Blogger Keith NG wandered into WINZ kiosk and discovered that he could access their corporate network including files about high needs children under CYFFS care, contractors, medical bills, clients who owe money to WINZ and much more.
WINZ has responded by closing their kiosks -which were to be their Brave New World of client care-down. Here's Keith Ng's story:
My jeans were torn, my hoodie was pretty ragged, and I
hadn’t shaved for a week. It turned out that bloggers are remarkably good
at disguising themselves as unemployed, without even trying.
Last week, I got tipped-off that the parts of the MSD
network were completely exposed to the public. You could go into any WINZ
office and use their self-service kiosks to access their corporate network.
These locked-down kiosks are provided so you could
look for jobs online, send off CVs etc. They’ve had some basic features
disabled, which supposedly meant that you couldn’t just open up File Manager
and poke around the machine. However, by just using the Open File dialogue in
Microsoft Office, you could map any unsecured computer on the network, and then
open up any accessible file.
See more at: http://publicaddress.net/onpoint/msds-leaky-servers/
No comments:
Post a Comment