Gordon Campbell | Parliament TV | Parliament Today | Video | Questions Of the Day | Search

 


Labour alerts Justice Ministry to gaping security hole

Clare
CURRAN
Communications and IT Spokesperson

9 April 2013 MEDIA STATEMENT

Labour alerts Justice Ministry to gaping security hole in its website
Labour’s Information Technology spokesperson, Clare Curran, has today alerted the Ministry of Justice of a serious security flaw in its website.

The vulnerability leaves the personal and financial details of tens of thousands of New Zealanders potentially exposed, and might allow a malicious person to redirect payments to and from members of the public.

“This is a very serious matter. This is yet another gaping hole in the security of a major government site, with privacy and financial implications for a huge number of people,” says Clare Curran.

The security flaw allows access to Ministry of Justice passwords and databases, via a publicly accessible search engine on its website.

“The Ministry of Justice holds incredibly sensitive data – including information about the victims of crime. The Government has a fundamental duty to protect that information. This flaw, if exploited, could have a devastating effect on thousands of people.

“Earlier today I wrote to the Ministry of Justice, the Minister Judith Collins and the Privacy Commissioner alerting them to the issue, which must be addressed urgently.

“This matter was brought to my attention by a whistle-blower. That person has agreed to help the Ministry of Justice in any way they can to ensure the security flaw is fixed.

“This is the latest in a disturbingly long line of information technology security flaws and privacy breaches. There is clearly a major systemic problem with IT security.

“In the past two years more than 100,000 Kiwis have had their privacy breached by government agencies, including the ACC, MSD, IRD and EQC. This is an issue of public trust and confidence in government systems.

“The National Government needs to treat this matter with the seriousness it deserves, and stop hiding behind human error as an excuse for not protecting people’s private information,” says Clare Curran



Ministry of Justice security flaw Q and A

What is the nature of the security flaw?
The flaw allows access to what appears to be Ministry of Justice databases covering licences and fines. Those databases would likely include the personal details of many victims of crimes.

Access to the page containing passwords for the databases was found via a publicly accessible part of the Ministry of Justice website.

How serious is this vulnerability?
This is a serious flaw. The passwords were contained in a plain text file, and those passwords could be used to access incredibly sensitive information, and could potentially allow someone to alter fines payments and financial records.

The MoJ website is very vulnerable to anyone who is serious about trying to break into it. The MoJ website’s security is nowhere near an acceptable standard.

Potentially how many people’s information is at risk because of this problem?
That is not clear. But the databases in question could include information about people that the Courts have imposed a fine upon, and any victim of crime that is receiving reparations. At the very least the databases also hold the details of those with licences issued by the Ministry of Justice.

How did Clare Curran become aware of the issue?
Clare Curran was contacted by a concerned member of the public, who identified the vulnerability. That person contacted her in the hope that she could help expose the problem and get it fixed.

The whistle-blower did NOT access the Ministry databases, but did view the plain text file that contained the passwords. This confirmed the seriousness and extent of the security issue. This file has been passed on to the Ministry of Justice.

Clare Curran will not be publicly identifying her source, but they have agreed to help the Ministry of Justice to address this problem.


© Scoop Media

 
 
 
 
 
Parliament Headlines | Politics Headlines | Regional Headlines

Gordon Campbell: On Drone Strikes And Judith Collins‘ Last Stand

The news that a New Zealand citizen was killed last November in a US drone attack in Yemen brings the drones controversy closer to home.

To the US, drones are a legitimate response to the threat posed by the al Qaeda organisation and its franchisees... To the US, the drones carry the added advantage of not putting US troops at risk on the ground, and minimises the need for putting them in large numbers in bases in the countries concerned, always a politically sensitive point.

The counter-argument, well articulated by security analyst Paul Buchanan on RNZ this morning, is that this particular drone attack can be said to amount to an extra-judicial execution of a New Zealand citizen by one of our military allies, in circumstances where the person concerned posed no threat to New Zealand’s domestic security. More>>

 

Parliament Today:

Policies: Labour’s Economic Upgrade For Manufacturing

Labour Leader David Cunliffe has today announced his Economic Upgrade for the manufacturing sector – a plan that will create better jobs and higher wages. More>>

ALSO:

Gordon Campbell: On The Life And ACC Work Of Sir Owen Woodhouse

With the death of Sir Owen Woodhouse, the founding father of the Accident Compensation Scheme, New Zealand has lost one of the titans of its post-war social policy. More>>

ALSO:

Bad Transnationals: Rio Tinto Wins 2013 Roger Award

It won the 2011 Roger Award and was runner up in 2012, 2009 and 08. One 2013 nomination said simply and in its entirety: “Blackmailing country”... More>>

ALSO:

Select Committees: Tobacco Plain Packaging Hearings

The Stroke Foundation is today backing the Cancer Society and Smokefree Coalition who are making oral submissions to the Health Select Committee in support of proposed legislation to remove of all branding from tobacco products. More>>

ALSO:

Milk: Oravida Asked For Cabinet Help

New evidence released by New Zealand First today reveals Justice Minister Judith Collins used her position to manipulate the Government to help her husband’s company, Oravida, after the Fonterra botulism scare, says New Zealand First Leader Rt Hon Winston Peters. More>>

ALSO:

With Conditions: Ruataniwha Consents Approved In Draft Decision

The Tukituki Catchment Proposal Board of Inquiry has granted 17 resource consents relating to the $265 million Ruataniwha Water Storage Scheme in a draft decision that would open more of the Hawke’s Bay to irrigation. More>>

ALSO:

Fast Lanes, Campervans: Labour 'Making The Holidays Easier For Kiwi Drivers'

The next Labour Government will make the holidays easier and journeys quicker for Kiwi families driving on the roads, says Labour Leader David Cunliffe. More>>

ALSO:

Gordon Campbell: On Royalty And Its Tourism Spin-Offs

Ultimately the Queen’s longevity has been one of her most significant accomplishments. A transition to Prince Charles while the monarchy was in the pits of public esteem in the mid to late 1990s would have been disastrous for the Royal Firm. Far more congenial representatives have now emerged... More>>

ALSO:

Privacy (Again): ACC Demands Excessive Privacy Waivers

Labour: “This is just another example of ACC under National deliberately acting to deny treatment and compensation... Those who did fill in the form have effectively been victims of yet another ACC privacy breach. This time Judith Collins knew it was happening..." More>>

ALSO:

Get More From Scoop

 

LATEST HEADLINES

 
 
 
 
 
 
Parliament
Search Scoop  
 
 
Powered by Vodafone
NZ independent news