Regarding any remedial works, well, who knows if they'd go the full range of reimaging anything that could have been touched by that account.
Definitely a full password reset regime for any admin/service accounts, and end-users asap. Full server scans for any malware/viruses, full file audit of any file store accessible from the problem account(s) with particular focus on anything potentially executable.
That doesn't solve any backdoors, VM image SAM hacks or other exploits that may have found their way onto the boxes. How much money will they spend? Nuke from orbit, or do the basic remedial actions and cross fingers no nasty surprises will raise their heads later (high-9s likelihood this will be sufficient. Is that enough?)
I can't see how it would be anything to do with the kiosk image. I mean, sure, the fact the USB was unlocked is a concern from a workstation security point of view (viruses, anyone?), but may have been a requirement for other reasons.
The hole will be related to what account is used to run the kiosk, whether that was baked in at installation time or (mis)configured later.
ETA: if they used a domain admin-type account or something over-elevated to join the computer to the domain or similar, which wasn't subsequently changed, that's where the kiosk installation could be relevant. Still an account issue.
Since "successful file access" auditing isn't enabled by default on Windows boxes, I'd say it's extremely likely there is no record of what accounts have accessed which files.
I'm still appalled that these kiosks weren't set up as "kiosk-style" machines, of which there are copious examples around the place, with accounts that are basically "guest" accounts (assuming they need to be in the Windows security domain for other reasons). To compound that with editable file permissions is unbelievable, since a user with access to a share has "read" access by default. Of course, users can be members of groups with greater access, but they have to be put into those groups.
So either someone didn't configure the account(s) properly (which frankly, is the "easy" solution), and they or the person who developed the faulty process should be fired, or a whole bunch of people up the chain signed off on this security breach. And yes, as a lowly techie, I would have kept the arse-covering material that said "do it like this" with authorisations.
As for the ease of how to do this, and to continue the car analogy, the relative skill would be like someone who's comfortable with doing an oil change and oil filter replacement. Basically, not very difficult for someone with slightly extended knowledge of computers on enterprise networks. Possibly even less, because someone could inadvertently bring up that dialogue in Word and start clicking around from curiosity.
I also disagree with the point that someone would have to know what they were looking for to get any use out of this. Copying all those sensitive files to a USB and uploading to Wikileaks or a similar organisation would have been trivial. Or poking around and making edits to files just for "fun".
I buy scented candles AND craft beers. OMG. I would probably make the Moa marketing execs brains implode.
Oh, well, they haven't seen my money since last year, so at least I won't be another customer fuzzying up the issue of lady parts + liking to drink decent beer.
That's exactly it, Morgan.
And thank you, Emma. Ok, they are riding on the 50 Shades of Shite bandwagon, but yeah, keep it in the porn/erotica world, not the mainstream, where it's just - to resurrect a fun phrase - reinforcing the norms of the patriarchy. No, it's not witty and subversive here.
I don't know about the linked blog as a whole, but it quotes the an article by Meurant about his change of heart about some areas of his life, including police culture and actions. http://www.police-corruption.com/nz-warned-regarding-anti-terror-legislation/
In short, people can reflect, and change their views.
While he's a fun piece of ginger up the backside of certain politicians right now, I wouldn't want him actually running the country. Winnie and Hide in unholy synergy....
I think Anil Dash expressed the best perspective on the uses of site moderation: If your website's full of assholes, it's your fault
Yes, can we please not blanketly discuss these offenders and the treatment programmes in exclusively black and white terms?
I was a victim of sexual abuse as a child. I have had a young family member recently complete a programme as an offender. Let me tell you, finding out about his offending rang a lot of bells for me.
However, for him, receiving that treatment was the best thing for him. His offense was not anywhere near Murray's league; he is young enough and the signs are very encouraging that it will work.
I strongly believe that lumping my young family member into the same regime Murray should be subjected to - preventative detention, if it were available - or the arsehole who abused me (prison, I wish) would be incredibly counter-productive. Where possible, rehabilitation/treatment should be the primary objective.
Perhaps even more so in abuse cases, because of that trail of damage they leave behind. Universal witch hunts would not be conducive to the aim of catching them young and treatable.
Not exactly, it isn't. Celebrants and ministers can take the marriage vows and declarations that comprise a legal ceremony.Sure, it still needs to be registered, but a registrar is not required to hear the declaration (witness the oath, so to speak) if an approved celebrant has.
In Germany, and possibly other European countries, a celebrant's role is purely ceremonial. And has no legal relevance.