Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9
1321 posts

Uber Geek


  # 701458 15-Oct-2012 13:43
Send private message

Mark: Just to satisfy my own curiosity about whether my own ethics/morals are "normal" ...

Thumbs up or down if you think the blogger acted illegally or not.



Blogger has admitted that he specifically went looking for files he was not intended to have.

He claims he did so in a manner which required him to "break in" by mapping a drive (ok wasn't hard but the average joe isn't going to know).

He opened files he found, and he took files home (physically or over the internet, doesn't matter).  

He has also admitted that he knew when he did so that these files were of a private confidential nature and that they were not intended for him.

He has also admitted that he did not stop at the first instance but continued on, apparantly looking at thousands of files.

So yes, I believe he has acted in at least some ways illegally.





---
James Sleeman
I sell lots of stuff for electronic enthusiasts...


Awesome
4871 posts

Uber Geek

Trusted
Subscriber

  # 701463 15-Oct-2012 13:49
Send private message

There have already been claims this has been raised (In a non public) way with MSD and nothing was done.

In which case, going public (as well as having the proof it was possible - something he couldn't do without copying the information) was what was needed to get this the appropriate attention.




Twitter: ajobbins


 
 
 
 


932 posts

Ultimate Geek

Trusted

  # 701465 15-Oct-2012 13:54
Send private message

KiwiNZ: Contact Mr Boyles executive assistant


I think you are grossly underestimating the seriousness of this issue.

4677 posts

Uber Geek

Trusted

  # 701470 15-Oct-2012 13:59
Send private message

So from the press release (on now), they said that staff do not have access to all the information the kiosk did.

So that seems to point to elevated permissions of the kiosk user/group. Rather than guess/everyone access on all shares/file systems.




Previously known as psycik

OpenHAB: Gigabyte AMD A8 BrixOpenHAB with Aeotech ZWave Controller, Raspberry PI, Wemos D1 Mini, Zwave, Xiaomi Humidity and Temperature sensors and Bluetooth LE Sensors
Media:Chromecast v2, ATV4, Roku3, HDHomeRun Dual
Windows 10
Host (Plex Server/Crashplan): 2x2TB, 2x3TB, 1x4TB using DriveBender, Samsung 850 evo 512 GB SSD, Hyper-V Server with 1xW10, 1xW2k8, 2xUbuntu 16.04 LTS, Crashplan, NextPVR channel for Plex,NextPVR Metadata Agent and Scanner for Plex


3344 posts

Uber Geek

Trusted
Vocus

  # 701483 15-Oct-2012 14:19
Send private message

KiwiNZ:To me it is like entering a home to show that is is insecure and then ransacking that home etc.


Again not saying that it was legal but: MSD is a Government Department.  This is a service that we all pay for and expect them to protect the privacy of citizens.

What the reporter has done is not the same as breaking into a private citizen's house in any way, shape or form.  Nor is it the same as ransacking that house, he did not delete or corrupt any data.

BDFL - Memuneh
65382 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  # 701484 15-Oct-2012 14:23
Send private message

KiwiNZ:
ajobbins: There have already been claims this has been raised (In a non public) way with MSD and nothing was done.

In which case, going public (as well as having the proof it was possible - something he couldn't do without copying the information) was what was needed to get this the appropriate attention.


And you know for sure that nothing was being done in the back ground in order to lessen disruption to the users of the service?


If anything was being done in the background then either
  • Kiosks would have turned off before this became public or
  • Permissions would have been changed before this became public.
I have the impression there's an underestimating of the seriousness of the situation, perhaps even ignoring the Privacy Act and its implications.






2120 posts

Uber Geek


  # 701492 15-Oct-2012 14:28
Send private message

This whole thing is WOW.

The guy shouldn't be charged but I'm very curious about how he knew about the security flaw if he is not a beneficiary or someone who has receiving assistance.

 

I remember in high school typing directories into word to open a file explorer in off access drives.  Could never get to anything personal though, only games and UI settings

 
 
 
 


932 posts

Ultimate Geek

Trusted

  # 701504 15-Oct-2012 14:42
Send private message

KiwiNZ: You need to understand the Server permissions structure, Applications access and authorisation regimes. Auditing and checking. 


It's a fair assumption that most people reading this thread in the IT Pro forum will have a reasonable understanding of server permissions.

KiwiNZ: Turning off the Kiosks would cause considerable issues to the customer base and this persons actions have now ensured that.


Thankfully those kiosks have now been turned off. Sure a small number of people have been inconvenienced by this, but that's nothing compared to the tens or hundreds of thousands of people that have had their private and sensitive information exposed to anyone with a bit of computer knowledge.


