Ministry of Social Development security woes

Forums › IT Pro and developers › Ministry of Social Development security woes

eXDee

4032 posts

Uber Geek

Trusted

#110691 14-Oct-2012 23:21

Heres an infosec nightmare for you on a late sunday night - this will be front page news tomorrow:
http://publicaddress.net/onpoint/msds-leaky-servers/

Try and reach the bottom of the article without dying inside.

Now trending on twitter
https://twitter.com/search/realtime?q=%23wtfmsd&src=hash

1 | 2 | 3 | 4 | 5 | 6 | ... | 9

564 posts

Ultimate Geek

#701187 14-Oct-2012 23:35

This sort of security makes me want to bang my head on a wall. How can any trained network technician be this stupid?

Strongbad1905

94 posts

Master Geek

#701188 14-Oct-2012 23:35

Wow that's a pretty big stuff up.

Zeon

3916 posts

Uber Geek

Trusted

#701189 14-Oct-2012 23:37

HAHAHAHA.

Must be looked after by the networking support arm of Wheedle's developers.

Speedtest 2019-10-14

DravidDavid

1907 posts

Uber Geek

#701194 14-Oct-2012 23:52

These are the same people that won't let you put a little USB stick in to their workstation to transfer a CV and cover letter on to their computer.

l43a2

1779 posts

Uber Geek

ID Verified

Trusted

#701195 14-Oct-2012 23:54

lol this is pretty amusing, but not overly surprising at all.

mjb

996 posts

Ultimate Geek

Trusted

#701197 15-Oct-2012 00:00

404 on pa.net already...

edit: no, that's the space on the end of the URL in the OP.

contentsofsignaturemaysettleduringshipping

eXDee

4032 posts

Uber Geek

Trusted

#701199 15-Oct-2012 00:06

mjb: 404 on pa.net already...

edit: no, that's the space on the end of the URL in the OP.

Cheers, im used to forums auto creating hyperlink bbcode for me.

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.

tigercorp

668 posts

Ultimate Geek

#701200 15-Oct-2012 00:09

*double facepalm*

mjb

996 posts

Ultimate Geek

Trusted

#701201 15-Oct-2012 00:10

eXDee: Cheers, im used to forums auto creating hyperlink bbcode for me.

No problem.

Now that I've read the story... it's a really sad situation when I'm just totally not surprised.

contentsofsignaturemaysettleduringshipping

sleemanj

1490 posts

Uber Geek

#701211 15-Oct-2012 02:38

I think if I had been the one to find such a security problem, I would have reported it anonymously to the ministry, police, and privacy commisioner.

Probably was not a good idea to say...
1. that he performed a specific action to get the access (mapped a drive through the Open File dialog in Word)
2. searched through files which he unquestionably knew he was not supposed to access
3. read files which he unquestionably knew he was not supposed to access
4. sounds like he actually might have sent the files to himself as well
5. he says he was tipped off about it, which means that somebody he knew (or anon) had access before him

At the least, the guy is probably going to have his computers seized for analysis and be interviewed by police.

---
James Sleeman
I sell lots of stuff for electronic enthusiasts...

Kyanar

4089 posts

Uber Geek

ID Verified

Trusted

#701219 15-Oct-2012 07:50

sleemanj: I think if I had been the one to find such a security problem, I would have reported it anonymously to the ministry, police, and privacy commisioner.

Probably was not a good idea to say...
1. that he performed a specific action to get the access (mapped a drive through the Open File dialog in Word)
2. searched through files which he unquestionably knew he was not supposed to access
3. read files which he unquestionably knew he was not supposed to access
4. sounds like he actually might have sent the files to himself as well
5. he says he was tipped off about it, which means that somebody he knew (or anon) had access before him

At the least, the guy is probably going to have his computers seized for analysis and be interviewed by police.

Probably not actually. If YOU did it, then sure. But he's a journalist, even if for a small but popular blogging network. They won't risk the bad PR from attacking the press directly because the press will close ranks and make the government out to be the devil incarnate.

The sad thing is that I know other government departments with similar issues.

freitasm

BDFL - Memuneh
79250 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#701225 15-Oct-2012 08:14

The bad thing is that the kiosks will be pulled, the endpoint will be blamed, but the fact actual information is available to people who should not see it (internally) will not be addressed.

gjm

808 posts

Ultimate Geek

#701234 15-Oct-2012 09:03

just read the blog entry....unbelievable. There is no face big enough in the world to contain the number of palms required for this. It looks like it may have even been possible to copy over some of their hyper v machines??? Is this the department that was just talking about making a new database for at risk children that would definitely be secure or was that a different one?

Do surveys for Beer money (referral link) - Octopus Group

Link for buying beer (not affiliated, just like beer) - Good George

freitasm

BDFL - Memuneh
79250 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#701239 15-Oct-2012 09:06

The government will "investigate" and nothing will come out of it.

They spend money in important things. Things that show up and get votes. Backend IT infrastructure doesn't get votes.

insane

3236 posts

Uber Geek

ID Verified

Trusted

#701246 15-Oct-2012 09:15

Which organisation was contracted to setup the security?

1 | 2 | 3 | 4 | 5 | 6 | ... | 9

eXDee

CamH

Strongbad1905

Zeon

DravidDavid

l43a2

mjb

eXDee

Equinox IT

tigercorp

mjb

sleemanj

Kyanar

freitasm

gjm

freitasm

insane