Gordon Campbell | Parliament TV | Parliament Today | Video | Questions Of the Day | Search

 


Labour alerts Justice Ministry to gaping security hole

Clare
CURRAN
Communications and IT Spokesperson

9 April 2013 MEDIA STATEMENT

Labour alerts Justice Ministry to gaping security hole in its website
Labour’s Information Technology spokesperson, Clare Curran, has today alerted the Ministry of Justice of a serious security flaw in its website.

The vulnerability leaves the personal and financial details of tens of thousands of New Zealanders potentially exposed, and might allow a malicious person to redirect payments to and from members of the public.

“This is a very serious matter. This is yet another gaping hole in the security of a major government site, with privacy and financial implications for a huge number of people,” says Clare Curran.

The security flaw allows access to Ministry of Justice passwords and databases, via a publicly accessible search engine on its website.

“The Ministry of Justice holds incredibly sensitive data – including information about the victims of crime. The Government has a fundamental duty to protect that information. This flaw, if exploited, could have a devastating effect on thousands of people.

“Earlier today I wrote to the Ministry of Justice, the Minister Judith Collins and the Privacy Commissioner alerting them to the issue, which must be addressed urgently.

“This matter was brought to my attention by a whistle-blower. That person has agreed to help the Ministry of Justice in any way they can to ensure the security flaw is fixed.

“This is the latest in a disturbingly long line of information technology security flaws and privacy breaches. There is clearly a major systemic problem with IT security.

“In the past two years more than 100,000 Kiwis have had their privacy breached by government agencies, including the ACC, MSD, IRD and EQC. This is an issue of public trust and confidence in government systems.

“The National Government needs to treat this matter with the seriousness it deserves, and stop hiding behind human error as an excuse for not protecting people’s private information,” says Clare Curran



Ministry of Justice security flaw Q and A

What is the nature of the security flaw?
The flaw allows access to what appears to be Ministry of Justice databases covering licences and fines. Those databases would likely include the personal details of many victims of crimes.

Access to the page containing passwords for the databases was found via a publicly accessible part of the Ministry of Justice website.

How serious is this vulnerability?
This is a serious flaw. The passwords were contained in a plain text file, and those passwords could be used to access incredibly sensitive information, and could potentially allow someone to alter fines payments and financial records.

The MoJ website is very vulnerable to anyone who is serious about trying to break into it. The MoJ website’s security is nowhere near an acceptable standard.

Potentially how many people’s information is at risk because of this problem?
That is not clear. But the databases in question could include information about people that the Courts have imposed a fine upon, and any victim of crime that is receiving reparations. At the very least the databases also hold the details of those with licences issued by the Ministry of Justice.

How did Clare Curran become aware of the issue?
Clare Curran was contacted by a concerned member of the public, who identified the vulnerability. That person contacted her in the hope that she could help expose the problem and get it fixed.

The whistle-blower did NOT access the Ministry databases, but did view the plain text file that contained the passwords. This confirmed the seriousness and extent of the security issue. This file has been passed on to the Ministry of Justice.

Clare Curran will not be publicly identifying her source, but they have agreed to help the Ministry of Justice to address this problem.


© Scoop Media

 
 
 
 
 
Parliament Headlines | Politics Headlines | Regional Headlines

Gordon Campbell:
On The Team Behind Trump's Throne

Forget the Putin factor. Daily, the team of charlatans, bigots and stunningly ignorant crackpots that Trump is appointing to head key federal agencies is just as alarming. These are positions with vast power and budgetary discretion over policies that stand to affect tens of millions of vulnerable Americans. Sad! More>>

 

Gordon Campbell: On Bill English, Abroad

If David Cameron was the closest thing John Key had to a political mentor, their successors also share a whole lot in common. Theresa May and Bill English were both propelled into the top jobs as the result of unexpected resignations, and without much in the way of credible competition from their colleagues... More>>

ALSO:

Pike River: Labour Bill To Override Safety Act For Mine Entry

“Bill English has been hiding behind the legal excuse that any attempt to re-enter the mine to recover the bodies might place the mine’s owner, Solid Energy Limited, and its directors in breach of the Health and Safety at Work Act 2015." More>>

ALSO:

Gordon Campbell: On Populism And Labour 2017

For many people on the centre-left, populism is a dirty word, and a shorthand for the politics of bigotry. In this country, it has tended to be equated with the angry legions of New Zealand First. Who knew they were not just a reactionary spasm, but the wave of the future? More>>

Oxfam: 30% Of NZ Owns Less Wealth Than Our Two Richest Men

The research also reveals that the richest one per cent have 20 per cent of the wealth in New Zealand, while 90 per cent of the population owns less than half of the nation’s wealth. The research forms part of a global report released to coincide with this week’s annual meeting of political and business leaders at the World Economic Forum in Davos, Switzerland. More>>

ALSO:

Hospitals: Resident Doctors Set To Strike Again

Despite discussions between the DHBs and NZRDA over safer hours for resident doctors progressing during the last week, the strike planned for next week appears set to proceed. More>>

ALSO:

Not So Super Fund: More Burning Ethical Questions For Steven Joyce

Greens: Radio New Zealand reported this morning that the New Zealand Superfund has $77 million invested in 47 coal companies that the Norwegian Government’s Pension Fund – the largest sovereign fund in the world – has blacklisted. More>>

Activism: Greenpeace Intercepts World’s Biggest Seismic Oil Ship

Greenpeace crew have made contact with the world’s biggest seismic oil ship after travelling 50 nautical miles on two rigid-hulled inflatables off the coast of Wairarapa... Greenpeace radioed the master of the Amazon Warrior to deliver an open letter of protest signed by over 60,000 New Zealanders. More>>

ALSO:

Gordon Campbell: Why Tax Cuts In 2017 Would Be A (Proven) Bad Idea

Ever since the world fell prey to the mullahs of the free market in the 1980s, no amount of real world evidence has managed dispel one key tenet of their economic faith. Namely, the idea that if you cut income taxes and taxes on small business, a wave of individual enterprise and entrepreneurial energy will thus be unleashed, profits will rise and – hey bingo! – the tax cuts will soon be paying for themselves ... More>>

Get More From Scoop

 

LATEST HEADLINES

 
 
 
 
 
 
 
 
Parliament
Search Scoop  
 
 
Powered by Vodafone
NZ independent news