KiwiNZ: I can assure you I am fully aware of the seriousness and consequences of what is happening probably more so than anyone currently involved with this thread.  


No, I really don't think you realise the seriousness of the situation.

1498 posts

Uber Geek


  # 701510 15-Oct-2012 14:51
Send private message

I'm also wondering that if he viewed all those thousands of files .... did he edit any ?

BDFL - Memuneh
65382 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  # 701517 15-Oct-2012 15:00
Send private message

Because some of the comments in this thread. For example "Turning off the Kiosks would cause considerable issues to the customer base and this persons actions have now ensured that."

Turning off the kiosks would impact some people, sure. But immediately cut off access to any information to external parties. Then let the witch hunt begin.

If this is a problem that was known for some time then there's no excuses for the kiosks to still be available as it were.

Defending the option of leaving the kiosks on while access to this information was available is simply unbelievable.




932 posts

Ultimate Geek

Trusted

  # 701519 15-Oct-2012 15:01
Send private message

What he said.

Awesome
4871 posts

Uber Geek

Trusted
Subscriber

  # 701520 15-Oct-2012 15:01
Send private message

KiwiNZ: [Removed on request]


If this is true, yet the kiosks can access all of this and more, they must be running on some kind of elevated permissions account. But why? Assumably they are running some pretty basic apps (Web browser, Office) and are linked to a printer and the internet. I can't see why they would need elevated permissions. In fact, I see no reason why they need to be on the corporate network at all. They should be segregated off totally.

As mentioned before, it seems that this security flaw has been raised with MSD quietly in the past, and nothing was done. Obviously you have inside knowledge, so one can assume you are employed directly or indirectly by the MSD - which could explain why (IMHO) you come across as biased towards defending them.

While Mr Ng may have technically broken the law, he seems to have done so 'for the greater good', has done so I an open, transparent and co-operative way and seemingly without malicious intent. If they decided to sue him over this I think any court would have to consider the context in which this has happened.




Twitter: ajobbins


437 posts

Ultimate Geek
Inactive user


  # 701532 15-Oct-2012 15:19
Send private message

KiwiNZ: With all due respect I believe that most here are basing their statements on what the press, of course they are the source of ALL fact, are saying.



That sentence makes no sense. Same as your argument really.

Awesome
4871 posts

Uber Geek

Trusted
Subscriber

  # 701533 15-Oct-2012 15:19
Send private message

KiwiNZ: With all due respect I believe that most here are basing their?statements?on what?the?press, of course they are the source of ALL fact, are saying.



Until MSD come out and publicly say otherwise, what is in the media is all we have to go on.

The actions of the MSD since this story broke only seem to back up and provide credibility to what is currently being reported




Twitter: ajobbins


932 posts

Ultimate Geek

Trusted

  # 701537 15-Oct-2012 15:24
Send private message

KiwiNZ: With all due respect I believe that most here are basing their statements on what the press, of course they are the source of ALL fact, are saying.


Well I watched the press conference today and neither Brendan Boyle nor Paula Bennett denied anything that had been reported. So unless you're saying that the reporter did not get access to all that private data, then I'm quite happy going with the facts as reported.

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9
View this topic in a long page with up to 500 replies per page Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Vodafone New Zealand starts two year partnership with LetsPlay.Live
Posted 28-Jan-2020 11:24


Ring launches indoor-only security camera
Posted 23-Jan-2020 17:26


New report findings will help schools implement the digital technologies curriculum content
Posted 23-Jan-2020 17:25


N4L to upgrade & support wireless internet inside schools
Posted 23-Jan-2020 17:22


Netflix releases 21 Studio Ghibli works
Posted 22-Jan-2020 11:42


Vodafone integrates eSIM into device and wearable roadmap
Posted 17-Jan-2020 09:45


Do you need this camera app? Group investigates privacy implications
Posted 16-Jan-2020 03:30


JBL launches headphones range designed for gaming
Posted 13-Jan-2020 09:59


Withings introduces ScanWatch wearable combining ECG and sleep apnea detection
Posted 9-Jan-2020 18:34


NZ Police releases public app
Posted 8-Jan-2020 11:43


Suunto 7 combine sports and smart features on new smartwatch generation
Posted 7-Jan-2020 16:06


Intel brings innovation with technology spanning the cloud, network, edge and PC
Posted 7-Jan-2020 15:54


AMD announces high performance desktop and ultrathin laptop processors
Posted 7-Jan-2020 15:42


AMD unveils four new desktop and mobile GPUs including AMD Radeon RX 5600
Posted 7-Jan-2020 15:32


Consolidation in video streaming market with Spark selling Lightbox to Sky
Posted 19-Dec-2019 09:09



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.