Feeds

NZ blogger names source for data leak tipoff

Kiwi self-serve privacy outrage continues

Remote control for virtualized desktops

Blogger Keith Ng, who went public over the deeply-careless kiosk implementation in New Zealand’s Ministry of Social Development job-seeker kiosks, has named the man that gave him the tip-off as Ira Bailey.

The revelation, which Ng writes was made with Bailey’s permission, adds a certain spice to the story, since Bailey is an activist who was arrested in 2007 as part a series of raids over “terrorist” camps in New Zealand’s Urewera Ranges. Charges were not pursued.

Ng states that Bailey had asked the MSD whether it offered any kind of “bug-bounty”, and denies that this inquiry amounted to a “demand” for money.

While not describing the request as a demand, ministry CEO Brendan Boyle said yesterday that “He indicated he would be prepared to co-operate with us if there was a reward for providing information. We made it very clear we didn’t provide money in situations like that.”

According to Ng, Bailey discovered the security vulnerability while trying to work out why a kiosk didn’t load his USB key: “he had a poke around the file system to find it – and found the giant vulnerability instead”.

The kiosks were installed by Dimension Data, which earlier this year reportedly conducted an audit of the system.

While calling the privacy breach “totally unacceptable”, NZ prime minister John Key has lashed out at Bailey, saying in a television interview that Bailey should have identified the kiosks as vulnerable when he first contacted the ministry.

The political row over the privacy breach seems certain to widen, since the security of government information has been a sore point for some time. In 2009, that country's Privacy Commissioner criticized the security of citizens' information across a range of departments.

New Zealand's Accident Compensation Corporation is under siege after last year releasing thousands of customer records by accident. ®

Remote control for virtualized desktops

More from The Register

next story
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
You stupid BRICK! PCs running Avast AV can't handle Windows fixes
Fix issued, fingers pointed, forums in flames
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
The Heartbleed Bug: how to protect your business with Symantec
What happens when the next Heartbleed (or worse) comes along, and what can you do to weather another chapter in an all-too-familiar string of debilitating attacks?