Labour’s malicious breach? No, human failure.

, posted: 13-Jun-2011 17:55

It's all over the news at the moment - political blogger Cameron Slater, aka Whaleoil, has got his hands on a whole raft of Labour files, as well as the personal details of their online donors.  In terms of a breach of data security, this is pretty much worse case scenario.

In Cameron's latest blog post, he outlines exactly how he got the data:

Quick summary of the video: using the online tool My-IP-Neighbors Cameron worked out the other sites running on the same IP address as Labour website lets-not.co.nz - one of those sites was healthyhomeshealthykiwis.org.nz, and with no index file and directory browsing switched on, it gives any visitor to it a complete file listing of every file and directory hosted on that site.  It also contained a surprising amount of files that really shouldn't be there - MySQL database dumps, personal and credit card details, plus other sensitive files.  To add insult to injury, the site has also been indexed by Google, meaning all the information on that site is now part of the Google cache.

Malicious hacking? Hardly.  Epic fail on the part of Labour's web team? You bet.

The "real life" analogy of this happening is not WhaleOil breaking into a Labour car and retrieving a briefcase of private documents and taking copies - it is more similar to Labour leaving the files spread out on the footpath, and them complaining when someone discovers and reads them.

I'm not condoning what WhaleOil does with the information; what I do want to point out is how he obtained the data is not hacking, not by any stretch of the imagination.  What has happened is the staff in charge of their websites have failed in the most basic steps to secure their websites, and it is not a design fault.  Hopefully this experience also teaches them not to store sensitive files online, especially not backups from their main website's MySQL database.  I also question why credit card details are being stored online - the industry standard is to use a third-party credit card processor who stores (if required) credit cards securely, removing this liability for your own website.

I would be asking some serious questions of the Labour staff, and how such a slipup could occur.



Mobile prepay top ups with Vodafone

, posted: 24-May-2011 21:25

Hotlink, from Vodafone, is a mobile top up service for prepay customers.  It's not a brand new service; up until the weekend, I had no idea it existed, and was given a demonstration of how to set it up by Vodafone fanboy (and employee) johnr.  What impressed me was how straight forward setup was, and how quickly credit could not only be added to your mobile, but to any Vodafone mobile of your choosing.  If you have leeches teenagers who you regularly top up, Hotlink is the perfect product for you.

The first step involves picking Hotlink from the Vodafone SIM menu on your phone (unfortunately I can't screenshot this as I've already set it up).  It presents you with a list of supported banks.  Once this is done, you then need to login to your internet banking.

I bank with ASB, so under Mobile Banking I enter my mobile phone number under Mobile Top-up and then pick the bank account to debit:

test

The menu on my Nokia E71 changed about 30 seconds later - I now have the option to top up my mobile, and enter a specific amount, or top up someone else's.  The fact it is part of a menu, and I don't need to remember codes or a number to send a SMS to makes even more handy.

It's free to sign up - you can then become a walking, talking, Vodafone top up machine.



Amazon’s Kindle to be sold through Walmart

, posted: 8-May-2011 00:13

During my time in the States, the average shopper I encountered in Walmart was not your tech savvy geek.  For those who have never had the honour of stepping foot in a Walmart, it is like the love child of The Warehouse, Mitre 10, Countdown and The $2 shop.  Anything your heart desires is available in Walmart, for ridiculously low prices.

I'm a massive fan of the Amazon Kindle, having bought one for my partner at Christmas.  I see the success of this Walmart-Amazon deal being with how stupidly simple the Kindle is.

The Kindle is small, light and does one thing and does it very well - its e-paper allows you to read books.  No flashy graphics, no backlit screen, no having to charge it every night (supposedly the Kindle has a month's battery life) - it really is the perfect device for a book worm.

So Amazon has started with a great product the closely emulates a physical book (eg no eye strain), without having the bulkiness of a thick novel.  Good start.

Their next trick is delivery of books to the device.  I opted for the WiFi+3G model.  I login to Amazon, search for the book I want, purchase it (for far less than a physical book, plus no high postage to NZ) and within minutes it's on the Kindle.  Regardless of where you are in the world, Whispernet (Amazon's automagical delivery network, powered by AT&T) gets it from Amazon to the Kindle (or you can do it via WiFi just as easily).  Since this is all setup before you receive the Kindle, there's no having to find a NZ sim card, making sure it has credit etc.  Amazon do it all for you.  Not having to plug the Kindle into a computer to get books is also great.

Two nights ago I was reading a blog post about a book called The Facebook Effect by David Kirkpatrick.  It's a complete history of Facebook and some of the financial, technical and social hurdless they have had to overcome.  From the time I read about the book, to actually reading the book on the Kindle was about 5 minutes.  I'm just about finished this book as I can't put it down (I read one book every two years, I'm not a big reader), and would probably not have bought it had I needed to drive to a physical book store, or waited two weeks for it to arrive by courier.

The Kindle really is an amazing device, I highly recommend it.  I should buy one for mum for Mother's Day, but I'm cheap, so she'll have to settle for some flowers instead.

You can support Geekzone by buying a Kindle through this link.

Hat tip to @paulhayton for the link to the article.



Latest and greatest from Panasonic

, posted: 20-Apr-2011 00:03

Last Tuesday I was invited to the Panasonic Roadshow at the Langham Hotel in Auckland.  I was part of a small group of seven people, from the main media outlets, able to preview all the new technology coming out from Panasonic.  That evening (they had already held one the previous evening), 400 retailers would be shown what we were seeing - the benefit for us is we could take our time looking at everything, while not being told how to sell it to our customers.

