Posts by Matthew Poole

Last ←Newer Page 1 2 3 4 5 Older→ First

  • OnPoint: MSD's Leaky Servers, in reply to Islander,

    Toss in that my current ADSL2+ connection has degraded from stable at 20-21Mbps to unstable at even 7Mbps and Orcon don’t have the foggiest idea what’s wrong (though I finally got a Chorus tech who agrees with my assessment that it’s something occurring at the exchange), and you can understand my ire.

    Auckland • Since Mar 2007 • 4097 posts Report

  • OnPoint: MSD's Leaky Servers, in reply to BenWilson,

    I have a fiber connection in my home that took two techos a day to install

    Yeah, well, screw you. I have UFB fibre running right past my house, courtesy of the school that's three doors up the road, and Chorus' map shows that we're one intersection (about 150 metres) south of where they plan to make UFB available within the next two years. TWO YEARS the bastards!

    Auckland • Since Mar 2007 • 4097 posts Report

  • Hard News: Special Sources, in reply to Sacha,

    The part about not wanting to ask her staff directly sounds awfully familiar

    Yes, it's become a National standard.

    Auckland • Since Mar 2007 • 4097 posts Report

  • OnPoint: MSD's Leaky Servers, in reply to Sacha,

    governance stakeholders

    exactly

    And, worse, political stakeholders. This is an organisation that is very, very politically-influenced, and is being expected to do more with less. Cutting spending on IT is a first-reaction move in the public and private sectors, because it's easy to do and doesn't really hurt in visible ways. When told that the pet IT system that's going to free up thousands and thousands of person-hours is fundamentally insecure, the immediate reaction will be to examine the IT budget (because the project's budget is well and truly spent) to look for the money to make it secure. If that money ain't there, it's not going to sit well politically to go begging for more money.

    Auckland • Since Mar 2007 • 4097 posts Report

  • OnPoint: MSD's Leaky Servers, in reply to BenWilson,

    Whilst at the same time not knowing how bad it is.

    We’ll never, ever know how bad (or otherwise) it is currently, but the vulnerable children database being attached to such an insecure system would have made it more bad. I don’t need to be able to quantify “bad” to know that there is a completely foreseeable way in which it could be worse.

    Auckland • Since Mar 2007 • 4097 posts Report

  • OnPoint: MSD's Leaky Servers, in reply to BenWilson,

    You can’t rule out that “ne’er do wells” could have done a whole lot already.

    Given that I've been broadcast on radio as saying I believe the entire network should be treated as though the ne'er-do-wells have been running rampant since the kiosks were installed, I'm hardly ruling it out. However, because there was no security we now know about this. If there had been a fig leaf this situation might have continued, potentially with the vulnerable children database being installed into the same network or with a degree of trust that would have made it accessible. So, yes, I do think it could've been worse.

    Auckland • Since Mar 2007 • 4097 posts Report

  • OnPoint: MSD's Leaky Servers, in reply to Rich of Observationz,

    The black helicopters will be with you shortly.

    Auckland • Since Mar 2007 • 4097 posts Report

  • OnPoint: MSD's Leaky Servers, in reply to BenWilson,

    Even if there was just a weak password on the network access, that would have been a million times more secure, and most likely this news story would never have happened.

    In many ways that would have been worse. The illusion of security would have been preserved, Keith would never have been tipped off, and any ne'er-do-well who was inclined to spend the limited time required to break the password might never be discovered.

    Auckland • Since Mar 2007 • 4097 posts Report

  • OnPoint: MSD's Leaky Servers, in reply to Neil Graham,

    Clearly talking to cross purposes. To a network engineer, physical separation means distinct cables that, if they talk at all, talk through a firewall. Logical separation would be VLANs with a shared switch and shared cable and a firewall (ETA: or router) in between the VLANs. Using wifi to create a bridge just gives you a dual-homed host rather than building a single network, just like you’d be dual-homed with two network connections (be they physical or logical) coming into the back of your computer over UTP.

    And we don’t see the internet as one big, physical network because there are hand-offs of control over the physical infrastructure. The demarcations between owners of physical networks are the borders. I can see how you’d get confused if you see the world as a single physical network.

    Auckland • Since Mar 2007 • 4097 posts Report

  • OnPoint: MSD's Leaky Servers, in reply to Neil Graham,

    Ultimately all of the privilege restrictions need to be explicit and in software (or firmware in the case of some dedicated boxes).

    But see, here’s the thing. I know, and I’m sure you know, that escalating privilege through software bugs or hardware tampering is pretty damned easy. I’ve spoken already of the demo I saw where a tester had a local account on a computer and was able to turn that into domain administrator access within 15 minutes. That was testing a bank’s computers. Software is easily broken. Getting electrons to jump is really, really hard. If I’m sitting in front of a computer I can probably get myself administrator access by rebooting it and performing a password reset. Bang, there’s that security gone. Once that’s done I can take a copy of the local password files and crack it at my leisure. Do that, and I own the network. Or, at least, I own as much of the network as is within my reach. If there’s a firewall in the way and no way for me to connect to it and reconfigure I have to try and break my way through the firewall, probably setting off an alarm in the process, and then make use of my new-found access. Or, more likely, I have to start again at breaking into another system remotely.

    You appear to believe I think the only thing WINZ should have done was segregate these kiosks. It’s not, but if they had done nothing except segregate them this would not have happened. Could not have happened.

    Auckland • Since Mar 2007 • 4097 posts Report

Last ←Newer Page 1 106 107 108 109 110 410 Older→ First