This Blog Is Not For Reading

A blog, just like any blog, only more so

  • Subscribe

  • Categories

  • RSS Bob Jonkman’s Microblog

    • New note by bobjonkman 30 May 2023
      I'd be more inclined to say "people voting the way the polls said they should..."
    • bobjonkman repeated a notice by hubert 30 May 2023
      RT @hubert I have to laugh and shake my head at Smith calling it a "Miracle on the Praries". No, you were leading in the polls pretty much the whole time. You're in a strongly conservative province. I mean, if you're saying that it's a miracle that the majority of Albertans chose to ignore your […]
    • bobjonkman repeated a notice by blacksam 28 May 2023
      RT @blacksam I’ve been getting more into the game Gaslands with my son and also with adult friends. It’s a Mad Max-esque tabletop game where you’re expected to create your own game pieces by kitbashing with toy cars. I already have all the crafting, painting and 3d printing supplies I need from my other wargaming […]
    • Favorite 28 May 2023
      bobjonkman favorited something by blacksam: I’ve been getting more into the game Gaslands with my son and also with adult friends. It’s a Mad Max-esque tabletop game where you’re expected to create your own game pieces by kitbashing with toy cars. I already have all the crafting, painting and 3d printing supplies I need from […]
    • Favorite 28 May 2023
      bobjonkman favorited something by blacksam: Here are a couple more cars I've made for #gaslands
    • Favorite 28 May 2023
      bobjonkman favorited something by tobias: I'm in need of a little Nerd-Pr0n... what little useful thing comes into your mind as tool of at the Linux command line? Not a super-nerdy command to sophisticated resolve a problem, but a tool for actual problems that would also be useful for n00bs to take their fear about […]
    • bobjonkman repeated a notice by tobias 28 May 2023
      RT @tobias I'm in need of a little Nerd-Pr0n... what little useful thing comes into your mind as tool of at the Linux command line? Not a super-nerdy command to sophisticated resolve a problem, but a tool for actual problems that would also be useful for n00bs to take their fear about using the CLI?So […]
    • Favorite 23 May 2023
      bobjonkman favorited something by steve: From mcnees@mastodon.social on Mastodon: If you aren't too busy, take a minute to look through NASA's Project Apollo archive on Flickr. https://www. flickr.com/photos/projectapoll oarchive/albums This is a totally safe use of your time, you definitely won't look up two hours from now and ask where your morning went. Images: NASA
    • bobjonkman repeated a notice by geniusmusing 9 May 2023
      RT @geniusmusing @lnxw48a1 I have my own workaround for just this issue. I raise my hand to the "Stop/Hold" position. Get to a point where I can stop and leave myself a note on the next thing to do. Then let them interrupt me. I have even done this to my former boss and the […]
    • Favorite 9 May 2023
      bobjonkman favorited something by lnxw48a1: https://www.monkeyuser.com/2018/focus/ This is me.

Shutting down ServiceOntario kiosks could be Considered Harmful

Posted by Bob Jonkman on 9th November 2012

Service Ontario kiosk with "Temporarily shut down" notice

ServiceOntario kiosk

The Ontario government has announced it is shutting down the ServiceOntario kiosks.

Closing the kiosks won’t do any good if the web site is no better secured. ServiceOntario had control over the hardware and software running on the kiosks, but they have no control over the computers people use to access the ServiceOntario web site. User PCs will have all sorts of malware running on them, and malusers can far more easily spend time breaking into a web site than a kiosk. Unless ServiceOntario has much better security on their web site, it is far more vulnerable than a kiosk.

In his article Government to discontinue ServiceOntario kiosks, Sameer Vasta asks if the ServiceOntario web site is ready to pick up the slack. His conclusion is yes, and although the web site user experience could be improved, he considers closing the kiosks a prudent move. But if the kiosk interface was so much easier to use, then the web site could use that interface too. Security isn’t created by the user interface — security needs to be built into the servers. Malusers are unlikely to use the web interface to launch their attacks; they’ll have more sophisticated tools to try to break into the servers.

Of course, since the ServiceOntario web site was already in place while the kiosks were operational it has been a potential vector for attack all along. Closing the kiosks doesn’t increase that vulnerability. And the vulnerability that prompted the government to shut down the kiosks was card skimming, which is not an issue on a Web site accessed from home. But shutting down a fully managed kiosk to be replaced by home users’ PCs that are full of malware does not look like a prudent move to me.

However, it should be cheaper to manage security on one web site than on 72 kiosks. The government reports that shutting the kiosks will save taxpayers about $6.3 million in one-time upgrading costs and $2.2 million in annual maintenance costs. The Star reports that Minister of Government Services Harinder Takhar says the kiosks cost $4 million to deploy, and it will cost $250,000 to remove them.

And shutting down the kiosks has one other benefit: If a security breach occurs as a result of using our own computers then ServiceOntario has successfully shifted blame, hasn’t it? Surely there will be a disclaimer in the fine print on the website somewhere!

–Bob.


ServiceOntario kiosk "Permanently Closed" notice

“Permanently Closed” notice Service Ontario kiosk.

The picture above shows a ServiceOntario kiosk with a notice indicating the kiosk is temporarily shut down. A new notice has been posted, which reads:

ServiceOntario Kiosks Are Now Permanently Closed.

After a thorough investigation into the safety and security issues surrounding ServiceOntario kiosks, it has been decided to permanently shut down the network.

All former kiosk services are conveniently available online, including:

  • License plate sticker renewal
  • Address change
  • Driver abstract

Fermeture permanente des kiosques ServiceOntario.

À la suite d’une enquête approfondie sur les problèmes de sécurité survenus dans les kiosques ServiceOntario, il a été décidé de fermer le réseau de façon permanente.

Tous les services anciennement founis dal les kiosques son offerts en ligne, notamment les suivants:

  • Renouvellement de la vignette d’immatriculation
  • Changement d’addresse
  • Résumé de dossier de conducteur.

We look forward to serving you.
For these services, and more than 40 other online services, or for a complete list of our locations and available services, please visit ServiceOntario.ca

Au plaisir de vous servir.
Pour ces services, et plus de 40 autres services en ligne, ou la liste complète de nos centres et de leurs services, visitez ServiceOntario.ca

Images courtesy of lothlaurien.ca used under a CC BYCreative Commons Attribution 2.5 Canada License license.

Thanx to my friend RW for the idea for this post, and her contributions.

Tags: , , , , , , , , , , , , , , , , , , , , , , , , ,
Posted in considered harmful, Politics, security | 4 Comments »

 
Better Tag Cloud