Last ←Newer Page 1 2 3 4 5 Older→ First

• OnPoint: MSD's Leaky Servers, in reply to Matthew Poole, 18:25 Oct 15, 2012

  You're touching on a complex area here, and one that doesn't have easy answers of the "my fave DB good, M$ bad" type.

  It's possible to configure MSSQL, along with most other databases, to run on a standalone server with password (or often public key) access. But then you've got a vulnerability to anyone who can access a client machine and find the config files.

  Using a trust relationship avoids that, but introduces a vulnerability if a trusted machine (or the authentication server) gets compromised.

  As with most other things, you need multiple layers of protection so that a failure at one level (which will *always* be possible) doesn't open the whole system up. That's what MSD failed to do.

  Back in Wellington • Since Nov 2006 • 5550 posts Report

• OnPoint: MSD's Leaky Servers, in reply to Matthew Poole, 16:23 Oct 15, 2012

  *All* mainstream databases (MSSQL, Mysql, Oracle, Postgres) are vulnerable to a user gaining access to the data files or even the backups.

  You can mitigate against this by encrypting at file system or column level, but that is unusual.

  Back in Wellington • Since Nov 2006 • 5550 posts Report

• OnPoint: MSD's Leaky Servers, 13:04 Oct 15, 2012

  It isn't as easy as people might think to control access to sensitive data in a big organisation, either. When you've got some place like a design shop, where everything's reasonably low-sensitivity apart from the payroll, it's easy. In MSD, nearly everyone needs access to sensitive data of some sort.

  Take accounts payable, for instance. They probably cut cheques centrally, but local offices have contractors sending in invoices for building work and the like. They'll have Joe Builder ringing up see when they're getting paid, and will need to see the invoices. Granting selective access for that could well have been treated as just too hard, so any manager can see any invoice. And then...

  Back in Wellington • Since Nov 2006 • 5550 posts Report

• OnPoint: MSD's Leaky Servers, 12:55 Oct 15, 2012

  You know what I think could have happened here:
  - they planned to do the job properly, with the kiosks on their own network with independent Internet access, not connected to the MSD backbone.
  - the network/change control/management process made that all just too hard (and there wasn't the budget)
  - someone realised you could just plug a PC into the wall of any Winz office with no change control needed

  "Security" thwarting security.

  Back in Wellington • Since Nov 2006 • 5550 posts Report

• OnPoint: MSD's Leaky Servers, in reply to James George, 12:52 Oct 15, 2012

  It's one of my main beefs about MacOS that you can't paste a path into a dialogue box - I work a lot in the shell, but if I want to email a file, I have to navigate right through the tree (often, it's easier to copy it to a suitable folder).

  Applications are (mostly) not intended to be security gates. Word definitely isn't.

  Back in Wellington • Since Nov 2006 • 5550 posts Report

• OnPoint: MSD's Leaky Servers, in reply to rodgerd, 11:53 Oct 15, 2012

  Or they pay market rates for new hires (because otherwise they get zero qualified candidates and wind up reliant on contractors) and then never give rises because "times are tough". So the only way to get a pay rise is to leave. That's fairly endemic.

  Also, the public sector has always paid a bit lower, but with the advantage of job security and feeling one benefits society. When the job securities gone and the purpose of the Minister in charge is basically to damage people's lives, that kind of goes away.

  Back in Wellington • Since Nov 2006 • 5550 posts Report

• OnPoint: MSD's Leaky Servers, 11:43 Oct 15, 2012

  A large number of people, possibly a majority, don't understand folders/directories at all. They save in the default folder each app presents, and get confused and call an expert if this changes (and mail attachments in Outlook totally screw them).

  That's why Google have de-emphasized the folder concept in most of their things, preferring to rely on categories, binding data to an application and search.

  Back in Wellington • Since Nov 2006 • 5550 posts Report

• OnPoint: MSD's Leaky Servers, 11:05 Oct 15, 2012

  It does strike me that after four years of cutbacks, redundancies, laughable or non-existent pay rises and general management bullshit, the tide of dontgiveafuck in most government departments (and quite a lot of private sector organisations) has risen to a fairly high level. Especially when government believes that non-customer-facing staff are a pointless tier of bureaucracy.

  Eventually, that impacts service.

  Back in Wellington • Since Nov 2006 • 5550 posts Report

• Field Theory: All. Black., 12:26 Oct 12, 2012

  it's a New Zealand brand

  Of a Japanese multinational (Mitsubishi nowadays, so if you get smashed on Steinies and wrap your Evo round a heatpump outside unit, they've won three ways).

  Back in Wellington • Since Nov 2006 • 5550 posts Report

• Hard News: The Advocate, in reply to Damian Christie, 08:59 Oct 12, 2012

  Nah, they drink a great deal of tea, and have managed in a lifetime's TV viewing to synchronise putting the kettle on with the ad break.

  Back in Wellington • Since Nov 2006 • 5550 posts Report

Last ←Newer Page 1 … 200 201 202 203 204 … 555 Older→ First