really happen now is if they misuse it. Which I believe did not happen with the case of Labour.

Thus all the hard questions must now be asked of Labour..... did they inform their members of their lax security and their breach? Did they contact the relevant financial institutions / banks over this too?


Please.. as a National support I would love your response in regards to the basic question:

"Does the PM or anyone in National think it's appropriate that Ede who was a senior staffer went through a Labour Party database?"

It's such a simple question, why can't anyone in National answer it?

Edit: At least English has said something.





1 | 2 | 3 | 4 | 5 | 6 | 7
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Intel introduces new NUC kits and NUC mini PCs
Posted 16-Aug-2018 11:03


The Warehouse leaps into the AI future with Google
Posted 15-Aug-2018 17:56


Targus set sights on enterprise and consumer growth in New Zealand
Posted 13-Aug-2018 13:47


Huawei to distribute nova 3i in New Zealand
Posted 9-Aug-2018 16:23


Home robot Vector to be available in New Zealand stores
Posted 9-Aug-2018 14:47


Panasonic announces new 2018 OLED TV line up
Posted 7-Aug-2018 16:38


Kordia completes first live 4K TV broadcast
Posted 1-Aug-2018 13:00


Schools get safer and smarter internet with Managed Network Upgrade
Posted 30-Jul-2018 20:01


DNC wants a safer .nz in the coming year
Posted 26-Jul-2018 16:08


Auldhouse becomes an AWS Authorised Training Delivery Partner in New Zealand
Posted 26-Jul-2018 15:55


Rakuten Kobo launches Kobo Clara HD entry level reader
Posted 26-Jul-2018 15:44


Kiwi team reaches semi-finals at the Microsoft Imagine Cup
Posted 26-Jul-2018 15:38


KidsCan App to Help Kiwi Children in Need
Posted 26-Jul-2018 15:32


FUJIFILM announces new high-performance lenses
Posted 24-Jul-2018 14:57


New FUJIFILM XF10 introduces square mode for Instagram sharing
Posted 24-Jul-2018 14:44



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.