OnPoint by Keith Ng

Read Post

OnPoint: MSD's Leaky Servers

629 Responses

First ←Older Page 1 2 3 4 5 26 Newer→ Last

  • Chris Miller, in reply to Graeme Edgeler,

    It would be pretty shitty if you had to be a WINZ client to use those considering how many people have been booted off benefits and have no actual income. Real unemployment figures are higher than who's on unemployment.

    Otautahi, Aotearoa • Since Nov 2011 • 17 posts Report Reply

  • nzlemming,

    Keith, do you know how widespread the knowledge of this is? You said you were alerted to it by someone else, and tomj mentions his friend knew about it. RadioNZ have just mentioned a memo of a risk over a year ago.

    Waikanae • Since Nov 2006 • 2937 posts Report Reply

  • Siena Denton,

    Listening to Keith in an interview with Rachael on TV 3...absolutely incredulous.

    Vulnerable children and the types of medication like anti-depressants...tummy churning stuff.

    Legal bills from lawyers who act on behalf of MSD...Benefit fraud unit etc, etc

    The attempt of a person to commit suicide...Bennett's 'White Paper' she can take it and wipe her own bum with it!

    Aotearoa • Since Nov 2010 • 1 posts Report Reply

  • dc_red,

    Does anyone know the significance (if any) of Mountain Standard Time reference on one of the captures? It seems strangely out of place.

    Oil Patch, Alberta • Since Nov 2006 • 706 posts Report Reply

  • Jonathan King,

    Bravo, Keith – brilliant work.

    While Keith was working on this, here’s what the Dom Post had on its front page on Saturday:

    ANIMALS BEHAVING BADLY …
    • A rhinoceros at Auckland Zoo was having mud applied to a head wound when he took fright, catching the keeper’s ankle and knocking him into a wooden post.
    • A child was bitten by an otter while leaning over an enclosed barrier.
    • A wallaby being restrained kicked a keeper in the arm at Auckland Zoo,
    • A capuchin monkey escaped twice but was quickly captured.

    Incredibly people seem to still not grasp the enormity and ineptitude of all this: the privacy woman on the radio saying “we need to investigate to see if any info has been accessed …” – it’s been wide open for so long surely it’ll be impossible to tell what has been easily accessible for quite some time.

    And a bit sad how proudly MSD are saying “there was a hole flagged a year ago and the system was completely rebuilt."

    Since Sep 2010 • 185 posts Report Reply

  • Ian Dalziel, in reply to Chris Miller,

    Witty Leaks...

    I would love to see them go after him for this. LOVE TO. He may well have technically broken the law but public opinion if they tried to charge him for it could get very messy.

    Well, Power got rid of that "Greater Good" defence before he left for Westpac and handling the Gov'ts banking - Keith has 'burst their bubble' - they'll probably want to make him pay to fix it up, just as they did with the Ploughshares guys at Waihopai... They're a vindictive bunch (Nat Gov't), and don't like people showing them up, especially when they desperately need showing up!

    Still, I hear those private prisons are easy to get out of, and the operators just have to pay a fine (well for the next 25 years anyway...)

    ;- )

    Christchurch • Since Dec 2006 • 7953 posts Report Reply

  • Ben Curran, in reply to Ben McNicoll,

    I just hope someone somewhere has still got the cover your ass email/memo where they pointed this lack of security out years ago but were told the solutions were too expensive.

    If I was a sys admin with this, I'd be presenting front and centre about now.

    Since May 2011 • 47 posts Report Reply

  • Mat, in reply to Indy Griffiths,

    I'm worried about how short the administrator passwords are. It almost looks like they're the same as the registered owner, altiris.

    Altiris is a horrific self-service provisioning utility by Symantec. Chances are, these are not the end passwords but just the ones used during the build phase of a new VM.

    New Zealand • Since Oct 2012 • 1 posts Report Reply

  • Ian Dalziel, in reply to Jonathan King,

    The bucket list, dear Liza...

    And a bit sad how proudly MSD are saying “there was a hole flagged a year ago and the system was completely rebuilt.”

    Do we know who rebuilt it, or first installed it, (any history at all?).
    Was this the another one of the Government's (not sure which one) expensive white elephant computer systems, late and over budget, like others before....

    Colin James had an interesting assessment of some of the changes Trevor Mallard / Labour was making back in 2003:

    "Mallard is also driving the standardisation of government computer purchasing and information technology to reduce costs and make departments more user-friendly to those who deal with them -- and to give the public a "whole-of-government" feel.
    This in part revolves around the government internet portal (www.govt.nz), a one-stop entry to government services for suppliers and users. It is financed with a levy based on departments' size and computer procurement.
    One issue is what level of authentication is needed for different services -- a much higher level is required for access to tax records than exam results, for example. Another is to ensure people on "low-grade computers in rural areas" can access the system."

