Posts by Keith Ng
Last ←Newer Page 1 2 3 4 5 Older→ First
-
OnPoint: #WTFMSD: "Damning", in reply to John Holley,
The report focuses on privacy when the bigger whole of government issue is the potential cascade of security breaches. The analysis of this seems to be entirely missing.
It's true. Not a conspiracy though - I just don't know what the story is. With the invoices, I can tell you how many invoices are contained on the servers, what they contained and what significance it has.
But the security context? True, it has the potential to compromise everything everywhere. But there are probably vulnerabilities elsewhere that has the same potential. The consequences are somewhere between nothing and everything, and I don't know what to do with that.
-
OnPoint: H4x0rs and You, in reply to Lilith __,
But surely if Keith hadn't sighted the files, he wouldn't know they were confidential, and if he hadn't copied them, he would've had no proof. There would have been no story. And the MSD security hole would remain wide open.
I've been meaning to clarify that point. It's come up elsewhere. It was not possible (or practical) to view the PDFs on the computer. If I didn't spend three days reading invoices, I couldn't have known what was in there. For every damning one containing sensitive information, there were a dozen invoices for milk and sausage rolls.
It wasn't enough to establish that there were *some* sensitive information somewhere on those servers, I had to establish *what* the nature of that sensitive information was. And there was a broad range of it. That was why I needed to go through so damn many, and that in turn was why I had to download them.
-
OnPoint: H4x0rs and You, in reply to john Drinnan,
Good thing about this blog is it removes blogger suggestion Paul Craig was fed to TVNZ by authorities. HDPA and Patrick Gower are both very solid journalists - and I wouldn't imagine they would use the term shit to describe your work
Ahem. "Sanctimonious bore", I believe, were the words Gower used to describe me when I suggested that he got it wrong. I'd argue that "shit" is no more aggressive than that.
Also: He got it wrong. Really wrong.
He bought the story he received by anonymous email - that Murray McCully was the victim of systemic hacking by a Russian group out to steal military secrets. It was a ludicrous thing to believe and to report for the reasons I described in my post. And, as it transpired, he was proven to be wrong.
He reported something which was wrong, and which would not have been plausible to someone with reasonable background knowledge. I think I'm on solid grounds to call that shit reporting.
I wouldn't go nearly as far with HDPA, but it's still a bit shit. We've been on friendly terms for most of the MSD story, but hey: without fear or favour, right? It's not personal, but she really didn't understand a lot of background and context. Treating Paul Craig as if he was a blackhat, or malicious hacker, or underground, or illegal or illegitimate is completely wrong. He is a professional security expert - they are also called hackers. Failing to distinguishing between the professional, legal hackers and malicious, criminal hackers is a serious failure.
Also, in my own defence, I'm not getting uppity because I broke a good story this week. I am being as much of a dick about the MSM this week as I have been for the past seven years.
-
OnPoint: H4x0rs and You, in reply to Russell Brown,
So what's your guess on whether anyone else suggested that dipshit misguided angle on Paul Craig to Heather Du Pleissis-Allan? Or did she come up with it on her own?
I suspect it's her own.
-
OnPoint: The Source, in reply to Trevor Nicholls,
By the way, do you know how much effort it takes to have a serious conversation with a government department?!
Well I could tell you how much money it *costs* to have a conversation with a government department... except the Privacy Commissioner would waterboard me.
-
OnPoint: The Source, in reply to DPF,
Did Ira suggest a specific amount or range to MSD, as a "reward"?
No. He asked if there was a system. He was expecting a set rate for vulnerability reports.
-
OnPoint: MSD's Leaky Servers, in reply to Robyn Gallagher,
Bloody hell. That's a shitty stereotype to perpetuate in the service of an opening gag. Everyone I saw down at the Willis Street office was usually nicely dressed!
I was in Newtown. Also: Ain't nothing wrong with dressing down. I do my best work terribly dressed.
-
OnPoint: MSD's Leaky Servers, in reply to Graeme Edgeler,
Thomas/Graeme: Yeah, what Graeme said. That's pretty much my defence. Except that those were self-service kiosks - not restricted to WINZ clients in any way.
-
OnPoint: Re: Education, in reply to Graeme Edgeler,
Truth to power. Public accountability with public money. Etc.
I think the point of contention here is that, instead of "truth to power", this is just "some bullshit interpretation of meaningless numbers to power".
-
OnPoint: Re: Education, in reply to Hamish,
Are the values clustered to the bottom left the special schools?
Yes. See http://dimpost.wordpress.com/2012/09/23/well-below-standard-in-analysis/