| Forum Home | ||||
| PC World Chat | ||||
| Thread ID: 127276 | 2012-10-14 18:53:00 | WINZ kiosk security flaw | pctek (84) | PC World Chat |
| Post ID | Timestamp | Content | User | ||
| 1306814 | 2012-10-15 00:06:00 | I'm more concerned about 'mismanagement' and 'corruption'. The Govt spent millions of Tax-payers moneys only to produce this sort of 'rubbish'. I think they would have spent most of the money on meetings, fancy dinners, etc, then pawned the job off to the lowest bidder... |
Agent_24 (57) | ||
| 1306815 | 2012-10-15 00:18:00 | Terrible coding if you ask me. Microsoft would have done a better, cheaper job (tongue in cheek!). There will be a lot of worried people in the Gov't IT Department. |
Bryan (147) | ||
| 1306816 | 2012-10-15 00:24:00 | I think they would have spent most of the money on meetings, fancy dinners, etc, then pawned the job off to the lowest bidder... That's mismanagement and another form of corruption! |
bk T (215) | ||
| 1306817 | 2012-10-15 01:14:00 | Terrible coding if you ask me. Microsoft would have done a better, cheaper job (tongue in cheek!). The Apple Maps team could have done (marginally) better :p |
pcuser42 (130) | ||
| 1306818 | 2012-10-15 02:27:00 | Looks like some 'tard both: a) didn't lock down the shares enough b) didn't lock down the kiosks correctly c) didnt do the most basic of testing after install. I think a public name & shame of the Companies involved is warranted. I'll bet the Govt dept employees who spec'ed the thing up & signed off on it didnt have a clue, & kept changing the spec & contract price midway through the system design & install. (as they always seem to do) Anyone remember the Police computer system debacle & how many millions that cost us all. Nothing changes, lessons are never learned. Just waiting for the Ak City Council Computer system upgrade debacle & insane costs. :badpc: :badpc: |
1101 (13337) | ||
| 1306819 | 2012-10-15 02:34:00 | True. And on top of that, from what I understand they're basically just "public kiosks" that access the WINZ website and not much else. If that's the case, there is absolutely ZERO reason for them to be physically connected to the same network as the confidential information. Put them on their own unique circuit if you have to, it's not hard, or firewall the %@#$ outta what they can access (Only external IPs on Port 80 / 443 and nothing more). | Chilling_Silence (9) | ||
| 1306820 | 2012-10-15 03:28:00 | Unique circuit is exactly what the banks do, I've set a few of them up. They don't even come close to looking at their network. | Alex B (15479) | ||
| 1306821 | 2012-10-15 03:38:00 | I think a public name & shame of the Companies involved is warranted. I'll bet the Govt dept employees who spec'ed the thing up & signed off on it didnt have a clue, & kept changing the spec & contract price midway through the system design & install. (as they always seem to do) Just waiting for the Ak City Council Computer system upgrade debacle & insane costs. :badpc: :badpc: Mr Boyle said KPMG and other IT experts were hired regularly by the ministry to attack their sites and expose any vulnerability. He would not say why they had not picked up the security flaw with the Work and Income (WINZ) kiosks before. Mr Boyle said the ministry was contacted last week by a man who said their systems weren't robust and he would cooperate if there was a reward. "While he wouldn't provide any details we asked KPMG to begin penetration testing at this point and this testing has been accelerated and intensified. ," said Mr Boyle. Mr Boyle said ultimately he was responsible for anything that happened while he led the ministry. The software used in the kiosks was created by ministry staff and had been in place for just under a year. The Ministry has established that information in one of its more than 1500 servers was accessed Ng said it took him two and a half hours to download the MSD files on to a USB. "It was very easy." ---------------------------------------- I thought the DHB was bad, I thought Akld Council was bad, there's look like thee most amazing systems in the world compared to this laughable setup. Even I could lock it down better than that, hell, even the kid at high school could. |
pctek (84) | ||
| 1306822 | 2012-10-15 03:40:00 | They must be using cheap China designed and China made hardware/software and employed cheap Chinese labour to set the whole system up! :D Those responsible probably got a free trip to Beijing. :D |
bk T (215) | ||
| 1306823 | 2012-10-15 04:12:00 | Problem with people who specify what they want to happen on their computer system. They don't spend enough time on the much larger topic - thinking about and specifying what they don't want to happen! |
coldot (6847) | ||
| 1 2 3 4 5 | |||||