Gordon Campbell | Parliament TV | Parliament Today | Video | Questions Of the Day | Search

 


Labour alerts Justice Ministry to gaping security hole

Clare
CURRAN
Communications and IT Spokesperson

9 April 2013 MEDIA STATEMENT

Labour alerts Justice Ministry to gaping security hole in its website
Labour’s Information Technology spokesperson, Clare Curran, has today alerted the Ministry of Justice of a serious security flaw in its website.

The vulnerability leaves the personal and financial details of tens of thousands of New Zealanders potentially exposed, and might allow a malicious person to redirect payments to and from members of the public.

“This is a very serious matter. This is yet another gaping hole in the security of a major government site, with privacy and financial implications for a huge number of people,” says Clare Curran.

The security flaw allows access to Ministry of Justice passwords and databases, via a publicly accessible search engine on its website.

“The Ministry of Justice holds incredibly sensitive data – including information about the victims of crime. The Government has a fundamental duty to protect that information. This flaw, if exploited, could have a devastating effect on thousands of people.

“Earlier today I wrote to the Ministry of Justice, the Minister Judith Collins and the Privacy Commissioner alerting them to the issue, which must be addressed urgently.

“This matter was brought to my attention by a whistle-blower. That person has agreed to help the Ministry of Justice in any way they can to ensure the security flaw is fixed.

“This is the latest in a disturbingly long line of information technology security flaws and privacy breaches. There is clearly a major systemic problem with IT security.

“In the past two years more than 100,000 Kiwis have had their privacy breached by government agencies, including the ACC, MSD, IRD and EQC. This is an issue of public trust and confidence in government systems.

“The National Government needs to treat this matter with the seriousness it deserves, and stop hiding behind human error as an excuse for not protecting people’s private information,” says Clare Curran



Ministry of Justice security flaw Q and A

What is the nature of the security flaw?
The flaw allows access to what appears to be Ministry of Justice databases covering licences and fines. Those databases would likely include the personal details of many victims of crimes.

Access to the page containing passwords for the databases was found via a publicly accessible part of the Ministry of Justice website.

How serious is this vulnerability?
This is a serious flaw. The passwords were contained in a plain text file, and those passwords could be used to access incredibly sensitive information, and could potentially allow someone to alter fines payments and financial records.

The MoJ website is very vulnerable to anyone who is serious about trying to break into it. The MoJ website’s security is nowhere near an acceptable standard.

Potentially how many people’s information is at risk because of this problem?
That is not clear. But the databases in question could include information about people that the Courts have imposed a fine upon, and any victim of crime that is receiving reparations. At the very least the databases also hold the details of those with licences issued by the Ministry of Justice.

How did Clare Curran become aware of the issue?
Clare Curran was contacted by a concerned member of the public, who identified the vulnerability. That person contacted her in the hope that she could help expose the problem and get it fixed.

The whistle-blower did NOT access the Ministry databases, but did view the plain text file that contained the passwords. This confirmed the seriousness and extent of the security issue. This file has been passed on to the Ministry of Justice.

Clare Curran will not be publicly identifying her source, but they have agreed to help the Ministry of Justice to address this problem.


© Scoop Media

 
 
 
 
 
Parliament Headlines | Politics Headlines | Regional Headlines

Digital Evolution: Scoop Independent News Launches "Operation Chrysalis"

From today Scoop is beginning a process of public consultation with the political, business and civil society groups it has served for the past 15 and a half years.

"It is hoped that in time - with new leadership and increased community engagement - the chrysalis will incubate a new kind of Scoop, one which can sustainably continue Scoop's Mission 'to be an agent of positive change'", says Scoop Founder, Editor and Publisher Alastair Thompson.

"As big publishing shrivels, public participation in contributing and spreading news has grown. Scoop has evolved with this wave by providing an independent platform, committed to upholding democracy, providing a voice to all, and providing the public easy access to information about decisions which affect them." More>>

 

Parliament Adjourns:

Greens: CAA Airport Door Report Conflicts With Brownlee’s Claims

The heavily redacted report into the incident shows conflicting versions of events as told by Gerry Brownlee and the Christchurch airport security staff. The report disputes Brownlee’s claim that he was allowed through, and states that he instead pushed his way through. More>>

ALSO:

TAIC: Final Report On Grounding Of MV Rena

Factors that directly contributed to the grounding included the crew:
- not following standard good practice for planning and executing the voyage
- not following standard good practice for navigation watchkeeping
- not following standard good practice when taking over control of the ship. More>>

ALSO:

Gordon Campbell:
On The Pakistan Schoolchildren Killings

The slaughter of the children in Pakistan is incomprehensibly awful. On the side, it has thrown a spotlight onto something that’s become a pop cultural meme. Fans of the Homeland TV series will be well aware of the collusion between sections of the Pakistan military/security establishment on one hand and sections of the Taliban of the other… More>>

ALSO:

Werewolf Satire:
The Politician’s Song

am a perfect picture of the modern politic-i-an:
I don’t precisely have a plan so much as an ambition;
‘Say what will sound most pleasant to the public’ is my main dictum:
And when in doubt attack someone who already is a victim More>>

ALSO:

Flight: Review Into Phillip Smith’s Escape Submitted To Government

The review follows an earlier operational review by the Department of Corrections and interim measures put in place by the Department shortly after prisoner Smith’s escape, and will inform the Government Inquiry currently underway. More>>

ALSO:

Intelligence: Inspector-General Accepts Apology For Leak Of Report

The Inspector-General of Intelligence and Security, Cheryl Gwyn, has accepted an unreserved apology from Hon Phil Goff MP for disclosing some of the contents of her recent Report into the Release of Information by the NZSIS in July and August 2011 to media prior to its publication. The Inspector-General will not take the matter any further. More>>

ALSO:

Drink: Alcohol Advertising Report Released

The report of the Ministerial Forum on Alcohol Advertising and Sponsorship has been released today, with Ministers noting that further work will be required on the feasibility and impact of the proposals. More>>

ALSO:

Other Report:

Leaked Cabinet Papers: Treasury Calls For Health Cuts

Leaked Cabinet papers that show that Government has been advised to cut the health budget by around $200 million is ringing alarm bells throughout the nursing and midwifery community. More>>

ALSO:

Get More From Scoop

 

LATEST HEADLINES

 
 
 
 
 
 
 
 
Parliament
Search Scoop  
 
 
Powered by Vodafone
NZ independent news