OnPoint: MSD's Leaky Servers
629 Responses
First ←Older Page 1 2 3 4 5 … 26 Newer→ Last
-
Chris Miller, in reply to
It would be pretty shitty if you had to be a WINZ client to use those considering how many people have been booted off benefits and have no actual income. Real unemployment figures are higher than who's on unemployment.
-
Keith, do you know how widespread the knowledge of this is? You said you were alerted to it by someone else, and tomj mentions his friend knew about it. RadioNZ have just mentioned a memo of a risk over a year ago.
-
Listening to Keith in an interview with Rachael on TV 3...absolutely incredulous.
Vulnerable children and the types of medication like anti-depressants...tummy churning stuff.
Legal bills from lawyers who act on behalf of MSD...Benefit fraud unit etc, etc
The attempt of a person to commit suicide...Bennett's 'White Paper' she can take it and wipe her own bum with it!
-
Does anyone know the significance (if any) of Mountain Standard Time reference on one of the captures? It seems strangely out of place.
-
Bravo, Keith – brilliant work.
While Keith was working on this, here’s what the Dom Post had on its front page on Saturday:
ANIMALS BEHAVING BADLY …
• A rhinoceros at Auckland Zoo was having mud applied to a head wound when he took fright, catching the keeper’s ankle and knocking him into a wooden post.
• A child was bitten by an otter while leaning over an enclosed barrier.
• A wallaby being restrained kicked a keeper in the arm at Auckland Zoo,
• A capuchin monkey escaped twice but was quickly captured.–
Incredibly people seem to still not grasp the enormity and ineptitude of all this: the privacy woman on the radio saying “we need to investigate to see if any info has been accessed …” – it’s been wide open for so long surely it’ll be impossible to tell what has been easily accessible for quite some time.
And a bit sad how proudly MSD are saying “there was a hole flagged a year ago and the system was completely rebuilt."
-
Ian Dalziel, in reply to
Witty Leaks...
I would love to see them go after him for this. LOVE TO. He may well have technically broken the law but public opinion if they tried to charge him for it could get very messy.
Well, Power got rid of that "Greater Good" defence before he left for Westpac and handling the Gov'ts banking - Keith has 'burst their bubble' - they'll probably want to make him pay to fix it up, just as they did with the Ploughshares guys at Waihopai... They're a vindictive bunch (Nat Gov't), and don't like people showing them up, especially when they desperately need showing up!
Still, I hear those private prisons are easy to get out of, and the operators just have to pay a fine (well for the next 25 years anyway...)
;- )
-
Ben Curran, in reply to
I just hope someone somewhere has still got the cover your ass email/memo where they pointed this lack of security out years ago but were told the solutions were too expensive.
If I was a sys admin with this, I'd be presenting front and centre about now.
-
Mat, in reply to
I'm worried about how short the administrator passwords are. It almost looks like they're the same as the registered owner, altiris.
Altiris is a horrific self-service provisioning utility by Symantec. Chances are, these are not the end passwords but just the ones used during the build phase of a new VM.
-
Ian Dalziel, in reply to
The bucket list, dear Liza...
And a bit sad how proudly MSD are saying “there was a hole flagged a year ago and the system was completely rebuilt.”
Do we know who rebuilt it, or first installed it, (any history at all?).
Was this the another one of the Government's (not sure which one) expensive white elephant computer systems, late and over budget, like others before....Colin James had an interesting assessment of some of the changes Trevor Mallard / Labour was making back in 2003:
"Mallard is also driving the standardisation of government computer purchasing and information technology to reduce costs and make departments more user-friendly to those who deal with them -- and to give the public a "whole-of-government" feel.
This in part revolves around the government internet portal (www.govt.nz), a one-stop entry to government services for suppliers and users. It is financed with a levy based on departments' size and computer procurement.
One issue is what level of authentication is needed for different services -- a much higher level is required for access to tax records than exam results, for example. Another is to ensure people on "low-grade computers in rural areas" can access the system." -
From the Twitter feeds at the side of this post, I'm totally impressed Keith hardly sleeps. Well done Keith.
Bennett will use her usual dismissive, blame others, Nactional, mantra . There will be a few more on the unemployment queue, oh wait, on the unemployment file, oh wait....on the "client list".... -
the WINZ of whoa...
I found this lovely WINZ PDF online - (from 2008 I think) Work matters, people count - towards 2012 in which they say stuff like:Our current way of working is at near capacity. Creating space for change means relieving parts of the system to ensure our service has room to change and our staff have space to contribute.
We must:
• review our systems end to end to reduce duplication, rework and wasted effort
• invest in technology to allow self help and streamline staff processing
• build on the strengths of our culture as we change
• do what we say we are going to doand they outline their values:
Our people and the people we work with can rely on our values every working day:
• we put people first
• we team up with others to make a bigger difference
• we act with courage and respect
• we empower others to act
• we create new solutions
• we are ‘can do’, and we deliver
• we honour achievement.
Above all, we do the right thing for New Zealanders.and
We value excellence in everything we
do – not just what we do but how we do it.
We know that excellence and consistency
go hand in handIt's amazing what you can write when they're just words covering paper (or screen), no need to parse the content or intent, just let that PR flow...
-
This problem has been around for ages, I've been able to use the File -> Open dialog to start a command prompt on the local machine and one of the scarier things about this is these machines have usb plugs prominently on the front making it trivial for people to copy large amounts of data off.
Whoever installed these terminals will soon be collecting a benefit themselves methinks.
-
This is such a joke. There are failures on so many levels. IT, developers, installation companies aside - I can't believe not one staff member in all the offices that ran kiosks flagged this issue.
Are the people in these offices so computer illiterate? Working with private data they should certainly not be.
-
Alex Coleman, in reply to
I can't believe not one staff member in all the offices that ran kiosks flagged this issue
And the IT people? Surely they noticed that there was no internal security.
-
3200 views in 10 hours overnight (is this a PAS record, Russell?)
-
Rebecca Denton, in reply to
Totally. Whoever ran the IT department has to resign. There is no way that person can be responsible for another day for that kind of private data.
-
Ian Dalziel, in reply to
...these machines have usb plugs prominently on the front making it trivial for people to copy large amounts of data off.
....or for a virus to get in - Stuxnet/duqu/flame anyone?
-
pctek, in reply to
No kidding. I'm just a tech, not a sysadmin, but even I know how bad that is. Plain text??!!
And browsing network drives? Incredible.
Still, doesn't surprise me, I have worked (contacting) for 2 other large Govt depts. It amazed me how lax they were.
One was a project for a new system, I worked on a minor part but the time wasting, incompetence and outrageous money they charged for it was mind blowing.
And then, having dealt with this local body since, the stuff that doesn't work on it.....well, how is it govt depts end up with such shit/ -
Jonathan King, in reply to
It’s amazing what you can write when they’re just words covering paper
Egg-zackly. "Excellence" is a word rendered almost entirely meaningless by being endlessly hammered by this kind of PR-speak.
-
UUmmm Im looking for a job and I have been prosecuting Paula Bennett since November 2010, it just might be that one could be sitting in the system for me, an Advocate for the people on their rights whilst dealing with WINZ and have them pay me for it ! If Paula can use the system then so can I , I will be seeking her to resign over this and thats not all Judith Collins is next !
-
As soon as I woke up and heard the news I knew Keith had done us another great public service before they mentioned his name. I've said it before and I say it again: Good work Keith!
-
Sofie Bribiesca, in reply to
3200 views in 10 hours overnight (is this a PAS record, Russell?)
And noobies?
-
It is really hard to understate the size of the systematic failures that have been exposed by this. It smacks of expediency, and utter disregard of this proportion *can only* happen when there are failings at the highest governance level of the IT infrastructure.
-
Mia larsen, in reply to
They didnt think since 1939 when the welfare was introduce, it was actually designed to claim our tribes childrens from them we maori call this extortion andd this shall come to light eventually !
-
Mia larsen, in reply to
Shall I creat a brown paper bag bro and have my iwis take care of it for them...Haha
Post your response…
This topic is closed.