    Christchurch • Since Dec 2006 • 7953 posts Report Reply

  • Sofie Bribiesca,

    From the Twitter feeds at the side of this post, I'm totally impressed Keith hardly sleeps. Well done Keith.
    Bennett will use her usual dismissive, blame others, Nactional, mantra . There will be a few more on the unemployment queue, oh wait, on the unemployment file, oh wait....on the "client list"....

    here and there. • Since Nov 2007 • 6796 posts Report Reply

  • Ian Dalziel,

    the WINZ of whoa...
    I found this lovely WINZ PDF online - (from 2008 I think) Work matters, people count - towards 2012 in which they say stuff like:

    Our current way of working is at near capacity. Creating space for change means relieving parts of the system to ensure our service has room to change and our staff have space to contribute.
    We must:
    • review our systems end to end to reduce duplication, rework and wasted effort
    invest in technology to allow self help and streamline staff processing
    • build on the strengths of our culture as we change
    • do what we say we are going to do

    and they outline their values:

    Our people and the people we work with can rely on our values every working day:
    • we put people first
    • we team up with others to make a bigger difference
    • we act with courage and respect
    • we empower others to act
    • we create new solutions
    • we are ‘can do’, and we deliver
    • we honour achievement.
    Above all, we do the right thing for New Zealanders.

    and

    We value excellence in everything we
    do – not just what we do but how we do it.
    We know that excellence and consistency
    go hand in hand

    It's amazing what you can write when they're just words covering paper (or screen), no need to parse the content or intent, just let that PR flow...

    Christchurch • Since Dec 2006 • 7953 posts Report Reply

  • Warren Clark,

    This problem has been around for ages, I've been able to use the File -> Open dialog to start a command prompt on the local machine and one of the scarier things about this is these machines have usb plugs prominently on the front making it trivial for people to copy large amounts of data off.

    Whoever installed these terminals will soon be collecting a benefit themselves methinks.

    In the Lower Hutt. • Since Nov 2006 • 14 posts Report Reply

  • Rebecca Denton,

    This is such a joke. There are failures on so many levels. IT, developers, installation companies aside - I can't believe not one staff member in all the offices that ran kiosks flagged this issue.

    Are the people in these offices so computer illiterate? Working with private data they should certainly not be.

    United Kingdom • Since Oct 2012 • 5 posts Report Reply

  • Alex Coleman, in reply to Rebecca Denton,

    I can't believe not one staff member in all the offices that ran kiosks flagged this issue

    And the IT people? Surely they noticed that there was no internal security.

    Wellington • Since Nov 2006 • 247 posts Report Reply

  • Hilary Stace,

    3200 views in 10 hours overnight (is this a PAS record, Russell?)

    Wgtn • Since Jun 2008 • 3229 posts Report Reply

  • Rebecca Denton, in reply to Alex Coleman,

    Totally. Whoever ran the IT department has to resign. There is no way that person can be responsible for another day for that kind of private data.

    United Kingdom • Since Oct 2012 • 5 posts Report Reply

  • Ian Dalziel, in reply to Warren Clark,

    ...these machines have usb plugs prominently on the front making it trivial for people to copy large amounts of data off.

    ....or for a virus to get in - Stuxnet/duqu/flame anyone?

    Christchurch • Since Dec 2006 • 7953 posts Report Reply

  • pctek, in reply to danielpresling,

    No kidding. I'm just a tech, not a sysadmin, but even I know how bad that is. Plain text??!!
    And browsing network drives? Incredible.
    Still, doesn't surprise me, I have worked (contacting) for 2 other large Govt depts. It amazed me how lax they were.
    One was a project for a new system, I worked on a minor part but the time wasting, incompetence and outrageous money they charged for it was mind blowing.
    And then, having dealt with this local body since, the stuff that doesn't work on it.....well, how is it govt depts end up with such shit/

    Auckland • Since Oct 2012 • 1 posts Report Reply

  • Jonathan King, in reply to Ian Dalziel,

    It’s amazing what you can write when they’re just words covering paper

    Egg-zackly. "Excellence" is a word rendered almost entirely meaningless by being endlessly hammered by this kind of PR-speak.

    Since Sep 2010 • 185 posts Report Reply

  • Mia larsen,

    UUmmm Im looking for a job and I have been prosecuting Paula Bennett since November 2010, it just might be that one could be sitting in the system for me, an Advocate for the people on their rights whilst dealing with WINZ and have them pay me for it ! If Paula can use the system then so can I , I will be seeking her to resign over this and thats not all Judith Collins is next !

    rotorua • Since Oct 2012 • 4 posts Report Reply

  • Tim Michie,

    As soon as I woke up and heard the news I knew Keith had done us another great public service before they mentioned his name. I've said it before and I say it again: Good work Keith!

    Auckward • Since Nov 2006 • 614 posts Report Reply

  • Sofie Bribiesca, in reply to Hilary Stace,

    3200 views in 10 hours overnight (is this a PAS record, Russell?)

    And noobies?

    here and there. • Since Nov 2007 • 6796 posts Report Reply

  • Hamish,

    It is really hard to understate the size of the systematic failures that have been exposed by this. It smacks of expediency, and utter disregard of this proportion *can only* happen when there are failings at the highest governance level of the IT infrastructure.

    The A.K. • Since Nov 2006 • 155 posts Report Reply

  • Mia larsen, in reply to nzlemming,

    They didnt think since 1939 when the welfare was introduce, it was actually designed to claim our tribes childrens from them we maori call this extortion andd this shall come to light eventually !

    rotorua • Since Oct 2012 • 4 posts Report Reply

  • Mia larsen, in reply to Siena Denton,

    Shall I creat a brown paper bag bro and have my iwis take care of it for them...Haha

    rotorua • Since Oct 2012 • 4 posts Report Reply

First ←Older Page 1 2 3 4 5 26 Newer→ Last

Post your response…

Please sign in using your Public Address credentials…

Login

You may also create an account or retrieve your password.