Gordon Campbell | Parliament TV | Parliament Today | Video | Questions Of the Day | Search

 


Labour alerts Justice Ministry to gaping security hole

Clare
CURRAN
Communications and IT Spokesperson

9 April 2013 MEDIA STATEMENT

Labour alerts Justice Ministry to gaping security hole in its website
Labour’s Information Technology spokesperson, Clare Curran, has today alerted the Ministry of Justice of a serious security flaw in its website.

The vulnerability leaves the personal and financial details of tens of thousands of New Zealanders potentially exposed, and might allow a malicious person to redirect payments to and from members of the public.

“This is a very serious matter. This is yet another gaping hole in the security of a major government site, with privacy and financial implications for a huge number of people,” says Clare Curran.

The security flaw allows access to Ministry of Justice passwords and databases, via a publicly accessible search engine on its website.

“The Ministry of Justice holds incredibly sensitive data – including information about the victims of crime. The Government has a fundamental duty to protect that information. This flaw, if exploited, could have a devastating effect on thousands of people.

“Earlier today I wrote to the Ministry of Justice, the Minister Judith Collins and the Privacy Commissioner alerting them to the issue, which must be addressed urgently.

“This matter was brought to my attention by a whistle-blower. That person has agreed to help the Ministry of Justice in any way they can to ensure the security flaw is fixed.

“This is the latest in a disturbingly long line of information technology security flaws and privacy breaches. There is clearly a major systemic problem with IT security.

“In the past two years more than 100,000 Kiwis have had their privacy breached by government agencies, including the ACC, MSD, IRD and EQC. This is an issue of public trust and confidence in government systems.

“The National Government needs to treat this matter with the seriousness it deserves, and stop hiding behind human error as an excuse for not protecting people’s private information,” says Clare Curran



Ministry of Justice security flaw Q and A

What is the nature of the security flaw?
The flaw allows access to what appears to be Ministry of Justice databases covering licences and fines. Those databases would likely include the personal details of many victims of crimes.

Access to the page containing passwords for the databases was found via a publicly accessible part of the Ministry of Justice website.

How serious is this vulnerability?
This is a serious flaw. The passwords were contained in a plain text file, and those passwords could be used to access incredibly sensitive information, and could potentially allow someone to alter fines payments and financial records.

The MoJ website is very vulnerable to anyone who is serious about trying to break into it. The MoJ website’s security is nowhere near an acceptable standard.

Potentially how many people’s information is at risk because of this problem?
That is not clear. But the databases in question could include information about people that the Courts have imposed a fine upon, and any victim of crime that is receiving reparations. At the very least the databases also hold the details of those with licences issued by the Ministry of Justice.

How did Clare Curran become aware of the issue?
Clare Curran was contacted by a concerned member of the public, who identified the vulnerability. That person contacted her in the hope that she could help expose the problem and get it fixed.

The whistle-blower did NOT access the Ministry databases, but did view the plain text file that contained the passwords. This confirmed the seriousness and extent of the security issue. This file has been passed on to the Ministry of Justice.

Clare Curran will not be publicly identifying her source, but they have agreed to help the Ministry of Justice to address this problem.


© Scoop Media

 
 
 
 
 
Parliament Headlines | Politics Headlines | Regional Headlines

Gordon Campbell: On The Tokenism Of New Zealand's Role Against Islamic State

To date, the Opposition has continued to occupy itself with the marginalia of the issue. E.g. whether Key did or didn’t know whether Barack Obama would be present at the US briefing last week on IS, or whether New Zealand’s military involvement is or isn’t already a fait accompli.

It might be better to tackle the issue, head on. Our contribution against IS will be to send SAS forces to train the Iraqis? That’s like offering trainers to General Custer just as the 7th cavalry reached the Little Big Horn.
More>>

 

Parliament Today:

Scoop Business: Shell And Todd Caught Drilling Without Approval

Multi-national oil company Shell’s New Zealand arm and local energy giant Todd Energy have breached the new law governing New Zealand’s Exclusive Economic Zone, the Environmental Protection Authority says in an Oct. 10 document released by the Green Party. More>>

ALSO:

Labour: Tea Breaks 'Gone By Lunch Time'

“How cynical that on the eve of Labour weekend, the National government is pushing through legislation that takes away the statutory right to tea and meal breaks along with collective bargaining protections, and makes vulnerable workers jobs even less secure." More>>

ALSO:

Gordon Campbell: On Pharmac, Gough Whitlam And Sleater-Kinney

We’re not at the outset of these negotiations. The outset was six years ago, and negotiators were hoping to have some sort of ‘framework’ deal finished in time for the APEC meeting in a few weeks’ time. These ‘extreme’ positions are what we’ve reached near the intended end of the negotiations… More>>

ALSO:

PM Of Many Hats: Questions, No Answers On Whale Oil

Dr RUSSEL NORMAN (Co-Leader – Green) to the Prime Minister: How many times since November 2008 has he spoken with blogger Cameron Slater on the phone and how many times, if any, has he texted him?
Rt Hon JOHN KEY (Prime Minister): None in my capacity as Prime Minister. More>>

ALSO:

Aussie Investigation Dropped: Call On Minister McCully To Pursue The Case Of Balibo Five

West Papua Action is deeply concerned at the lack of any clear outcome from the Australian Federal Police inquiry into the 1975 deaths of the ‘Balibo Five’ including NZ journalist Gary Cunningham. More>>

ALSO:

'Feed The Kids' Bill: Metiria Turei To Lead Fight On Feeding Hungry Children

Green Party Co-leader Metiria Turei is urging all political parties to support the Feed the Kids Bill which she inherited today from Mana leader Hone Harawira. More>>

ALSO:

Parliament Today: State Opening Of Parliament

The House sat at 10.30am on Tuesday before MPs were summoned to hear the Speech from the Throne in the Legislative Council Chamber. More>>

ALSO:

Tertiary Education: Students Doing It Tough As Fees Rise Again

The Government is making it increasingly difficult for Kiwis to gain tertiary education as fees continue to rise and access to student support becomes even more restricted, Labour’s Tertiary Education spokesperson Chris Hipkins says. More>>

ALSO:

Housing, Iraq: PM Press Conference – 20 October 2014

Prime Minister John Key met with press today to discuss:
• Housing prices and redevelopment in Auckland
• Discussions with Tony Abbott on the governmental response to ISIS, and New Zealand’s election to the UN Security Council More>>

ALSO:

Get More From Scoop

 

LATEST HEADLINES

 
 
 
 
 
 
 
 
Parliament
Search Scoop  
 
 
Powered by Vodafone
NZ independent news