Gordon Campbell | Parliament TV | Parliament Today | Video | Questions Of the Day | Search

 


Labour alerts Justice Ministry to gaping security hole

Clare
CURRAN
Communications and IT Spokesperson

9 April 2013 MEDIA STATEMENT

Labour alerts Justice Ministry to gaping security hole in its website
Labour’s Information Technology spokesperson, Clare Curran, has today alerted the Ministry of Justice of a serious security flaw in its website.

The vulnerability leaves the personal and financial details of tens of thousands of New Zealanders potentially exposed, and might allow a malicious person to redirect payments to and from members of the public.

“This is a very serious matter. This is yet another gaping hole in the security of a major government site, with privacy and financial implications for a huge number of people,” says Clare Curran.

The security flaw allows access to Ministry of Justice passwords and databases, via a publicly accessible search engine on its website.

“The Ministry of Justice holds incredibly sensitive data – including information about the victims of crime. The Government has a fundamental duty to protect that information. This flaw, if exploited, could have a devastating effect on thousands of people.

“Earlier today I wrote to the Ministry of Justice, the Minister Judith Collins and the Privacy Commissioner alerting them to the issue, which must be addressed urgently.

“This matter was brought to my attention by a whistle-blower. That person has agreed to help the Ministry of Justice in any way they can to ensure the security flaw is fixed.

“This is the latest in a disturbingly long line of information technology security flaws and privacy breaches. There is clearly a major systemic problem with IT security.

“In the past two years more than 100,000 Kiwis have had their privacy breached by government agencies, including the ACC, MSD, IRD and EQC. This is an issue of public trust and confidence in government systems.

“The National Government needs to treat this matter with the seriousness it deserves, and stop hiding behind human error as an excuse for not protecting people’s private information,” says Clare Curran



Ministry of Justice security flaw Q and A

What is the nature of the security flaw?
The flaw allows access to what appears to be Ministry of Justice databases covering licences and fines. Those databases would likely include the personal details of many victims of crimes.

Access to the page containing passwords for the databases was found via a publicly accessible part of the Ministry of Justice website.

How serious is this vulnerability?
This is a serious flaw. The passwords were contained in a plain text file, and those passwords could be used to access incredibly sensitive information, and could potentially allow someone to alter fines payments and financial records.

The MoJ website is very vulnerable to anyone who is serious about trying to break into it. The MoJ website’s security is nowhere near an acceptable standard.

Potentially how many people’s information is at risk because of this problem?
That is not clear. But the databases in question could include information about people that the Courts have imposed a fine upon, and any victim of crime that is receiving reparations. At the very least the databases also hold the details of those with licences issued by the Ministry of Justice.

How did Clare Curran become aware of the issue?
Clare Curran was contacted by a concerned member of the public, who identified the vulnerability. That person contacted her in the hope that she could help expose the problem and get it fixed.

The whistle-blower did NOT access the Ministry databases, but did view the plain text file that contained the passwords. This confirmed the seriousness and extent of the security issue. This file has been passed on to the Ministry of Justice.

Clare Curran will not be publicly identifying her source, but they have agreed to help the Ministry of Justice to address this problem.


© Scoop Media

 
 
 
 
 
Parliament Headlines | Politics Headlines | Regional Headlines

Half Empty: Dairy Prices Drop To Lowest Since August 2009

Dairy product prices fell to the lowest level in more than five years in the latest GlobalDairyTrade auction, led by declines in butter milk powder and whole milk powder.

”Stocks of dairy commodities are building across the globe due to Russia’s current ban on importing dairy products from many Western nations, and a lack of urgency from Chinese buyers, while at the same time global milk supplies are expanding,” AgriHQ dairy analyst Susan Kilsby said in a note. More>>

 

Slippage: NZ Universities Still In Top 3% Globally

This year the University of Auckland ranked 175 (down from 164 last year); the University of Otago ranked 251-275th (down from 226-250), both Victoria University of Wellington and the University of Canterbury held their ranks (at 276-300thand 301-350 respectively), while the University of Waikato dropped from 301-350 to 351-400. More>>

ALSO:

Gordon Campbell:
On The Last Rites For The TPP

The Trans Pacific Partnership trade deal is one of those litmus issues that has always had more to do with one’s place on the political spectrum than with any imminent reality... For the TPP’s friends and foes alike though, the end now seems nigh. More>>

Gordon Campbell: On The Farcical Elevation Of David Seymour

With the election won, it’s time to find jobs for the boy. David Seymour is the Act Party’s latest scrounger to be rewarded by the National Party, and not only with a seat in Parliament. More>>

ALSO:

As Key Mulls Joining ISIS Fighting: McCully Speech To UN Backs Security Council Bid

It is an honour to address you today on behalf of the Prime Minister and Government of New Zealand. Our General Election took place last week - our Prime Minister Rt Hon John Key is engaged in forming a government and that is why he is unable to be here in New York... More>>

ALSO:

Labour: Cunliffe Triggers Party Wide Leadership Contest

David Cunliffe has resigned as Labour Leader, but says he will seek re-election... If there is any contest the election will have to go through a process involving the party membership and union affiliates. More>>

ALSO:

Flyover Appeal: Progress And Certainty, Or Confusion And More Delays?

Lindsay Shelton: The Transport Agency, embarrassed by the rejection of its flyover alongside the Basin Reserve, says it’s appealing because the decision could “constrain progress.” Yet for most clear-sighted Wellingtonians a 300-metre-long concrete structure above Kent and Cambridge Terraces would in no way be seen as progress… More>>

ALSO:

Gordon Campbell: On Cunliffe’s Last Stand

Right now, embattled Labour leader David Cunliffe has three options. None of them are particularly attractive for him personally, or for the Labour Party... More>>

ALSO:

Key Seeking 'New Ideas': Look To Children’s Commissioner On Poverty - Greens

John Key should not reinvent the wheel when it comes to ideas for tackling child poverty, and instead look to the recommendations of the Children’s Commissioner’s Expert Group on Child Poverty, Green Party co-leader Metiria Turei says. More>>

ALSO:

Get More From Scoop

 

LATEST HEADLINES

 
 
 
 
 
 
 
 
Parliament
Search Scoop  
 
 
Powered by Vodafone
NZ independent news