User Posts • Public Address

Posts by Russell Clarke

Last ←Newer Page 1 2 3 4 5 Older→ First

OnPoint: MSD's Leaky Servers, in reply to Islander, 16:37 Oct 15, 2012

https://www.givealittle.co.nz/cause/msdleaks

-36.76, 174.61 or thereab… • Since Nov 2006 • 164 posts Report
OnPoint: MSD's Leaky Servers, in reply to Glenn Pearce, 16:12 Oct 15, 2012

"While he wouldn't provide any details we asked KPMG to begin penetration testing at this point and this testing has been accelerated and intensified.
...KPMG being the firm that failed to unearth this vulnerability before. Fills me with confidence that they'll do a great job.
KPMG were regularly engaged to conduct tests on the safety of MSD's systems and to attack them in a bid to highlight weak areas.
They had not found any issues.

-36.76, 174.61 or thereab… • Since Nov 2006 • 164 posts Report
OnPoint: MSD's Leaky Servers, in reply to Matthew Poole, 16:01 Oct 15, 2012

Given the levels of incompetence demonstrated thus far, what makes you think there's a password? ;)
I'd also wonder if anyone at MSD had the nous to disable the default account/password, which is easily google-able.
The problems here are less about technical weakness and more about good old-fashioned human incompetence. The most secure tech in the world is tits on a bull if it's set up and run by muppets.

-36.76, 174.61 or thereab… • Since Nov 2006 • 164 posts Report
OnPoint: MSD's Leaky Servers, in reply to Matthew Poole, 15:29 Oct 15, 2012

This article suggests they're running Curam's system for case management. http://www.msd.govt.nz/about-msd-and-our-work/newsroom/media-releases/2007/pr-2007-02-14.html
So it's Oracle or DB2 unless they have switched in the past few years.

-36.76, 174.61 or thereab… • Since Nov 2006 • 164 posts Report
OnPoint: MSD's Leaky Servers, in reply to Tom Beard, 13:15 Oct 15, 2012

Auditing every file and folder access across their network is is possible but unlikely. If they do, they can show us the evidence - the terabytes of access logs they have captured over the past couple of years...
So seeing such a rapid categorical denial that security has been breached is somewhat surprising.
I'm picking they don't just work using files - they'll have a case management system that has its own database, and probably does have some level of access logging going on. So while they're probably dissembling about security in general, they might be more assured about the case records in the system.

-36.76, 174.61 or thereab… • Since Nov 2006 • 164 posts Report
Hard News: Irony Deficient, 22:46 Oct 3, 2012

I can't believe you didn't mention Garth George in a post about satire. He always had me rolling in the aisles. And on the pews.

-36.76, 174.61 or thereab… • Since Nov 2006 • 164 posts Report
Hard News: We ... WHAT!?, in reply to Russell Brown, 09:54 Sep 4, 2012

I hope you're not using a mobile device while driving...although I'm not sure sitting in a traffic jam counts.

-36.76, 174.61 or thereab… • Since Nov 2006 • 164 posts Report
Hard News: We ... WHAT!?, 09:26 Sep 4, 2012

Perhaps a case of people hearing what they want/expect to hear.
http://en.wikipedia.org/wiki/Mondegreen#Psychology

-36.76, 174.61 or thereab… • Since Nov 2006 • 164 posts Report
Hard News: Friday Music: Dubious achievements, 13:20 Aug 31, 2012

Small correction, it's Enprise, not Enrise.

-36.76, 174.61 or thereab… • Since Nov 2006 • 164 posts Report
Hard News: Friday Music: When there were…, in reply to Jackie Clark, 18:22 Jun 22, 2012

played her B52s stuff on a loop. She survived.
Against all the odds, it would seem.

-36.76, 174.61 or thereab… • Since Nov 2006 • 164 posts Report

Last ←Newer Page 1 2 3 4 5 … 17 Older→ First