Posts by Rich of Observationz
Last ←Newer Page 1 2 3 4 5 Older→ First
-
OnPoint: MSD's Leaky Servers, in reply to Lucy Stewart,
You haven't met any IT security people? Their default first question about any new thing is "no, you can't".
-
OnPoint: MSD's Leaky Servers, in reply to cognitive_hazard,
Probably throw out all the hardware as well, in case the BIOS or firmware has been affected. And tear out all the network cabling, probably the power as well.
In fact, the very fabric of the buildings is probably tainted, they need to rip out the carpets, lino and wallpaper and burn them. Probably each and every WINZ office really needs to be razed and the ground sown with salt.
Wait, am I channelling Paula Bennett?
-
Legal Beagle: Kim Dotcom: all the fault…, in reply to Ian Dalziel,
I discovered the other day that GCSB has its own creche/preschool.
It's a pity they don't have a primary school as well:
Little Johnny: "What does your dad do then?"
Little Jimmy: "He's a spy"
Kids: "boring! All our dads are spies"
Little Johnny: "My dad's an estate agent"
Kids: "Liar!!" -
Hard News: Special Sources, in reply to Craig Ranapia,
Does that exclude the sort of pseudo-anonymity implied by: a senior state department official or that old standby White House sources?
I believe that's always a press secretary, speaking with the approval of their employer, but with neither wishing to be fully accountable for the statement.
-
OnPoint: The Source, in reply to Matthew Smith,
They'd have (one hopes) backups to restore from.
A better way to f..k up an organisation is to install scripts that gradually make subtle changes, like altering decimal values in a database table. By the time they find out, the backups will have rolled over.
-
OnPoint: The Source, in reply to Steve Barnes,
It's quite unlikely that there'd be competing offices from "Work and Income Molvania" or "Work and Income Falkland Islands".
If there were, I'd go to "Work and Income Switzerland", They get 80% of salary for the first year of unemployment. And a car.
-
OnPoint: MSD's Leaky Servers, in reply to nzlemming,
I guess, but that's usually just done at the equipment level. I'm told there are various rules depending on how near the site boundary you are, as well.
NZ is a trifle slacker. I've seen cordless phones being used in defence establishments.
-
I did a job once where the server (and all terminals) were in a copper lined room with an airlock like arrangement on the door to ensure that no bits could ever escape. Military, needless to say. No bloody rentacops guarding the place either - actual Royal Marines with the smarts to remember you as well as checking id.
-
OnPoint: MSD's Leaky Servers, in reply to Neil Graham,
Because of bugs, errors and omissions. Contrary to the cookie-cutter beliefs of many "hey I'm using an open source product so I won't have the problems of those clueless n00bs with M$" , anything can and will have bugs.
So you provide multiple layers of protection. You use a firewall that limits access by "outsiders", you secure access to machines, you run virus scanners and keep upgraded, you partition the system so one set of credentials doesn't unlock everything. Also, you consider appropriate security for the data/function being protected.
That way, the consequences of a fault anywhere in the system are limited.
-
It occurs to me that MSD's main failing, however, was in PR. They could have issued a short statement:
"Well done Mr Ng. Welcome to our honeypot network. You win a pot of honey"
