Unsecure website risks Ashley MoBIEson hack
26 August 2015
MEDIA STATEMENT
Unsecure website risks Ashley
MoBIEson hack
Experts have raised security concerns that vulnerabilities in MoBIE’s half million-dollar website could lead to a possible Ashley Maddison-style hack, says Labour’s Economic Development spokesperson David Clark.
“The real issue here is not what data is immediately available, but what connections this vulnerability opens up. Every security wall is critical. Once behind the veil, hackers can explore connections to other Government held-data.
“MoBIE has trusted IT connections into other Government agencies. Once inside the security perimeter, a hacker may roam around and explore other vulnerabilities undetected.
“New Zealanders need confidence that the private data they share with IRD is protected. The reality is that the Government can no longer be as confident of this as it once was.
“The new website uses SSL3 encryption as was done in the failed Ashley Madison website. That does not inspire confidence. Questions must also be asked about this and similar vulnerabilities in other parts of the MoBIE IT infrastructure.
“You would think $560,000 could
buy a secure website. But as usual Steven Joyce’s MoBIE
spend-ups raise more questions than answers. The Minister
has failed to provide a detailed breakdown of his spend on
the gold-plated site.
“This Government has form with
privacy breaches including IRD, Winz and ACC.
“Skimping on security and pimping on bling sounds like
another Ashley Madison tale. New Zealanders have the right
to expect higher standards from a Government they entrust
with their most valuable personal data,” David Clark
says.
ends