Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsIT Pro and developersMinistry of Social Development security woes
eXDee

4033 posts

Uber Geek
+1 received by user: 1070

Trusted

#110691 14-Oct-2012 23:21
Send private message

Heres an infosec nightmare for you on a late sunday night - this will be front page news tomorrow:
http://publicaddress.net/onpoint/msds-leaky-servers/

Try and reach the bottom of the article without dying inside.

Now trending on twitter
https://twitter.com/search/realtime?q=%23wtfmsd&src=hash

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2 | 3 | 4 | 5 | 6 | ... | 9
CamH
615 posts

Ultimate Geek
+1 received by user: 327

Subscriber

  #701187 14-Oct-2012 23:35
Send private message

This sort of security makes me want to bang my head on a wall. How can any trained network technician be this stupid?







Strongbad1905
94 posts

Master Geek
+1 received by user: 2


  #701188 14-Oct-2012 23:35
Send private message

Wow that's a pretty big stuff up.

Zeon
3926 posts

Uber Geek
+1 received by user: 759

Trusted

  #701189 14-Oct-2012 23:37
Send private message

HAHAHAHA.

Must be looked after by the networking support arm of Wheedle's developers.




Speedtest 2019-10-14



DravidDavid
1907 posts

Uber Geek
+1 received by user: 305


  #701194 14-Oct-2012 23:52
Send private message

These are the same people that won't let you put a little USB stick in to their workstation to transfer a CV and cover letter on to their computer.

l43a2
1784 posts

Uber Geek
+1 received by user: 591

ID Verified
Trusted

  #701195 14-Oct-2012 23:54
Send private message

lol this is pretty amusing, but not overly surprising at all.





mjb

mjb
996 posts

Ultimate Geek
+1 received by user: 67

Trusted

  #701197 15-Oct-2012 00:00
Send private message

404 on pa.net already...

edit: no, that's the space on the end of the URL in the OP.




contentsofsignaturemaysettleduringshipping

 
 
 
 

Shop now on AliExpress (affiliate link).
eXDee

4033 posts

Uber Geek
+1 received by user: 1070

Trusted

  #701199 15-Oct-2012 00:06
Send private message

mjb: 404 on pa.net already...

edit: no, that's the space on the end of the URL in the OP.


Cheers, im used to forums auto creating hyperlink bbcode for me.

tigercorp
668 posts

Ultimate Geek
+1 received by user: 81


  #701200 15-Oct-2012 00:09
Send private message

*double facepalm*

mjb

mjb
996 posts

Ultimate Geek
+1 received by user: 67

Trusted

  #701201 15-Oct-2012 00:10
Send private message

eXDee: Cheers, im used to forums auto creating hyperlink bbcode for me.


No problem.


Now that I've read the story... it's a really sad situation when I'm just totally not surprised.




contentsofsignaturemaysettleduringshipping

sleemanj
1514 posts

Uber Geek
+1 received by user: 315


  #701211 15-Oct-2012 02:38
Send private message

I think if I had been the one to find such a security problem, I would have reported it anonymously to the ministry, police, and privacy commisioner.

Probably was not a good idea to say...
1. that he performed a specific action to get the access (mapped a drive through the Open File dialog in Word)
2. searched through files which he unquestionably knew he was not supposed to access
3. read files which he unquestionably knew he was not supposed to access
4. sounds like he actually might have sent the files to himself as well
5. he says he was tipped off about  it, which means that somebody he knew (or anon) had access before him

At the least, the guy is probably going to have his computers seized for analysis and be interviewed by police.




---
James Sleeman
I sell lots of stuff for electronic enthusiasts...

Kyanar
4089 posts

Uber Geek
+1 received by user: 1684

ID Verified
Trusted

  #701219 15-Oct-2012 07:50
Send private message

sleemanj: I think if I had been the one to find such a security problem, I would have reported it anonymously to the ministry, police, and privacy commisioner.

Probably was not a good idea to say...
1. that he performed a specific action to get the access (mapped a drive through the Open File dialog in Word)
2. searched through files which he unquestionably knew he was not supposed to access
3. read files which he unquestionably knew he was not supposed to access
4. sounds like he actually might have sent the files to himself as well
5. he says he was tipped off about  it, which means that somebody he knew (or anon) had access before him

At the least, the guy is probably going to have his computers seized for analysis and be interviewed by police.


Probably not actually.  If YOU did it, then sure.  But he's a journalist, even if for a small but popular blogging network.  They won't risk the bad PR from attacking the press directly because the press will close ranks and make the government out to be the devil incarnate.

The sad thing is that I know other government departments with similar issues.

 
 
 
 

Shop now for Lego sets and other gifts (affiliate link).
freitasm
BDFL - Memuneh
80646 posts

Uber Geek
+1 received by user: 41030

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #701225 15-Oct-2012 08:14
Send private message

The bad thing is that the kiosks will be pulled, the endpoint will be blamed, but the fact actual information is available to people who should not see it (internally) will not be addressed.





Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies 

 

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

 

gjm

gjm
810 posts

Ultimate Geek
+1 received by user: 122


  #701234 15-Oct-2012 09:03
Send private message

just read the blog entry....unbelievable. There is no face big enough in the world to contain the number of palms required for this. It looks like it may have even been possible to copy over some of their hyper v machines??? Is this the department that was just talking about making a new database for at risk children that would definitely be secure or was that a different one?




Do surveys for Beer money (referral link) - Octopus Group 

 

Link for buying beer (not affiliated, just like beer) - Good George

freitasm
BDFL - Memuneh
80646 posts

Uber Geek
+1 received by user: 41030

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #701239 15-Oct-2012 09:06
Send private message

The government will "investigate" and nothing will come out of it.

They spend money in important things. Things that show up and get votes. Backend IT infrastructure doesn't get votes.




Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies 

 

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

 

insane
3324 posts

Uber Geek
+1 received by user: 1006

ID Verified
Trusted
2degrees
Subscriber

  #701246 15-Oct-2012 09:15
Send private message

Which organisation was contracted to setup the security?

 1 | 2 | 3 | 4 | 5 | 6 | ... | 9
View this topic in a long page with up to 500 replies per page Create new topic








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.








RSS feeds
Main feed
Forums feed
Copyright
©2002-2026 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright