Hard News: Dirty Politics
2403 Responses
First ←Older Page 1 2 3 4 5 … 97 Newer→ Last
-
See !
-
JLM,
Thanks Russell! Sometimes Twitter is just a bit too brief...
-
LOL. Once more, Anon delivers.
Slater is Hyde to Key's Jekyll.
-
The last line of your post sums up my thoughts. While we can all hope such revelations would have political implications, I fear most of NZ will just shrug their shoulders and consider it to confirm their view on all politicians.
-
National Party have ordered an emergency drop of squirrels.
The usual suspects will be pointing them out to you in due course.
Please stand by... -
SHG,
...denial of service attack, which took his site out for two days.
But it did more than that. It provided access for unnamed persons to retrieve a trove of correspondence between Slater, Ede and other senior figures
I just don't see how that's possible. Unless Slater was running a mailserver and/or storing archived correspondence on the same box as his webserver, which would be fucking retarded for a site like his.
-
Sacha, in reply to
not even his mum claimed he's a genius
-
Russell Brown, in reply to
just don't see how that's possible. Unless Slater was running a mailserver and/or storing archived correspondence on the same box as his webserver, which would be fucking retarded for a site like his.
That was what I thought.
-
Sofie Bribiesca, in reply to
That was what I thought.
Aren't hackers any good these days?
-
Russell Brown, in reply to
Aren't hackers any good these days?
There is some indication that people in the local hacker community have also had the documents.
-
Assuming whoever set his systems up isn't a complete nonce and didn't deploy all the components on a single internet-facing host, the most likely scenario is that either the DDoS attack is a read hearing, and the email was exfiltrated by other means, or the web server was compromised as part of the DDoS and was used to stage attacks on other hosts on the network. Maybe they guessed or got hold of the admin passwords, maybe they exploited an application or OS vulnerability.
-
That was what I thought.
Me too. I don't believe it.
-
Russell Brown, in reply to
I’ve been tweeted by someone who said he wasn’t surprised because “some of us have the site”.
Same person says the reason that Peter Dunne wasn’t sacked for leaking the GCSB report is that Key already knew he’d done it. And says he hasn't read the book.
-
Sacha, in reply to
I don't believe it.
We've already had that line over Brash's emails..
-
Hebe, in reply to
National Party have ordered an emergency drop of squirrels.
The usual suspects will be pointing them out to you in due course.
Please stand by...Loud thumps in Wellington will not be seismic activity; just the sound of bodies being hurled over parapets.
-
There is some indication that people in the local hacker community have also had the documents.
well then i look forward to them showing up on wikileaks .... runs off to check
.... not yet
-
SHG,
“some of us have the site”
There is no sensible reason for correspondence to have ever been anywhere near the site. I can't see a connection between "site hacked" and "access to emails".
-
Most great “scoops” by gallery jouraists are fed to them. Their jobs simply don’t permit real, long-game investigation.
That's a cop out . How about they stay up a bit later and do some research. By the time their gossip goes to print the comments section that follows shortly after carries new info that has cause for good argument against what's printed thus rendering that gallery journo pointless. Chief Political Commentator my arse. Business Analysis. My arse. Tory, definitely.
-
SamC, in reply to
There is no sensible reason for correspondence to have ever been anywhere near the site. I can't see a connection between "site hacked" and "access to emails".
The scenario I would imagine is that to save money, everything was put on one server (it's possible it was multiple virtual machines on a single physical host, or just one big host). The email server was not publicly accessible under normal circumstances, but once the server was compromised, it was simple to get a hold of them. Slater was using it has his personal email host, and hadn't deleted/archived for some time.
You might think "how could anyone be so stupid?" but presumably it wasn't Slater's call (he probably just skimped on the IT consultants). But such security setups are ridiculously common, particularly for people doing it on the cheap. If they were really doing it right, they would've encrypted all emails anyway.
The worrying thing is, what happens when these sort of people wise up and use some pretty trivial measures, like properly secured servers and encrypted emails. This sort of leak just won't be possible, so we'll only have suspicions to go on.
-
Weirdly, most of the correspondence seems to be Facebook chats, which I can't quite see how would possibly be hacked using a DDOS attack on the WhaleOil site.
-
Balance, in reply to
I can't see a connection between "site hacked" and "access to emails".
Think in terms of the weakest link. A hacked server can provide a privileged platform to attack a client machine, typically a site admin's personal computer, which in turn could spill the beans for log in credentials to other services, such as a webmail account. Practicing good computer security is awfully difficult (and, alarmingly, inconvenient), and I wouldn't be surprised if the alleged victim(s) have no real idea what they're doing.
-
Kumara Republic, in reply to
Loud thumps in Wellington will not be seismic activity; just the sound of bodies being hurled over parapets.
Or guillotine blades falling.
-
-
SamC,
Weirdly, most of the correspondence seems to be Facebook chats, which I can’t quite see how would possibly be hacked using a DDOS attack on the WhaleOil site.
Could be that passwords were obtained by hacking into his web server, which were used to access Facebook, etc. Lots of people use the same password on every site.
-
Andre Alessi, in reply to
I'm guessing here with very little concrete evidence, but I would assume Slater hired someone(s) to come to his place and provide tech support during/after the attack. It's unlikely he does his own tech support. That opens up additional avenues as to how information was accessed.
Post your response…
This topic is closed.