Hard News by Russell Brown

Read Post

Hard News: Dirty Politics

2228 Responses

First ←Older Page 1 2 3 4 5 90 Newer→ Last

  • Sacha,

    See !

    Ak • Since May 2008 • 19264 posts Report Reply

  • JLM,

    Thanks Russell! Sometimes Twitter is just a bit too brief...

    Judy Martin's southern sl… • Since Apr 2007 • 237 posts Report Reply

  • Daphne Lawless,

    LOL. Once more, Anon delivers.

    Slater is Hyde to Key's Jekyll.

    Auckland • Since Nov 2013 • 6 posts Report Reply

  • Sam M,

    The last line of your post sums up my thoughts. While we can all hope such revelations would have political implications, I fear most of NZ will just shrug their shoulders and consider it to confirm their view on all politicians.

    Auckland • Since Nov 2006 • 63 posts Report Reply

  • Amanda Wreckonwith,

    National Party have ordered an emergency drop of squirrels.
    The usual suspects will be pointing them out to you in due course.
    Please stand by...

    Since Sep 2012 • 171 posts Report Reply

  • SHG,

    ...denial of service attack, which took his site out for two days.

    But it did more than that. It provided access for unnamed persons to retrieve a trove of correspondence between Slater, Ede and other senior figures

    I just don't see how that's possible. Unless Slater was running a mailserver and/or storing archived correspondence on the same box as his webserver, which would be fucking retarded for a site like his.

    nup • Since Oct 2010 • 63 posts Report Reply

  • Sacha, in reply to SHG,

    not even his mum claimed he's a genius

    Ak • Since May 2008 • 19264 posts Report Reply

  • Russell Brown, in reply to SHG,

    just don't see how that's possible. Unless Slater was running a mailserver and/or storing archived correspondence on the same box as his webserver, which would be fucking retarded for a site like his.

    That was what I thought.

    Auckland • Since Nov 2006 • 21915 posts Report Reply

  • Sofie Bribiesca, in reply to Russell Brown,

    That was what I thought.

    Aren't hackers any good these days?

    here and there. • Since Nov 2007 • 6796 posts Report Reply

  • Russell Brown, in reply to Sofie Bribiesca,

    Aren't hackers any good these days?

    There is some indication that people in the local hacker community have also had the documents.

    Auckland • Since Nov 2006 • 21915 posts Report Reply

  • Anonymous Coward,

    Assuming whoever set his systems up isn't a complete nonce and didn't deploy all the components on a single internet-facing host, the most likely scenario is that either the DDoS attack is a read hearing, and the email was exfiltrated by other means, or the web server was compromised as part of the DDoS and was used to stage attacks on other hosts on the network. Maybe they guessed or got hold of the admin passwords, maybe they exploited an application or OS vulnerability.

    Wgtn • Since Apr 2008 • 6 posts Report Reply

  • Nick Kearney,

    That was what I thought.

    Me too. I don't believe it.

    North Shore, Auckland • Since Nov 2006 • 71 posts Report Reply

  • Russell Brown, in reply to Nick Kearney,

    I’ve been tweeted by someone who said he wasn’t surprised because “some of us have the site”.

    Same person says the reason that Peter Dunne wasn’t sacked for leaking the GCSB report is that Key already knew he’d done it. And says he hasn't read the book.

    Auckland • Since Nov 2006 • 21915 posts Report Reply

  • Sacha, in reply to Nick Kearney,

    I don't believe it.

    We've already had that line over Brash's emails..

    Ak • Since May 2008 • 19264 posts Report Reply

  • Hebe, in reply to Amanda Wreckonwith,

    National Party have ordered an emergency drop of squirrels.
    The usual suspects will be pointing them out to you in due course.
    Please stand by...

    Loud thumps in Wellington will not be seismic activity; just the sound of bodies being hurled over parapets.

