“I got tipped-off that the parts of the MSD network were completely exposed to the public. You could go into any WINZ office and use their self-service kiosks to access their corporate network.
These locked-down kiosks are provided so you could look for jobs online, send off CVs etc. They’ve had some basic features disabled, which supposedly meant that you couldn’t just open up File Manager and poke around the machine. However, by just using the Open File dialogue in Microsoft Office, you could map any unsecured computer on the network, and then open up any accessible file.”
Well, it’s not exactly M$’s fault that they made their brand of networking so easy to set up but they also made it easy to neglect to lock it down and similarly easy to exploit. TFA is a rather boring thing except that I have seen similar situations several times. In one place where I worked the client machines were locked down pretty tightly so that I could not do stuff I needed to do for my job. Since technical help was weeks away, I hooked another client machine to the LAN and fired away. No one had bothered to lock down the DHCP server nor to define unknown machines as unprivileged on the network. I could do what I wanted… Of course, I did no harm, just setting up some GNU/Linux clients in my classroom but the methods, screens and simplicity of my “intrusion” were eerily similar to TFA. I was able to download FireFox onto the new client and then send it over to my “locked-down” XP machine totally bypassing restrictions which prevented browsing to any site not on a white list.
That event was in ~2003 and here we are in 2012 with the same sorts of issues.
I prefer GNU/Linux. A distro usually ships with NFS not sharing anything and privileges are a high priority. With that other OS, one can just “share” and be done with it. I’ve even been places where the system administrator shared “C:” to all and sundry from every machine to every machine. It was no wonder malware thrived quite unopposed for several years. Imagine just sprinkling malware hither and yon and waiting for someone to click on an icon to unleash the hounds.
I have no idea how the situation in New Zealand evolved. Probably someone added the kiosks without realizing they could access files all over (sad that was not checked…) or someone relaxed security not realizing the kiosks were around. Bad things happen when systems become more complex than one person knows. The right combination leads to disaster major or minor. One cannot regulate stupidity or ignorance but one can choose to use an OS like GNU/Linux where security is a higher priority than convenience.