Thursday's security amusement!

older
The New Threat: Targeted Internet...

Tim Hoffman

20 Nov 2013 20 Nov '13

4:04 a.m.

This is vaguely operational and fairly amusing - one of our friendly LFC’s might want to sort their…ahem….levels of security fail! https://www.google.co.nz/search?q=inurl%3A%2F%2Fhttp%3A%2F%2Fwww.ultrafastfibre.co.nz%2Ffiles%2F+agreement+&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a&gfe_rd=cr&ei=axCMUoHzK6SN8QeI9YDQBQ And to keep it on topic - beer! Cheers, —hoff <views do not represent anyone I may or may not work for etc etc>

Show replies by date

Tim Price

20 Nov 20 Nov

4:15 a.m.

Unless of course they were published there on porpoise: http://www.ultrafastfibre.co.nz/rsps/publications-resources-and-tools/wholes... On 21/11/2013, at 12:04 pm, Tim Hoffman wrote:

...

This is vaguely operational and fairly amusing - one of our friendly LFC’s might want to sort their…ahem….levels of security fail!

https://www.google.co.nz/search?q=inurl%3A%2F%2Fhttp%3A%2F%2Fwww.ultrafastfibre.co.nz%2Ffiles%2F+agreement+&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a&gfe_rd=cr&ei=axCMUoHzK6SN8QeI9YDQBQ

And to keep it on topic - beer!

Cheers, —hoff

<views do not represent anyone I may or may not work for etc etc> _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog

Tim Hoffman

4:17 a.m.

For shame on me! On 21/11/2013, at 12:15 pm, Tim Price wrote:

...

Unless of course they were published there on porpoise: http://www.ultrafastfibre.co.nz/rsps/publications-resources-and-tools/wholes...

On 21/11/2013, at 12:04 pm, Tim Hoffman wrote:

...
This is vaguely operational and fairly amusing - one of our friendly LFC’s might want to sort their…ahem….levels of security fail!

https://www.google.co.nz/search?q=inurl%3A%2F%2Fhttp%3A%2F%2Fwww.ultrafastfibre.co.nz%2Ffiles%2F+agreement+&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a&gfe_rd=cr&ei=axCMUoHzK6SN8QeI9YDQBQ

And to keep it on topic - beer!

Cheers, —hoff

<views do not represent anyone I may or may not work for etc etc> _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog

Tristram Cheer

4:20 a.m.

There's still doc's in there unpublished from what I can see, The Onboard process, Some presentations etc etc On 21 November 2013 12:17, Tim Hoffman wrote:

...

For shame on me!

On 21/11/2013, at 12:15 pm, Tim Price wrote:

...
Unless of course they were published there on porpoise: http://www.ultrafastfibre.co.nz/rsps/publications-resources-and-tools/wholes...

On 21/11/2013, at 12:04 pm, Tim Hoffman wrote:

...
This is vaguely operational and fairly amusing - one of our friendly LFC’s might want to sort their…ahem….levels of security fail!

https://www.google.co.nz/search?q=inurl%3A%2F%2Fhttp%3A%2F%2Fwww.ultrafastfibre.co.nz%2Ffiles%2F+agreement+&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a&gfe_rd=cr&ei=axCMUoHzK6SN8QeI9YDQBQ

...
And to keep it on topic - beer!

Cheers, —hoff

<views do not represent anyone I may or may not work for etc etc> _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog

_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog

Don Stokes

4:21 a.m.

The WSAs are all linked from this page http://www.ultrafastfibre.co.nz/rsps/publications-resources-and-tools/wholes..., which is two clicks away from the front page (RSPs -> Wholesale services agreement). Hardly a "security fail" if the LFC considers its agreements a matter of public record. -- don On 21/11/13 12:04, Tim Hoffman wrote:

...

This is vaguely operational and fairly amusing - one of our friendly LFC’s might want to sort their…ahem….levels of security fail!

https://www.google.co.nz/search?q=inurl%3A%2F%2Fhttp%3A%2F%2Fwww.ultrafastfibre.co.nz%2Ffiles%2F+agreement+&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a&gfe_rd=cr&ei=axCMUoHzK6SN8QeI9YDQBQ

And to keep it on topic - beer!

Cheers, —hoff

<views do not represent anyone I may or may not work for etc etc> _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog

Dean Pemberton

21 Nov 21 Nov

12:59 a.m.

