Gordon Campbell | Parliament TV | Parliament Today | Video | Questions Of the Day | Search

 


Labour alerts Justice Ministry to gaping security hole

Clare
CURRAN
Communications and IT Spokesperson

9 April 2013 MEDIA STATEMENT

Labour alerts Justice Ministry to gaping security hole in its website
Labour’s Information Technology spokesperson, Clare Curran, has today alerted the Ministry of Justice of a serious security flaw in its website.

The vulnerability leaves the personal and financial details of tens of thousands of New Zealanders potentially exposed, and might allow a malicious person to redirect payments to and from members of the public.

“This is a very serious matter. This is yet another gaping hole in the security of a major government site, with privacy and financial implications for a huge number of people,” says Clare Curran.

The security flaw allows access to Ministry of Justice passwords and databases, via a publicly accessible search engine on its website.

“The Ministry of Justice holds incredibly sensitive data – including information about the victims of crime. The Government has a fundamental duty to protect that information. This flaw, if exploited, could have a devastating effect on thousands of people.

“Earlier today I wrote to the Ministry of Justice, the Minister Judith Collins and the Privacy Commissioner alerting them to the issue, which must be addressed urgently.

“This matter was brought to my attention by a whistle-blower. That person has agreed to help the Ministry of Justice in any way they can to ensure the security flaw is fixed.

“This is the latest in a disturbingly long line of information technology security flaws and privacy breaches. There is clearly a major systemic problem with IT security.

“In the past two years more than 100,000 Kiwis have had their privacy breached by government agencies, including the ACC, MSD, IRD and EQC. This is an issue of public trust and confidence in government systems.

“The National Government needs to treat this matter with the seriousness it deserves, and stop hiding behind human error as an excuse for not protecting people’s private information,” says Clare Curran



Ministry of Justice security flaw Q and A

What is the nature of the security flaw?
The flaw allows access to what appears to be Ministry of Justice databases covering licences and fines. Those databases would likely include the personal details of many victims of crimes.

Access to the page containing passwords for the databases was found via a publicly accessible part of the Ministry of Justice website.

How serious is this vulnerability?
This is a serious flaw. The passwords were contained in a plain text file, and those passwords could be used to access incredibly sensitive information, and could potentially allow someone to alter fines payments and financial records.

The MoJ website is very vulnerable to anyone who is serious about trying to break into it. The MoJ website’s security is nowhere near an acceptable standard.

Potentially how many people’s information is at risk because of this problem?
That is not clear. But the databases in question could include information about people that the Courts have imposed a fine upon, and any victim of crime that is receiving reparations. At the very least the databases also hold the details of those with licences issued by the Ministry of Justice.

How did Clare Curran become aware of the issue?
Clare Curran was contacted by a concerned member of the public, who identified the vulnerability. That person contacted her in the hope that she could help expose the problem and get it fixed.

The whistle-blower did NOT access the Ministry databases, but did view the plain text file that contained the passwords. This confirmed the seriousness and extent of the security issue. This file has been passed on to the Ministry of Justice.

Clare Curran will not be publicly identifying her source, but they have agreed to help the Ministry of Justice to address this problem.


© Scoop Media

 
 
 
 
 
Parliament Headlines | Politics Headlines | Regional Headlines

Gordon Campbell:
On The Greens Proposal To Gradually Lift The Minimum Wage

Heading into the election home stretch, voters have a clear choice about the best way to help low and middle income New Zealanders. They can do so by gradually lifting the minimum wage (as the Greens propose) or by a small tax cut, as the government seems about to announce.

The minimum wage boost – by 75 cents an hour to $15 in December, and then by gradual annual increments to $18 an hour by 2017 – that the Greens are talking about is just one part of a packet of employment measures that would include scrapping youth rates and the 90 day trial period, introducing a redundancy package of four weeks, offsetting any abatement effect of the policy package for those receiving Working For Families, and finally… ditching the exception made by the government (during the Hobbit negotiations) for workers in the screen industry, which denies them normal workplace safeguards and entitlements. More>>

 

Parliament Today:

2014 General Election: Voting Period Begins

The first votes for the 2014 general election will be cast today, Wednesday 3 September, as advance voting begins ahead of election day on Saturday 20 September. More>>

ALSO:

Two Dead, One Injured: Suspect Charged After Ashburton Shooting

Russell John Tully has appeared in Christchurch District Court. Tully has been remanded in custody on charges of murder of Peg Noble and Leigh Cleveland and attempted murder of Lindy Curtis. More>>

ALSO:

John Key Press Conference: Ashburton Shootings, Judith Collins Inquiry

Prime Minister John Key has delayed the release of Nationals’ fiscal policy in light of this morning’s shooting at a Work and Income office in Ashburton... Key also answered questions about Judith Collins, and confirmed that independent inquiry will be held with regard to allegations made against Collins. More>>

ALSO:

Internet MANA: Georgina Beyer Rocks The Waka

“There is now, and always will be, a range of views about many issues within our movement and members are free to express them, but Georgina’s views on Kim Dotcom are not shared by the MANA Movement leadership or the vast majority of MANA members and supporters around the country” states MANA Candidate for Waiariki, Annette Sykes. More>>

ALSO:

IGIS Update: Inquiry Into Release Of NZSIS Information

The Inquiry would be conducted in private and individuals would appear before her separately over a period of more than a week. She does not intend to name those summoned to give evidence until her report is published. “I can confirm that all persons summoned will be required to appear under oath...” More>>

ALSO:

Gordon Campbell:
On John Key’s ‘Blame It On Judith’ Strategy

Right now, Prime Minister John Key seems intent on limiting the scope of any inquiry into his government’s dealings with Cameron Slater. The declared aim is to make that inquiry solely about Judith Collins’ behavior with respect to the Serious Fraud Office. More>>

ALSO:

Maori Council Lawyers' Statement: Supreme Court Decision On Maori Water Rights

“…the Supreme Court refused to give Pouakani people what they asked for, but may have given them something much, much better instead… the Supreme Court has questioned whether the Crown owns the River at all.” More>>

ALSO:

Gordon Campbell: On The Debate, And The Collins Accusation

Debating is a peculiar discipline in that what you say is less important than how you’re saying it. Looking poised, being articulate and staying on topic generally wins the day – and on that score, Labour leader David Cunliffe won what turned out to be a bruising encounter with Prime Minister John Key last night on TVNZ. More>>

ALSO:

Get More From Scoop

 

LATEST HEADLINES

 
 
 
 
 
 
 
 
Parliament
Search Scoop  
 
 
Powered by Vodafone
NZ independent news