Posts by duke
Last ←Newer Page 1 2 3 4 5 Older→ First
-
OnPoint: MSD's Leaky Servers, in reply to
I can’t see how it would be anything to do with the kiosk image. I mean, sure, the fact the USB was unlocked is a concern from a workstation security point of view (viruses, anyone?), but may have been a requirement for other reasons.
The hole will be related to what account is used to run the kiosk, whether that was baked in at installation time or (
Quite; this is def an AD (Active Directory to the curious non nerds) mis config. Apologies it seems multi tasking is not conducive to my root cause skills.
However one would think the Kiosk image should have been locked down a wee bit more than it appears to be.
-
Good ole RadioNZ just reported that the Kiosk system was previosuly audited by a private contractor (missed the name) whom obviously failed to detect the completely fucked implementation.
Massive fail on top of massive fail.
-
OnPoint: MSD's Leaky Servers, in reply to
It’s that bad? Would that compromised security reach outside MSD and its files into other areas of government?
Potentially yes. However one would sincerely hope that this level of incompetence is not commonplace across our govt depts.
Highly unlikely the breach has compromised systems outside of the MSD network. But without knowing the network topology and policies..
-
OnPoint: MSD's Leaky Servers, in reply to
Yes, but I can’t see that Keith tried to write/edit/save anything.
Write = save = paste (kinda); which he had to do to put the files on the USB!
-
OnPoint: MSD's Leaky Servers, in reply to
Bingo bango bongo, we have ourselves a winner. I believe that the entire WINZ network, and probably the entire MSD network, should be considered to be fully compromised.
Let's not get carried away. I'll also bet the core CRM app is not directly affected by this issue (we hope).
Though arguably if Admin passwords were compromised a skilled hacker could go nutts; he'd still need physical access to the network and a machine and a fair bit of quite private nerd time.
-
OnPoint: MSD's Leaky Servers, in reply to
If you can edit the file (that is, open it and then save changes), you can probably overwrite it with a file of the same name
Yup. In case you weren't aware saving = write to disk. Hence read/write privilege.
-
OnPoint: MSD's Leaky Servers, in reply to
Has anyone weighed in on whether this was due to kiosks with Admin privileges, or an MSD-wide problem where any employee could look anywhere on the network?
+1
I'm guessing the former. Someone made a big mistake on the template Kiosk image.
-
OnPoint: MSD's Leaky Servers, in reply to
No problem. Just drop a file with the same name into the open file dialogue box. Microsoft has effectively turned that dialogue box into a slim file-manager.
It's been a while however I'm sure open/save dialog boxes call explorer.exe (Windows Explorer probably best known as via the 'My Computer' / 'My Documents/Pictures/Music' icons to noobs). Calling means uses; Windows apps (all? excluding java apps at least) call the file explorer to complete the save/open process. Copy/Cut/Paste are all valid either via right click or keyboard shortcut if not menu drop down.
All very obvious as Keith clearly used this facility to transfer the files to his USB stick.
As has already been pointed out this is an incredible display of either complete incompetence by the system implementer or top down endorsed mad fail.
-
OnPoint: MSD's Leaky Servers, in reply to
Totally. To ignore testers suggests that a due process was actually overridden, rather than the processes being neglectfully weak in the first place.
Par for the course in the Natz delivered climate of fear subsuming our public service thanks to their foolish, crippling budget cuts. DOC is being well and truly violated; while much if our windefrul and unique biodiversity is in free fall decline.
Trickle down does exist; but only for poisinous shit policies.
-
OnPoint: MSD's Leaky Servers, in reply to
A computer’s just a tool that I use to do my job and other things that I find interesting. Just like my car, I can do basic things like loading new software, and sorting out a printer connection, and changing my desktop picture, but that’s about it. I don’t want to spend effort understanding the rest or fiddling about with it, so I hand those tasks over to experts.
Given the way things are headed, scratch that, how they _are_ (ubiquitous computing. It may be wise to revise the wilful ignortanc attitude "just a tool". Knowledge will set you free Deb. Or deliver confidential WINZ info unto thee enlightened.