The tour lasted for about 45 minutes and a lot info was covered.  We got to see Panasonic's 3D offering (which I have already seen and raved about), their new plasma and LCD LED TVs, a LCD screen running 3D graphics natively from a Nvidia graphics card (must have for gamers, and I must convince my better half that I need one), cameras and camcorders, plus offerings in HiFi, DVD and Blu-ray players. 

There was so much covered, so there is only a brief summary below.  If you're keen to get more info, this post really doesn't do any of the Panasonic products any justice - drop into your local tech retailer and try them for yourselves.

  • Plasmas/LCDs
    • Improved the front glass panel to minimise light entering in - this means scenes of pitch black are much sharper
    • Impressive 178 degree viewing angle (you reading this Samsung?!)
    • Has the ability to convert 2D movies into 3D (we watched Sherlock Holmes, not as impressive as a "native" 3D movie, but very cool technology) - the Blu-ray player can also do this
    • Better sound (personally I would stick to having a stereo system and not relying solely on the screen)
    • DLNA / Wi-Fi enabled
    • Ability to record TV to a SD memory card or a external USB hard-drive (plus pause live TV)
  • Digital cameras
    • Water proof up to 12m (with a dive case this can be extended up to 40m)
    • Only compact camera with GPS, a compass, an altimeter and a barometer
    • Has optical image stabiliser where other brand only have digital stabilisers.

 

Thanks Panasonic for the invite.



All about GPS tracking

, posted: 4-Apr-2011 06:00

During a catch-up dinner some months back with Kelvin (chiefie), David (cisconz), John (johnk) and our better halves, John mentioned that the electrical company he worked for had just installed GPS tracking in all of their vans.  Our discussions ranged from how the units work, if it's possible to disable the units, to some of the more positive benefits of having GPS installed.   Some of the ideas we bounced back and forward I am going to detail here.

I'm well familiar with this topic as one of our clients specialises in GPS tracking.  In its most basic form, GPS tracking consists of two parts:

  1. A tracking unit - a unit is installed in your vehicle and this calculates your current real-time position and relays it back to a server and
  2. A server - this stores the GPS location with a date and time, and allows for this data to be plotted on a map, plus other useful reports, such as how far you've driven around today.

At face value, this all seems very big brother - a boss being able to see exactly where his workmen are at all times sounds like snooping, and to a degree, it is - this, however, is only a small part of the benefits of tracking your vehicles.  In a business, staff and vehicles tend to be big expenses, so it makes sense to report on both.

map During development of Argus, I volunteered my car and had a GPS tracking unit installed.  It is a small box hidden in the car, and it reports back periodically to my client's servers.  Unless you were told, you would have no idea that it was there.  It is still in my car to this day for the following reasons:

  • Security - my car alarm is hooked into my GPS, and should my alarm go off, my partner (she is included in-case my cell phone is flat) and I are sent a SMS message within 2 seconds with my car's location.  A couple years ago, before I had the alarm wired in, my car was stolen from the Botany Town Centre car park and dumped 200m away.  At that time, I was able to find my car within minutes (rather than waiting days for the Police to find it), and had the alarm been hooked in, I would've been alerted within seconds (a lesson learnt the hard way!).  This really is a must have if you have an expensive bike, custom car or boat.
  • Accountability - during busy days of back-to-back meetings, sometimes I will not remember who I've met with.  By using some of the reports the next day, I'm able to backtrack where I've been, and this helps trigger my memory.  From an electrician's point of view, it can prove that you were at a remote location with the arrival and leaving times, should a dispute from a client arise.  I also use this feature often when possum shooting with mates - it allows us to see where we've been shooting, what time we arrived, and what time we left - unfortunately it doesn't help with our .22s' accuracy.
  • Safety - the GPS unit has a variety of relays which can be plugged into your car, for example, a crash sensor could trigger a SMS message to a loved one with your current location, if you are unconscious and unable to respond.
  • Peace of mind - having the facility to know where you car is at all times is very reassuring (good idea for parents with teenagers who take family car). 
  • Productivity - there are gains to be made by analysing common routes, and combining them together to save on fuel and other vehicle costs.  I know of a customer who observed his workmen going back and forward multiple times a day between a supplier and a building site.  By better planning a job, they were able to make one trip to the supplier, get everything they need, and get the job done quicker.

(these are just a handful of the benefits)

For business owners thinking about getting GPS tracking, you need to get your staff onboard, and outline why it is a good idea.  I highly recommend against covertly installing tracking in your company vehicles - all it takes is one report left carelessly on a desk, or a tracking screen left up on a laptop and your staff will quickly figure out what's going on.  Nobody likes being followed without their knowing, and the best way to destroy any employer-employee trust is to track them behind their backs.

I'm glad I had GPS tracking installed and recommend it for both personal vehicles and business fleets.

 

Blatant plug: Contact the clever guys at Argus Tracking if you are keen to have a chat about GPS tracking or to have it installed.



nate's profile

 


I'm Nate Dunn, and I work for 3Bit, own Tuihana Cafe, and am a moderator here at Geekzone.

Use Autotask and Xero? Sync data between them with My Accounting Toolbox.

Use Xero and SagePay? Get your invoices paid faster using HostedPay.

 

Disclaimer
The views and opinions represented on this blog are personal and belong solely to the blogger and do not represent in anyway those of 3Bit Solutions Limited or any other company.


Latest posts

Cyber attacks on NZ small busi...
How one database query can fix...
Review: Navman MiVUE680...
Review: Huawei P9...
Poor man’s automation - ...
App Review: WorldRemit...
eWay response codes as a file...
International podcast conferen...
Is the Nexus 6P the perfect An...
Review: Huawei G8...