Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9
Satire
27 posts

Geek


  #701649 15-Oct-2012 17:34
Send private message

amanzi:
KiwiNZ: it's possible to hack a Bank terminal or intercept a Eftpos terminal so those should all be immediately taken off line.


Nice trolling...


Not really, it was actually a kinda lame attempt at trolling.

I hope someone has screenshot his statements regarding the MSD knowing about this problem for at least a couple of weeks. Along with his numerous statements saying that he had inside knowledge.

They may become useful to Mr Ng in court :-)



Talkiet
4792 posts

Uber Geek

Trusted

  #701653 15-Oct-2012 17:37
Send private message

KiwiNZ: [snip]

my point was nearly every device, server etc has vulnerabilities taking systems offline because of risks is just not always feasible.  


This statement of yours is absolutely correct.

A vulnerability would need to be serious, easy to exploit, involve sensitive data and have no real audit trail before someone should consider immediately taking a system offline - and the systems would need to be not critical to the core business functions of the company.

Now, do you think the public access terminals being discussed here fit that description?

Cheers - N





Please note all comments are from my own brain and don't necessarily represent the position or opinions of my employer, previous employers, colleagues, friends or pets.


Talkiet
4792 posts

Uber Geek

Trusted

  #701656 15-Oct-2012 17:43
Send private message

KiwiNZ:
Talkiet:
KiwiNZ: [snip]

my point was nearly every device, server etc has vulnerabilities taking systems offline because of risks is just not always feasible.  


This statement of yours is absolutely correct.

A vulnerability would need to be serious, easy to exploit, involve sensitive data and have no real audit trail before someone should consider immediately taking a system offline - and the systems would need to be not critical to the core business functions of the company.

Now, do you think the public access terminals being discussed here fit that description?

Cheers - N



I agree, however iam prepared to wait until the FULL facts are known,  even the the thread title is wrong and alarmist. How much security did the intruder have to break in order to get in, was he using a third parties access to get in, etc etc etc 


I advise you to read the original post by Mr Ng to answer those questions.

Cheers - N





Please note all comments are from my own brain and don't necessarily represent the position or opinions of my employer, previous employers, colleagues, friends or pets.




ajobbins
5052 posts

Uber Geek

Trusted

  #701657 15-Oct-2012 17:45
Send private message

Talkiet:
KiwiNZ: [snip]

my point was nearly every device, server etc has vulnerabilities taking systems offline because of risks is just not always feasible.  


This statement of yours is absolutely correct.

A vulnerability would need to be serious, easy to exploit, involve sensitive data and have no real audit trail before someone should consider immediately taking a system offline - and the systems would need to be not critical to the core business functions of the company.

Now, do you think the public access terminals being discussed here fit that description?

Cheers - N



^ THIS.

KiwiNZ - I really don't think that you are grasping the seriousness of this situation, at least your posts demonstrate you do not.




Twitter: ajobbins


tigercorp
668 posts

Ultimate Geek


  #701675 15-Oct-2012 18:17
Send private message

I wonder how many other departments with public facing terminals have quietly launched their own security audits today? :D

gjm

gjm
808 posts

Ultimate Geek


  #701679 15-Oct-2012 18:27
Send private message

The guy that decided hooking up public facing terminals to the corporate LAN was a good idea should get fired, end of. Any even semi competent tech would never even consider such a thing. As mentioned previously this is trivial to do with vlans if it wasn't feasible to have two physically disparate networks. So much face palm :8




Do surveys for Beer money (referral link) - Octopus Group 

 

Link for buying beer (not affiliated, just like beer) - Good George


freitasm
BDFL - Memuneh
79278 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #701695 15-Oct-2012 18:50
Send private message

Here, changed the subject to reflect reality then.




Please support Geekzone by subscribing, or using one of our referral links: Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSyncBackblaze backup


 
 
 

Free kids accounts - trade shares and funds (NZ, US) with Sharesies (affiliate link).

gzt

gzt
17125 posts

Uber Geek

Lifetime subscriber

#701715 15-Oct-2012 19:15
Send private message

Kyanar: Really?  freitasm, is KiwiNZ coming from an MSD IP address?  Because he seems to be claiming to have special insight into this case that I can't imagine anyone bar MSD IT having.

No, MSD IT cannot have those insights yet.

MSD IT staff are waiting on a service request trying to get half the permissions those kiosks have...

mjb

mjb
996 posts

Ultimate Geek

Trusted

  #701720 15-Oct-2012 19:21
Send private message

Given KiwiNZ's apparent lack of understanding of the seriousness of this breach, and their comments implying they may have worked on MSD systems, speaks volumes about why this sort of thing happens.




contentsofsignaturemaysettleduringshipping


freitasm
BDFL - Memuneh
79278 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #701731 15-Oct-2012 19:34
Send private message

Kyanar: Really?  freitasm, is KiwiNZ coming from an MSD IP address?


You know I cannot say anything about this to you - or anyone else really.







Please support Geekzone by subscribing, or using one of our referral links: Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSyncBackblaze backup


freitasm
BDFL - Memuneh
79278 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #701747 15-Oct-2012 20:18
Send private message




Please support Geekzone by subscribing, or using one of our referral links: Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSyncBackblaze backup


freitasm
BDFL - Memuneh
79278 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #701765 15-Oct-2012 20:47
Send private message

And the company behind the kiosk is... Dimension Data:


"Dimension Data was responsible for the security testing of the system, having conducted an audit on the kiosks earlier this year, but found no hole.

Dimension Data did not respond to request for comment by the time of publication.

The kiosks, which run an old version of Windows, 2000 or XP, had some protections in place to prevent unauthorised access."







Please support Geekzone by subscribing, or using one of our referral links: Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSyncBackblaze backup


mjb

mjb
996 posts

Ultimate Geek

Trusted

  #701784 15-Oct-2012 20:56
Send private message

freitasm: And the company behind the kiosk is... Dimension Data


From DiData's NZ regional page:

....Already more than thirty agencies have joined one.govt including Department of Conservation, Ministry of Education, New Zealand Police and Department of Labour.




edit: not that that means anything really, just how embedded they are in our government agencies.




contentsofsignaturemaysettleduringshipping


rubygirl
67 posts

Master Geek


  #701795 15-Oct-2012 21:24
Send private message

gzt:
Kyanar: ... he seems to be claiming to have special insight into this case that I can't imagine anyone bar MSD IT having.

No, MSD IT cannot have those insights yet. MSD IT staff are waiting on a service request trying to get half the permissions those kiosks have...


Sooooo funny! love it gzt Smile

tigercorp
668 posts

Ultimate Geek


  #701838 15-Oct-2012 23:31
Send private message

freitasm: And the story goes deeper now. MSD decided that an ad hominen attack would be a good move and ratted out the source.


I guess I shouldn't be surprised that the MSD don't seem have any regard for privacy.

/bitterness

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9
View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00


eero Pro 7 Review
Posted 23-Jul-2025 12:07


BeeStation Plus Review
Posted 21-Jul-2025 14:21


eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01


WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32


RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26


Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24


Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05


Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01


Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01


Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22


Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46


Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42


D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34


Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.