Ministry of Social Development security woes

Forums › IT Pro and developers › Ministry of Social Development security woes

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | ... | 9

1653 posts

Uber Geek

#701330 15-Oct-2012 10:48

allan:

And this issue would have been addressed how exactly without this sort of exposure?

Oh gosh I can't possible begin to work out that problem... might involve the telephone and speaking to someone perhaps ?

freitasm

BDFL - Memuneh
79270 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#701331 15-Oct-2012 10:49

And after the person on the other side puts the phone down everything goes back to what it was. Inaction.

davidcole

6034 posts

Uber Geek

Trusted

#701332 15-Oct-2012 10:50

freitasm: And after the person on the other side puts the phone down everything goes back to what it was. Inaction.

So at that point he could have gone to the press, rather than actually copying data off the kiosks.

Previously known as psycik

Home Assistant: Gigabyte AMD A8 Brix, Home Assistant with Aeotech ZWave Controller, Raspberry PI, Wemos D1 Mini, Zwave, Shelly Humidity and Temperature sensors
Media:Chromecast v2, ATV4 4k, ATV4, HDHomeRun Dual
Server Host Plex Server 3x3TB, 4x4TB using MergerFS, Samsung 850 evo 512 GB SSD, Proxmox Server with 1xW10, 2xUbuntu 22.04 LTS, Backblaze Backups, usenetprime.com fastmail.com Sharesies Trakt.TV Sharesight

gzt

17122 posts

Uber Geek

Lifetime subscriber

#701333 15-Oct-2012 10:51

Additionally - if the ministry does not have a Chief Information Security Officer (CISO) - they need to get that organised.

It is a reality that security and secure practices need to be driven from and reported to this level. Otherwise reports tend to be blocked by 'practical considerations' and reported issues can be simply ignored or worse laughed at - by people who do not understand the issues.

@Mark. It may be true in part - but as a journalist this person has a public interest defense available and very likely followed something like responsible disclosure. See 4th paragraph of my previous post for more detail. In contrast the circumstances around the Scoop exposure are not so clear cut in this regard.

eXDee

4032 posts

Uber Geek

Trusted

#701337 15-Oct-2012 10:57

@kiwicon:

I guess we'd be derelict in our civic duty not to offer MSD's CIO (whoever takes the job) a free ticket to Kiwicon #wtfmsd #fatlotofuse

Hahahaha

freitasm

BDFL - Memuneh
79270 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#701346 15-Oct-2012 11:07

KiwiNZ:
freitasm: And after the person on the other side puts the phone down everything goes back to what it was. Inaction.

That will not be the case.

That will not be the case in the current situation.

That could be the case in the imagined/suggested alternative situation.

freitasm

BDFL - Memuneh
79270 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#701428 15-Oct-2012 13:01

I personally have a "Dilbert" view of some institutions.

Tradepub

Free professional, reference and technical white papers (affiliate link).

freitasm

BDFL - Memuneh
79270 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#701433 15-Oct-2012 13:05

I didn't say I based my view on the cartoon. It's the other way around: the cartoon reflects my view.

freitasm

BDFL - Memuneh
79270 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#701436 15-Oct-2012 13:11

*sigh*

I didn't say my knowledge came from the press either, did I?

My knowledge of the specific aspects of this case, yes. My opinion on what would have happen if not made public is another matter entirely.

You have your reasons, I have mine.

amanzi

Amanzi
1292 posts

Uber Geek

ID Verified

Trusted

Lifetime subscriber

#701440 15-Oct-2012 13:12

KiwiNZ: My view on what will happen is based on experience and knowledge and not knowledge gained from the press

I think that going public in such a big way was the right thing to do in this case as the level of negligence is staggering. Doing it this way will ensure that not only do the systems get fixed, but the people responsible for exposing all these private records are held accountable.

Mark

1653 posts

Uber Geek

#701443 15-Oct-2012 13:21

Just to satisfy my own curiosity about whether my own ethics/morals are "normal" ...

Thumbs up or down if you think the blogger acted illegally or not.

freitasm

BDFL - Memuneh
79270 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#701450 15-Oct-2012 13:28

KiwiNZ:
amanzi:
KiwiNZ: My view on what will happen is based on experience and knowledge and not knowledge gained from the press

I think that going public in such a big way was the right thing to do in this case as the level of negligence is staggering. Doing it this way will ensure that not only do the systems get fixed, but the people responsible for exposing all these private records are held accountable.

You are basing this on one side of the story ? which is normal in this type of senario

Amanzi points are:

Going public is justified because negligence at this level is not supposed to happen
Systems should get fixed
People responsible for this happening should be held accountable

Which ones do you agree with or not?

amanzi

Amanzi
1292 posts

Uber Geek

ID Verified

Trusted

Lifetime subscriber

#701451 15-Oct-2012 13:33

KiwiNZ: You are basing this on one side of the story?

I'm basing it on the side of the story that has a member of the public sitting at a kiosk computer in a WINZ office and accessing tons of confidential information. What is the other side of the story?

eXDee

4032 posts

Uber Geek

Trusted

#701452 15-Oct-2012 13:37

ubergeeknz

3344 posts

Uber Geek

Trusted

Vocus

#701456 15-Oct-2012 13:41

KiwiNZ: he should have approached the CEO of MSD and discussed it with him.

Ha! How on earth might one arrange that meeting!?

I'm not saying what he did was ethical, or legal, but from here it seems like the best way to get action. Remember this is not a business he's targeting, it's a government department.

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | ... | 9