OnPoint: MSD's Leaky Servers
629 Responses
First ←Older Page 1 … 13 14 15 16 17 … 26 Newer→ Last
-
Pete Sime, in reply to
I was on the PSA team at the National Library when we merged with Internal Affairs and had a number of meetings with Brendan Boyle. He struck me as a forthright and capable chief executive. The buck does stop with him on operational matters, though.
-
nzlemming, in reply to
Well, Brendon Boyle was the head of the E-government unit back in 2000 and seems to have done his best to integrate departments when he was CEO of Internal Affairs and was integrating 8 Auckland councils, when he integrated the National Library, Archives etc, when he presided over the creation of LINZ, and in his most recent incarnation as GCIO. He does seem to like IT integration and appears to have been advising the govt on how to do so.
Yes, he was my boss back then, he's not actually a bad bloke, for all that he's a Southlander. I don't envy him his day today.
Actually, what he had to do as CE of DIA was absorb two departments (National Library and Archives NZ); LINZ existed before he was CE there (he went there from E-government); much of the Auckland Council activity was handled outside of DIA's workstream with the transition authority; and I think the GCIO role defaulted to the CE at DIA after Laurence Millar was let go. Prior to that, it was a lower level policy position at SSC, until the ICT unit that had grown up around e-government (now ict.govt.nz) was transferred to DIA. They're still working through a number of issues with those mergers.
Sharing of IT resources makes sense. That's not what this was about. This was about not securing data, which is a whole different kettle of fish. There's a whole lot to get upset about with this cockup without trying to find a conspiracy around Boyle.
-
nzlemming, in reply to
It's not that MSSQL is bad in this case, it's just more integrated.
Yep. The fact that it's a piece of crap is just icing on the cake! :-p
-
Keith has added a post about the original souce of his story.
-
nzlemming, in reply to
Probably with Insouciance.
-
Sacha, in reply to
I weel say zis only wonse
-
Miche Campbell, in reply to
You got curtains on your bedroom window, Damian? You do? Why? What are you trying to hide?
-
lynne walker, in reply to
Matthew can you be a bit more explicit, I need it spelt out, don't believe what exactly. Cheers.
-
Mike Etheridge, in reply to
>It’s not that MSSQL is bad in this case, it’s just more integrated.
Man, that's a good one, SteveH. Should try to sell it to M$
-
I have nothing to prove except 4 years ago the admin user name was jumpstrt and the password was 66rgb*** which was a local admin login to any government terminal in NZ. Any admin working there knows i am telling the truth and as far as I believe the XML file in the screenshot there probably says the same thing. I reckon they shoulda employed me. I would have locked it down tight.
-
Kracklite, in reply to
He struck me as a forthright and capable chief executive.
I have a violin, but I seem to have lost it down the back of my sofa, probably because it’s so very, very small. I’m sure his salary will compensate for my loss. Nobody forced him at gunpoint to take on that job or to accept his paychecks or his responsibility.
The buck does stop with him on operational matters, though.
Exactly.
I'd like to add: now I know why David fucking Shearer knew why the roof-painting beneficiary was a bludger - it was just so easy to access his files!
-
Mike Etheridge, in reply to
Bennett: My IT department doesn't suck. Its just more integrated.
-
papango, in reply to
a local admin login to any government terminal in NZ
That's what makes me sure you are not on the level. There is no such thing as a 'government terminal'. Having worked in various departments, it's a miracle if the department is able to consider itself a whole in terms of IT. The systems don't match up even when we really want them to, there is certainly no single government system and they are in no way linked.
-
Sacha, in reply to
You got curtains on your bedroom window, Damian? You do? Why? What are you trying to hide?
he's trying to protect the public :)
-
Damn pesky bloggers doin' an honest journalist's work.
John Armstrong must had choked on his fish and chips if he was watching the 3 News report that mentioned Keith had raised $4k for his efforts. -
DexterX, in reply to
The good thing to come is the esteem in which torn jean, ragged hoodie wearing un shaven bloggers are held has raised considerably.
A recurring tendency of the greater NZ ”just do it” bureaucracy is that no one ever does a thing properly ort checks a thing to see if it is works – yah know have hte thing do what it is supposed to do.
The vastness of the shortcomings boggles the mind.
-
30,000 views in 12 hours. Lead news item on TV and radio. Minister even had to front up on TV. Not bad, Keith and PA.
-
I do like the quote on the Herald's article:
Mr Ng has raised $4000 for writing the story though fundraising website Givealittle.
"Basically, it's busking journalism. I do the story, then ask for money. It beats the hell out of freelancing," said Mr Ng.
I read it to my wife and she said "it's quite an interesting new model for journalism, isn't it?" I love her because she gets it. ;-)
-
Matthew Poole, in reply to
I think Matthew’s point here is simply that MSSQL tends to be configured to use Windows authentication so if you have access to a sufficiently privileged Windows account (as seems to be the case here), then you have access to the database. Most other database systems are configured to use with their own authentication schemes.
Exactly. Thank you. If you have access to a domain admin account you can gain full access to MSSQL on a server that is a member of (or trusts the admins of) the domain. Other databases, largely, don't have that integration. MSSQL is quite capable as a DB server, but it's awfully vulnerable if your domain access gets compromised.
-
Matthew Poole, in reply to
can you be a bit more explicit, I need it spelt out, don’t believe what exactly
The blame-shifting in those two articles. Don't believe everything you read. More will come out.
-
Atlas Rebellon, in reply to
Einstein said: "Two things are infinite: the universe and human stupidity; and I'm not sure about the the universe".
Obviously Einstein never heard of WINZ!
-
Steve Bell, in reply to
And s252(2) says: "To avoid doubt, subsection (1) does not apply if a person who is authorised to access a computer system accesses that computer system for a purpose other than the one for which that person was given access."
I think Keith could construct an argument that since access to the terminals was provided to visitors at large, he was "authorised" to access them for some purposes; therefore his access for any purpose did not contravene subsection (1).
-
Imagine this:
Ira Bailey gave the Ministry of Social Development ""vague"" details about ... the blogger who made it public - is one of the original Urewera 18.I hear that Paula Bennett admitted that there are 'problems in the system'. That must be the understatement of the year.
-
Sofie Bribiesca, in reply to
That must be the understatement of the year.
Let's shoot the messenger instead.
Mr Boyle said there were no plans to lay charges against Mr Ng for revealing the breach publicly but it was too early to say whether Mr Bailey would be charged
-
NZ media is woeful, heard the event called a privacy breach and a database breach last night on the idiot box. Its a SECURITY breach, privacy and data loss are just symptoms
Post your response…
This topic is closed.