Sunday, October 14, 2012

MSD Sensitive Files Found Accessable to Public in Kiosks



Blogger Keith NG wandered into  WINZ kiosk and discovered that he could access  their corporate network including files  about high needs  children under CYFFS care,  contractors, medical bills,  clients who owe money to WINZ  and much more.
WINZ has responded by closing their kiosks -which were to be their Brave New World of client care-down. Here's Keith Ng's story:


by Keith Ng, Npoint
My jeans were torn, my hoodie was pretty ragged, and I hadn’t shaved for a week. It turned out that bloggers are remarkably good at disguising themselves as unemployed, without even trying.
Last week, I got tipped-off that the parts of the MSD network were completely exposed to the public. You could go into any WINZ office and use their self-service kiosks to access their corporate network.
These locked-down kiosks are provided so you could look for jobs online, send off CVs etc. They’ve had some basic features disabled, which supposedly meant that you couldn’t just open up File Manager and poke around the machine. However, by just using the Open File dialogue in Microsoft Office, you could map any unsecured computer on the network, and then open up any accessible file.
See more at:      http://publicaddress.net/onpoint/msds-leaky-servers/















No comments: