OnPoint by Keith Ng

Read Post

OnPoint: MSD's Leaky Servers

629 Responses

First ←Older Page 1 13 14 15 16 17 26 Newer→ Last

  • Pete Sime, in reply to Lucy Bailey,

    I was on the PSA team at the National Library when we merged with Internal Affairs and had a number of meetings with Brendan Boyle. He struck me as a forthright and capable chief executive. The buck does stop with him on operational matters, though.

    Dunedin • Since Apr 2008 • 171 posts Report

  • nzlemming, in reply to Lucy Bailey,

    Well, Brendon Boyle was the head of the E-government unit back in 2000 and seems to have done his best to integrate departments when he was CEO of Internal Affairs and was integrating 8 Auckland councils, when he integrated the National Library, Archives etc, when he presided over the creation of LINZ, and in his most recent incarnation as GCIO. He does seem to like IT integration and appears to have been advising the govt on how to do so.

    Yes, he was my boss back then, he's not actually a bad bloke, for all that he's a Southlander. I don't envy him his day today.

    Actually, what he had to do as CE of DIA was absorb two departments (National Library and Archives NZ); LINZ existed before he was CE there (he went there from E-government); much of the Auckland Council activity was handled outside of DIA's workstream with the transition authority; and I think the GCIO role defaulted to the CE at DIA after Laurence Millar was let go. Prior to that, it was a lower level policy position at SSC, until the ICT unit that had grown up around e-government (now ict.govt.nz) was transferred to DIA. They're still working through a number of issues with those mergers.

    Sharing of IT resources makes sense. That's not what this was about. This was about not securing data, which is a whole different kettle of fish. There's a whole lot to get upset about with this cockup without trying to find a conspiracy around Boyle.

    Waikanae • Since Nov 2006 • 2937 posts Report

  • nzlemming, in reply to SteveH,

    It's not that MSSQL is bad in this case, it's just more integrated.

    Yep. The fact that it's a piece of crap is just icing on the cake! :-p

    Waikanae • Since Nov 2006 • 2937 posts Report

  • Sacha,

    Keith has added a post about the original souce of his story.

    Ak • Since May 2008 • 19745 posts Report

  • nzlemming, in reply to Sacha,

    Probably with Insouciance.

    Waikanae • Since Nov 2006 • 2937 posts Report

  • Sacha, in reply to nzlemming,

    I weel say zis only wonse

    Ak • Since May 2008 • 19745 posts Report

  • Miche Campbell, in reply to Damian Christie,

    You got curtains on your bedroom window, Damian? You do? Why? What are you trying to hide?

    Dunedin • Since Feb 2011 • 79 posts Report

  • lynne walker, in reply to Matthew Poole,

    Matthew can you be a bit more explicit, I need it spelt out, don't believe what exactly. Cheers.

    Auckland • Since Jan 2011 • 23 posts Report

  • Mike Etheridge, in reply to SteveH,

    >It’s not that MSSQL is bad in this case, it’s just more integrated.

    Man, that's a good one, SteveH. Should try to sell it to M$

    Pohangina • Since Sep 2012 • 4 posts Report

  • Joeseph Bloggers,

    I have nothing to prove except 4 years ago the admin user name was jumpstrt and the password was 66rgb*** which was a local admin login to any government terminal in NZ. Any admin working there knows i am telling the truth and as far as I believe the XML file in the screenshot there probably says the same thing. I reckon they shoulda employed me. I would have locked it down tight.

    New Zealand • Since Oct 2012 • 2 posts Report

  • Kracklite, in reply to Pete Sime,

    He struck me as a forthright and capable chief executive.

    I have a violin, but I seem to have lost it down the back of my sofa, probably because it’s so very, very small. I’m sure his salary will compensate for my loss. Nobody forced him at gunpoint to take on that job or to accept his paychecks or his responsibility.

    The buck does stop with him on operational matters, though.

    Exactly.

    I'd like to add: now I know why David fucking Shearer knew why the roof-painting beneficiary was a bludger - it was just so easy to access his files!

    The Library of Babel • Since Nov 2007 • 982 posts Report

  • Mike Etheridge, in reply to SteveH,

    Bennett: My IT department doesn't suck. Its just more integrated.

    Pohangina • Since Sep 2012 • 4 posts Report

  • papango, in reply to Joeseph Bloggers,

    a local admin login to any government terminal in NZ

    That's what makes me sure you are not on the level. There is no such thing as a 'government terminal'. Having worked in various departments, it's a miracle if the department is able to consider itself a whole in terms of IT. The systems don't match up even when we really want them to, there is certainly no single government system and they are in no way linked.

