Gordon Campbell | Parliament TV | Parliament Today | Video | Questions Of the Day | Search

 


Labour alerts Justice Ministry to gaping security hole

Clare
CURRAN
Communications and IT Spokesperson

9 April 2013 MEDIA STATEMENT

Labour alerts Justice Ministry to gaping security hole in its website
Labour’s Information Technology spokesperson, Clare Curran, has today alerted the Ministry of Justice of a serious security flaw in its website.

The vulnerability leaves the personal and financial details of tens of thousands of New Zealanders potentially exposed, and might allow a malicious person to redirect payments to and from members of the public.

“This is a very serious matter. This is yet another gaping hole in the security of a major government site, with privacy and financial implications for a huge number of people,” says Clare Curran.

The security flaw allows access to Ministry of Justice passwords and databases, via a publicly accessible search engine on its website.

“The Ministry of Justice holds incredibly sensitive data – including information about the victims of crime. The Government has a fundamental duty to protect that information. This flaw, if exploited, could have a devastating effect on thousands of people.

“Earlier today I wrote to the Ministry of Justice, the Minister Judith Collins and the Privacy Commissioner alerting them to the issue, which must be addressed urgently.

“This matter was brought to my attention by a whistle-blower. That person has agreed to help the Ministry of Justice in any way they can to ensure the security flaw is fixed.

“This is the latest in a disturbingly long line of information technology security flaws and privacy breaches. There is clearly a major systemic problem with IT security.

“In the past two years more than 100,000 Kiwis have had their privacy breached by government agencies, including the ACC, MSD, IRD and EQC. This is an issue of public trust and confidence in government systems.

“The National Government needs to treat this matter with the seriousness it deserves, and stop hiding behind human error as an excuse for not protecting people’s private information,” says Clare Curran



Ministry of Justice security flaw Q and A

What is the nature of the security flaw?
The flaw allows access to what appears to be Ministry of Justice databases covering licences and fines. Those databases would likely include the personal details of many victims of crimes.

Access to the page containing passwords for the databases was found via a publicly accessible part of the Ministry of Justice website.

How serious is this vulnerability?
This is a serious flaw. The passwords were contained in a plain text file, and those passwords could be used to access incredibly sensitive information, and could potentially allow someone to alter fines payments and financial records.

The MoJ website is very vulnerable to anyone who is serious about trying to break into it. The MoJ website’s security is nowhere near an acceptable standard.

Potentially how many people’s information is at risk because of this problem?
That is not clear. But the databases in question could include information about people that the Courts have imposed a fine upon, and any victim of crime that is receiving reparations. At the very least the databases also hold the details of those with licences issued by the Ministry of Justice.

How did Clare Curran become aware of the issue?
Clare Curran was contacted by a concerned member of the public, who identified the vulnerability. That person contacted her in the hope that she could help expose the problem and get it fixed.

The whistle-blower did NOT access the Ministry databases, but did view the plain text file that contained the passwords. This confirmed the seriousness and extent of the security issue. This file has been passed on to the Ministry of Justice.

Clare Curran will not be publicly identifying her source, but they have agreed to help the Ministry of Justice to address this problem.


© Scoop Media

 
 
 
 
 
Parliament Headlines | Politics Headlines | Regional Headlines

Open Source // Open Society - Full Coverage

War: What’s To Commemorate?

Gordon Campbell in Werewolf: It is easy to know what we don’t want to commemorate on Anzac Day this year...

In fact, is there anything that can be validly commemorated on this 100th anniversary of Gallipoli?

Beyond, that is, a fleeting sense of empathy with the thousands of soldiers killed or wounded on April 25 1915 and in the months thereafter, until the whole thing was finally called off in December 1915.

(Most of the New Zealand survivors were transferred to the trenches in France, and eventually to the battle of the Somme in 1916.) More>>

 

PARLIAMENT TODAY:

Gordon Campbell: On The Battle Obama Is Waging Over The TPP

For the past two and a half years, this column has been arguing that the fate of the Trans Pacific Partnership (TPP) deal will hinge on whether US President Barack Obama can win Trade Promotion Authority (TPA) from Congress... Last week, the White House finally, finally unveiled a draft TPA Bill. More>>

ALSO:

Greens: Govt Breaks Free Doctors Visit Promise To Kids

Documents obtained by the Green Party show that the Government decided to fund only 90 percent of doctors’ visits for children suffering from an injury in an attempt trim the cost of the so-called “free” visits. More>>

ALSO:

Other Wars: Extension Of NZDF Commitment In Afghanistan

The New Zealand Defence Force’s commitment of mentors and support staff to the Afghan National Army Officer Academy in Afghanistan has been extended out to December 2016, Defence Minister Gerry Brownlee says. More>>

PM's Press Conference: Auckland Property Prices Increasing "Too Rapidly"

John Key accepted that Auckland property prices 'are going up too rapidly” in a press conference held today in Wellington, however he said that this is not anything new. More>>

ALSO:

Press Conference: ANZAC PMs Concerned About ISIL Bringing The War Home

Prime Minister Key and Prime Minister Abbott spoke of the bond formed between Australia and New Zealand in the “baptism of fire” of Gallipoli. Abbott stated that New Zealand and Australia’s values and interests are linked, and this is reflected in the joint operation in Iraq which will begin shortly. More>>

ALSO:

GCSB's China Shopping: Key Damages China Relationship

Evidence that the Key Government recklessly approved a GCSB spying operation to intercept Chinese diplomatic communications between offices in Auckland will pointlessly damage our relationship with China, the Green Party said today. More>>

ALSO:

Gordon Campbell: On The Reserve Bank And Auckland Housing

The ‘crisis – what crisis?’ response by the government to the Auckland housing price bubble is no longer acceptable. So says Reserve Bank governor Grant Spencer... More>>

ALSO:

Troops Heading To Iraq: Government Must Come Clean On Deployment

New Zealanders deserve more than to hear about their troops’ deployment overseas from Australian media, Opposition Leader Andrew Little says. “News from Australia that Kiwi troops are on their way to Iraq this week is another example of the culture of secrecy and unknown protections around the deployment.” More>>

ALSO:

Image: Strikers And Protestors Join Outside McDonald's

A group of protestors took to McDonald’s Manners St today as a part of the international fast food workers day of action to end zero hour contracts. More>>

ALSO:

Get More From Scoop

 

LATEST HEADLINES

 
 
 
 
 
 
 
 
 
Parliament
Search Scoop  
 
 
Powered by Vodafone
NZ independent news