    Christchurch • Since May 2011 • 2873 posts Report Reply

  • Paul Campbell,

    There is some indication that people in the local hacker community have also had the documents.

    well then i look forward to them showing up on wikileaks .... runs off to check

    .... not yet

    Dunedin • Since Nov 2006 • 2519 posts Report Reply

  • SHG,

    “some of us have the site”

    There is no sensible reason for correspondence to have ever been anywhere near the site. I can't see a connection between "site hacked" and "access to emails".

    nup • Since Oct 2010 • 63 posts Report Reply

  • Sofie Bribiesca,

    Most great “scoops” by gallery jouraists are fed to them. Their jobs simply don’t permit real, long-game investigation.

    That's a cop out . How about they stay up a bit later and do some research. By the time their gossip goes to print the comments section that follows shortly after carries new info that has cause for good argument against what's printed thus rendering that gallery journo pointless. Chief Political Commentator my arse. Business Analysis. My arse. Tory, definitely.

    here and there. • Since Nov 2007 • 6796 posts Report Reply

  • SamC, in reply to SHG,

    There is no sensible reason for correspondence to have ever been anywhere near the site. I can't see a connection between "site hacked" and "access to emails".

    The scenario I would imagine is that to save money, everything was put on one server (it's possible it was multiple virtual machines on a single physical host, or just one big host). The email server was not publicly accessible under normal circumstances, but once the server was compromised, it was simple to get a hold of them. Slater was using it has his personal email host, and hadn't deleted/archived for some time.

    You might think "how could anyone be so stupid?" but presumably it wasn't Slater's call (he probably just skimped on the IT consultants). But such security setups are ridiculously common, particularly for people doing it on the cheap. If they were really doing it right, they would've encrypted all emails anyway.

    The worrying thing is, what happens when these sort of people wise up and use some pretty trivial measures, like properly secured servers and encrypted emails. This sort of leak just won't be possible, so we'll only have suspicions to go on.

    Since Aug 2014 • 3 posts Report Reply

  • Danyl Mclauchlan,

    Weirdly, most of the correspondence seems to be Facebook chats, which I can't quite see how would possibly be hacked using a DDOS attack on the WhaleOil site.

    Wellington • Since Nov 2006 • 927 posts Report Reply

  • Balance, in reply to SHG,

    I can't see a connection between "site hacked" and "access to emails".

    Think in terms of the weakest link. A hacked server can provide a privileged platform to attack a client machine, typically a site admin's personal computer, which in turn could spill the beans for log in credentials to other services, such as a webmail account. Practicing good computer security is awfully difficult (and, alarmingly, inconvenient), and I wouldn't be surprised if the alleged victim(s) have no real idea what they're doing.

    Since Aug 2014 • 4 posts Report Reply

  • DeepRed, in reply to Hebe,

    Loud thumps in Wellington will not be seismic activity; just the sound of bodies being hurled over parapets.

    Or guillotine blades falling.

    The southernmost capital … • Since Nov 2006 • 5239 posts Report Reply

  • Paul Campbell,

    Dunedin • Since Nov 2006 • 2519 posts Report Reply

  • SamC,

    Weirdly, most of the correspondence seems to be Facebook chats, which I can’t quite see how would possibly be hacked using a DDOS attack on the WhaleOil site.

    Could be that passwords were obtained by hacking into his web server, which were used to access Facebook, etc. Lots of people use the same password on every site.

    Since Aug 2014 • 3 posts Report Reply

  • Andre Alessi, in reply to Danyl Mclauchlan,

    I'm guessing here with very little concrete evidence, but I would assume Slater hired someone(s) to come to his place and provide tech support during/after the attack. It's unlikely he does his own tech support. That opens up additional avenues as to how information was accessed.

    Devonport, New Zealand • Since Nov 2006 • 864 posts Report Reply

First ←Older Page 1 2 3 4 5 90 Newer→ Last

Post your response…

Please sign in using your Public Address credentials…

Login

You may also create an account or retrieve your password.