    Wellington • Since Jan 2012 • 19 posts Report

  • Sacha, in reply to Miche Campbell,

    You got curtains on your bedroom window, Damian? You do? Why? What are you trying to hide?

    he's trying to protect the public :)

    Ak • Since May 2008 • 19745 posts Report

  • Roger Lacey,

    Damn pesky bloggers doin' an honest journalist's work.
    John Armstrong must had choked on his fish and chips if he was watching the 3 News report that mentioned Keith had raised $4k for his efforts.

    Whatakataka Bay Surf Club… • Since Apr 2008 • 148 posts Report

  • DexterX, in reply to Roger Lacey,

    The good thing to come is the esteem in which torn jean, ragged hoodie wearing un shaven bloggers are held has raised considerably.

    A recurring tendency of the greater NZ ”just do it” bureaucracy is that no one ever does a thing properly ort checks a thing to see if it is works – yah know have hte thing do what it is supposed to do.

    The vastness of the shortcomings boggles the mind.

    Auckland • Since Nov 2006 • 1224 posts Report

  • Hilary Stace,

    30,000 views in 12 hours. Lead news item on TV and radio. Minister even had to front up on TV. Not bad, Keith and PA.

    Wgtn • Since Jun 2008 • 3229 posts Report

  • nzlemming,

    I do like the quote on the Herald's article:

    Mr Ng has raised $4000 for writing the story though fundraising website Givealittle.

    "Basically, it's busking journalism. I do the story, then ask for money. It beats the hell out of freelancing," said Mr Ng.

    I read it to my wife and she said "it's quite an interesting new model for journalism, isn't it?" I love her because she gets it. ;-)

    Waikanae • Since Nov 2006 • 2937 posts Report

  • Matthew Poole, in reply to SteveH,

    I think Matthew’s point here is simply that MSSQL tends to be configured to use Windows authentication so if you have access to a sufficiently privileged Windows account (as seems to be the case here), then you have access to the database. Most other database systems are configured to use with their own authentication schemes.

    Exactly. Thank you. If you have access to a domain admin account you can gain full access to MSSQL on a server that is a member of (or trusts the admins of) the domain. Other databases, largely, don't have that integration. MSSQL is quite capable as a DB server, but it's awfully vulnerable if your domain access gets compromised.

    Auckland • Since Mar 2007 • 4097 posts Report

  • Matthew Poole, in reply to lynne walker,

    can you be a bit more explicit, I need it spelt out, don’t believe what exactly

    The blame-shifting in those two articles. Don't believe everything you read. More will come out.

    Auckland • Since Mar 2007 • 4097 posts Report

  • Atlas Rebellon, in reply to DexterX,

    Einstein said: "Two things are infinite: the universe and human stupidity; and I'm not sure about the the universe".

    Obviously Einstein never heard of WINZ!

    Auckland • Since Oct 2012 • 1 posts Report

  • Steve Bell, in reply to Thomas Beagle,

    And s252(2) says: "To avoid doubt, subsection (1) does not apply if a person who is authorised to access a computer system accesses that computer system for a purpose other than the one for which that person was given access."

    I think Keith could construct an argument that since access to the terminals was provided to visitors at large, he was "authorised" to access them for some purposes; therefore his access for any purpose did not contravene subsection (1).

    Wellington • Since Apr 2009 • 8 posts Report

  • Gudrun Gisela,

    Imagine this:
    Ira Bailey gave the Ministry of Social Development ""vague"" details about ... the blogger who made it public - is one of the original Urewera 18.

    I hear that Paula Bennett admitted that there are 'problems in the system'. That must be the understatement of the year.

    Christchurch • Since Dec 2011 • 891 posts Report

  • Sofie Bribiesca, in reply to Gudrun Gisela,

    That must be the understatement of the year.

    Let's shoot the messenger instead.

    Mr Boyle said there were no plans to lay charges against Mr Ng for revealing the breach publicly but it was too early to say whether Mr Bailey would be charged

    here and there. • Since Nov 2007 • 6796 posts Report

  • cognitive_hazard,

    NZ media is woeful, heard the event called a privacy breach and a database breach last night on the idiot box. Its a SECURITY breach, privacy and data loss are just symptoms

    New Zealand • Since Oct 2012 • 13 posts Report

First ←Older Page 1 13 14 15 16 17 26 Newer→ Last

Post your response…

This topic is closed.