Security Issue
I have just moved to Reckon Accounts Hosted and found a security issue which the phone support people werent that fussed about. I shared my file with another user, which creates a new shared folder, and gives both me and the other user access to the folder, and it then moves my Reckon file into that new folder. Trouble is, I can then browse and see all the other shared folders, including the company names which have been appended to the shared folders? Major breach of the Privacy Act and a serious security issue. (if you dont understand either issue or why, the dont bother commenting) ACL"s apply but thats not the issue.
Comments
-
Neville
Could you please elaborate on what you are seeing and what actions (if any) you are taking to see the additional folders. Reason for asking is that when I have shared files the only other shared with my clients' accountants are "my files". I can't see any files which belong to the accountants.
thanks
0 -
Your file has a password. What more security do you want?
1 -
you obviously have no concept of IT security/privacy act! which is why I stated that if you dont understand why this is an issue, then dont bother commenting.
1 -
example of what I can see. This is a major breach of the Privacy Act. My reason for posting this issue here, is that I have reported it to Reckon who didnt really give a damn, which is a concern. This is a really simple issue to resolve, which would provide additional security and privacy to our data. Had Reckon shown some actual concern when I raised this with them, I wouldnt be posting this publicly here.
~Admin edit: Removed screenshot
0 -
Neville
I have been able to replicate the situation you have described. From my perspective - client data is still secure because I don't have the authorisation to access the individual directories and the data file itself is password protected.
However, like you, I would have thought that a listing of clients is a breach of the Privacy Act. I'm no expert here, so I have no feel at what end of the scale such a breach would be.
@Rav - would you please review and advise.
0 -
You're making a mountain out of a molehill. Particularly seeing as you're only incensed about this because the level 1 helpdesk agent you spoke to doesn't give you the answer you were looking for.
You can't access anyone's data. What specifically in the Privacy Act has been breached here? (Genuine question)
Out of curiosity, you say it's a simple fix. Does that mean to say you explicitly 'know' how to 'fix' this?
1 -
incensed? no. Amazed that a company the size of Reckon doesnt see the issue, yes. I didnt expect the level 1 helpdesk agent to give me any answer, i merely expected him to report it as he should have, but he didnt. And if you need to ask what in the Privacy Act has been breached then you should just keep moving and not comment.
0 -
thanks Rav. appreciated
0 -
You stated the act has been breached. Either answer the question or SIT DOWN
0 -
wow, someone didn't take their happy pills this morning did they....and capitalisation as well, that's going a bit far don't you think
0 -
Alright, there's no need for this to go any further. Lets just cool it here please guys.
2 -
Nev mate, either answer the question or either go away. What authority are you relying on to say that the privacy act has been breached? Happiness is an illusion son. You need to embrace the misery.
0 -
- Its my post. I dont have to justify my posts, answer your questions nor go away. But just to humour someone who seems to need it...
- Post Grad in Computer Investigations, Degree in Computer Science, IT Security Manager for a major Government Department for 7 years, written IT Security Policies for multiple Government Departments, own and run an IT security company specialising in IT security audits where I am the lead auditor, conducted investigations for a state government Privacy Commissioner, advised a state government auditor general on IT security. (i think that will do) currently hold multiple state gov contracts which include advising on Privacy Act compliance.
- IT security encompasses the Privacy Act and its compliance.
- recognised in court (all levels) as an expert witness in respect to IT security and Privacy.
So under what authority is someone like you even have a right to question what I have posted.
0 -
Nev son, you mentioned privacy breaches. Put up or jog on. For what it's worth, youre not impressing me.
0