On the topic of highlighting security issues in a public forum... The NZITF has just released a consultation draft of some guidelines around responsible disclosure. PLEASE have a read and provide feedback. I'm also looking at presenting these in a form relevant to Network Operators at the conference. ie, How would you like Security Researchers to treat you when they find the next gaping hole in your network? Here's more from the release. Consultation open on Responsible Disclosure Guidelines Posted: 8 November 2013 Today the New Zealand Internet Task Force (the NZITF) has released draft guidelines on responsible disclosure. These guidelines will help security researchers and organisations that operate ICT systems to work together to identify, understand and fix security vulnerabilities in New Zealand websites and ICT systems. We are seeking your views on these draft guidelines to make sure that they are high quality and provide useful guidance on the aspects of responsible disclosure that need covering. We welcome any comments or suggestions that you have on how the guidelines could be improved. We would also like to hear from you if your organisation is interesting in being named as a third party for finders to contact and act as an intermediary between them and the ICT owners that they deal with. The guidelines are available for download at http://nzitf.org.nz/files/NZITF_Draft_Responsible_Disclosure_Guidelines.pdf Submissions should be sent, by email, to consult(a)nzitf.org.nz  by Sunday 22 December (please include the words "guidelines submission" in the subject header). On Thu, Nov 21, 2013 at 12:04 PM, Tim Hoffman wrote:

...

This is vaguely operational and fairly amusing - one of our friendly LFC’s might want to sort their…ahem….levels of security fail!

https://www.google.co.nz/search?q=inurl%3A%2F%2Fhttp%3A%2F%2Fwww.ultrafastfibre.co.nz%2Ffiles%2F+agreement+&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a&gfe_rd=cr&ei=axCMUoHzK6SN8QeI9YDQBQ

And to keep it on topic - beer!

Cheers, —hoff

<views do not represent anyone I may or may not work for etc etc> _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog

David Robinson

5:44 a.m.

Also with the Responsible Disclosure these draft guidelines were presented at Kiwicon and the audio for that presentation is here http://www.scmagazine.com.au/News/363991,kiwis-ink-bug-reporting-guidelines.... On 22 November 2013 08:59, Dean Pemberton wrote:

...

On the topic of highlighting security issues in a public forum...

The NZITF has just released a consultation draft of some guidelines around responsible disclosure.

PLEASE have a read and provide feedback. I'm also looking at presenting these in a form relevant to Network Operators at the conference. ie, How would you like Security Researchers to treat you when they find the next gaping hole in your network?

Here's more from the release.

Consultation open on Responsible Disclosure Guidelines

Posted: 8 November 2013

Today the New Zealand Internet Task Force (the NZITF) has released draft guidelines on responsible disclosure. These guidelines will help security researchers and organisations that operate ICT systems to work together to identify, understand and fix security vulnerabilities in New Zealand websites and ICT systems.

We are seeking your views on these draft guidelines to make sure that they are high quality and provide useful guidance on the aspects of responsible disclosure that need covering.

We welcome any comments or suggestions that you have on how the guidelines could be improved. We would also like to hear from you if your organisation is interesting in being named as a third party for finders to contact and act as an intermediary between them and the ICT owners that they deal with.

The guidelines are available for download at http://nzitf.org.nz/files/NZITF_Draft_Responsible_Disclosure_Guidelines.pdf

Submissions should be sent, by email, to consult(a)nzitf.org.nz by Sunday 22 December (please include the words "guidelines submission" in the subject header).

On Thu, Nov 21, 2013 at 12:04 PM, Tim Hoffman wrote:

...
This is vaguely operational and fairly amusing - one of our friendly LFC’s might want to sort their…ahem….levels of security fail!

https://www.google.co.nz/search?q=inurl%3A%2F%2Fhttp%3A%2F%2Fwww.ultrafastfibre.co.nz%2Ffiles%2F+agreement+&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a&gfe_rd=cr&ei=axCMUoHzK6SN8QeI9YDQBQ

And to keep it on topic - beer!

Cheers, —hoff

<views do not represent anyone I may or may not work for etc etc> _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog

NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog

4049

Age (days ago)

4050

Last active (days ago)

List overview

Download

6 comments

6 participants

participants (6)

David Robinson
Dean Pemberton
Don Stokes
Tim Hoffman
Tim Price
Tristram Cheer