Posts by Matthew Poole
Last ←Newer Page 1 2 3 4 5 Older→ First
-
OnPoint: MSD's Leaky Servers, in reply to Russell Clarke,
So it’s Oracle or DB2 unless they have switched in the past few years.
Curam Software is owned by IBM, which makes it likely that it'll be DB2. It almost certainly won't be MSSQL. So we're back to hoping that database credentials weren't stored in the clear on the network, which does move the odds of that system being compromised back towards betting territory.
-
Just got off the phone with RadioLive, who wanted comment and got some fleshed-out explanations in what was, I hope, lay speak. This is going to add an interesting complexion to things.
-
OnPoint: MSD's Leaky Servers, in reply to Russell Clarke,
they’ll have a case management system that has its own database, and probably does have some level of access logging going on. So while they’re probably dissembling about security in general, they might be more assured about the case records in the system.
At this point I'm going to start scaring some people: if the database is backed by Microsoft SQL Server, what I said about a domain administrator being God still applies. And even if it wasn't MSSQL, if access credentials to whatever is the database platform were stored on the network and could be found...
I'll caveat this by saying breaking in MSSQL will leave traces, but their being noticed relies on observant administrators. -
OnPoint: MSD's Leaky Servers, in reply to Hebe,
Would that compromised security reach outside MSD and its files into other areas of government?
It could potentially do so, yes. The reason I stepped up from WINZ to MSD is that there's quite possibly a trust relationship that extends to domain administrators, and even if there's not that level of trust there's probably sufficient trust to allow cross-domain sharing of files which could then extend a compromise. That's the nature of that particular operational relationship. If there are trust relationships further into other agencies, it could similarly be escalated. At some point this scenario becomes implausible, and I'm not willing to even start speculating on other agencies that might have the necessary relationships to expose this vulnerability, but I imagine there are some very worried InfoSec officers.
-
OnPoint: MSD's Leaky Servers, in reply to rodgerd,
Mark, if you can access the VM images, then you have the Windows SAM files within those images, which mean you will be able to get domain admin logins as quickly as you can crack them.
Bingo bango bongo, we have ourselves a winner. I believe that the entire WINZ network, and probably the entire MSD network, should be considered to be fully compromised.
What do I mean? I mean that every server and workstation should be considered to be accessible and controllable by people who are not employees of the WINZ/MSD system administration team. For the uninitiated, a domain administrator is God within the boundaries of their network. Potentially they are God within the boundaries of networks that have special relationships with the primary network.How serious is this? Unless there is fine-grained auditing of the use of access privileges – meaning a written record of every time a privileged account logs in or does something that’s beyond the capabilities of an ordinary user – there is no way to know what has been done. And a person who’s conducting a full attack can always erase the audit logs, which shows up but it still removes the evidence. As God, someone could install software on servers to track password changes, watch particular files or directories, or any number of other things. It looks like the firewall may have been easily accessible – a virtual computer, rather than a dedicated piece of hardware – which would let an attacker configure the firewall to allow them to upload anything they wanted, to anywhere they wanted, and leave no record. And even if that wasn’t possible, there’s always the old fall-back of plugging in an external hard drive and doing what Keith did: copying things off.
And what does that all mean? It means that every backup all the way to when the kiosks were installed is an unknown quantity. Recovering from this isn’t just a matter of fishing out the last backup tapes and reinstalling the computers. It means installing all the computers. From scratch. Using media that hasn’t been stored on the network. It means that no data on the network can be trusted, unless it checks out when compared to data from backups that were created and stored off the network before the kiosks were installed.
Am I being paranoid? I don’t think so, to be quite honest. I was an IT security auditor in a recent past life, and a network and system administrator before that. Were I a WINZ IT administrator I would be saying exactly the same things. I know how easy it is to escalate from being a local user to being a domain admin, without the benefit of stored passwords, and I know what can be done once one is a domain admin.
ETA: Also, given that Keith was able to drag out data from computers that were across the network it's possible that the kiosk's local SAM file (a local cache of network credentials) could have been copied off to a USB key. It's only necessary to be a local administrator to achieve that, and making that happen would've been straightforward, I'm sure.
-
OnPoint: MSD's Leaky Servers, in reply to Martin Lindberg,
Still, you would require write-access to the files, which I don’t think has been established.
If you can edit the file (that is, open it and then save changes), you can probably overwrite it with a file of the same name. Particularly since default permissions are grouped as "read only" or "read/write" and anything else requires work by administrators who don't appear to have cared very much.
-
Legal Beagle: Kim Dotcom: all the fault…, in reply to DexterX,
Shearer could as part of the Committee ask someone from GCSB, the Minister in charge all mmanner of people a version of the question – “WTF is going on?”, and expect an answer.
Sadly, the only person Shearer is allowed to question in any detail is the Minister. As I've outlined above, the Committee is utterly toothless when it comes to really holding feet to fires.
-
Legal Beagle: Kim Dotcom: all the fault…, in reply to Kyle Matthews,
Well you could say that about all select committees, I’m not sure it applies more to this one.
Only about committees where the PM is the Minister who's being held to account for their departments'/ministries' performance. Which is very, very few portfolios, and the only portfolio that is traditionally in the hands of the PM is Intelligence and Security. Certainly there is no other portfolio that is both shrouded in secrecy and the PM is the holder of the relevant ministerial warrant.
As Graeme says other portfolios have other ways to hold ministers to account, such as public flogging by the media, but this particular portfolio rarely makes the news and certainly doesn't make the news with any level of detail about precisely what's going on therein.
-
Legal Beagle: Kim Dotcom: all the fault…, in reply to Sacha,
but he’s not in charge, honest
The law certainly disagrees, even if the PM tries to argue otherwise.
The GCSB Act says at s8(3): The performance of the Bureau’s functions is subject to the control of the Minister.
The NZSIS Act says at s4(1): Subject to the control of the Minister, the functions of the New Zealand Security Intelligence Service shall be...And for both agencies, the Minister is currently the PM.
-
Oh, and it gets better when one examines the functions of the Inspector General and discovers that the IG is not allowed to just look into anything at any time but, rather, can only look into certain matters at will. Things such as possible "impropriety" on the part of the intelligence agencies can only be investigated if the Minister concurs.