Posts by John Holley
Last ←Newer Page 1 2 3 4 5 Older→ First
-
Emma - your post cut me to the core. These continual attacks on our most vulnerable members of society are a terrible indictment on us all,
The test of the morality of a society is what it does for its children.
~Dietrich Bonhoeffer (German Pastor and Nazi opponent who died in a concentration camp) -
Sadly I think that Brian Edwards is fast becoming a GOB (Grumpy old bastard). I use to really respect his perspective on media matters but I am losing it pretty quickly - his disdain for Cameron Slater on Media3 being a case in point. (and I thought Cameron was much more reasonable)
-
Hard News: Media3: Bad News for the Force, in reply to
I have to challenge you there Matthew. Boozy parties? The long service awards are for just that, long service to the community, often putting your life on the line etc.
I have never seen a boozy medal ceremony - they are normally serious affairs and normally include acknowledgements to the person's family for the sacrifices they have also made.
If you were being sarcastic, I missed it, otherwise you have done a lot of people a significant disservice.
Disclosure: I have some of those awards for 30 years in the NZ Army and operational service overseas.
-
Hard News: The Wogistan form book, in reply to
I think it shows the success of MMP. Much as most of the country despise Prosser's comments there will be some in total agreement with him.
MMP means more diverse representation - and not just from the segments of society in the "middle ground." A measure of the success of MMP must surely be views being espoused from the political extremes, both left and right, rather than the shades of grey we got with the old centre-left/centre-right governments we use to get.
His statements upset most NZers, but surely the fact that he is in a position to make such statements, highlight what a diverse democracy we have?
-
I was involved, due to some forensic investigations I conducted, some years ago with a case.
I only found out well after the fact that the person had lied on to the Teachers Council when appearing in front of them. This allowed the person to get off without any penalty. I could never understand why I was not called to testify.
Some degree of openness is needed.
-
The report focuses on privacy when the bigger whole of government issue is the potential cascade of security breaches. The analysis of this seems to be entirely missing.
The MSD network was wide open for months and to assume that other people (domestic and foreign) did not gather material or utilises authentication trust relationships is just plain sticking your head into the sand. As Matthew Poole stated, you have to assume the entire MSD network is compromised. Logs won't necessarily show breaches as anyone trying to gain information, if they knew what they were doing, would be utilising trusted access e,g. accounts/passwords/trust relationships.
If the MSD network is assumed to be compromised then so are any other networks with trust relations with the MSD network and so on... the security breach cascade effect. For some, the MSD network could have just been the gateway into other Govt orgs that they were seeking to gain information from.
This is the biggest security breach in NZ Govt history but unfortunately everyone is focusing on the privacy breaches.
-
I think we should put all this in context with the level of obstruction and obfuscation that we are seeing around OIA and LGOIMA requests. Rather than having a more open and transparent central and local government we are getting the opposite.
When dealing with the supercity formation I was constantly surprised at the steps the ATA took to not divulge information and this was particularly supported by senior managers at Auckland City.
Many of the ATA managers came from Watercare, who was not subject to LGOIMA, and they certainly had no desire to be open with the public of Auckland. Some very senior people had to be told by DIA that, for example, as their expenses at the ATA were discoverable via OIA, things like lunches at the Northern Club on a Friday afternoon were out. (You can't LGOIMA the expenses of the Watercare CEO like you can do the CEOs of other Auckland Council CCO CEOs)
We have been left with an Auckland Council that has kept the closed attitude of the ATA and old Auckland City.
-
I know everyone is pretty much focusing on the privacy breach - and it is huge. But the more I think about this the more I agree with Matthew Poole (good piece on RNZ btw).
The bigger story here is the biggest security breach in NZ Govt history. Quite frankly we should be assuming that any of the information that was accessible from the kiosk (and Keith only took a small fraction), is 100% compromised and quite possibly in the hands of a foreign interests. (the security hole has been there for months)
The cascade effect from WINZ->MSD->the rest of Govt e.g. CERA, DIA etc., is something we need to highlight. It might all come to nothing but, as Matthew said, we have to assume the entire WINZ network (and networks with trust relationships) could have been/was compromised.
The mind boggles on the potential level of exposure we face.
-
OnPoint: MSD's Leaky Servers, in reply to
Especially as I think it was one of their staff who spoke at Defcon last year on hacking into kiosks!
-
Oh, and I forgot. Intrusion testing 101 is all about capturing IDs/passwords which allows you to cascade through the infrastructure via trusted logins. No need to attack the MSD, just head to a kiosk and browse for usercodes/passwords (users never store them in files do they?).
I have been involved with an organisation where within an hour the external testers had admin passwords due to a compromise of a network admin password which let them gain access to more secure systems.
Who knows what passwords where stored and available for inspection and use?
Yes, I may seem paranoid, but we do not live in a benign cybersphere!