Tag Archives: Security

3 Lessons from the MSD kiosk breach

If you live in NZ, or follow the IT Security press, you are probably aware of a security flaw recently discovered on public kiosks at the MSD (Ministry for Social Development). The story has really gained traction, spreading quickly across Twitter and the International press.

In short, it was possible to open sensitive files across the organisation using the Open File dialog in an application, on public kiosks, in Work and Income NZ offices. This sort of problem is as old as network file shares, and trivial to do. For more information I highly recommend reading the original Blog post and the follow-up posts by Keith Ng.

Not all of the facts are available, but it seems there are three good lessons we can all take away from this breach:

Continue reading

LinkedIn breech – are we overlooking the real problem?

There has been a lot of press recently about 6.45 million password hashes from LinkedIn appearing online. A 120MB Zip file showed up last week on a Russian hacking site without any related account information (although the hackers likely have these details). Large volumes of account information being stolen is a common occurrence. eHarmony and Last.fm also both suffered breeches just last week.

Continue reading