Feeds

NZ blogger names source for data leak tipoff

Kiwi self-serve privacy outrage continues

Choosing a cloud hosting partner with confidence

Blogger Keith Ng, who went public over the deeply-careless kiosk implementation in New Zealand’s Ministry of Social Development job-seeker kiosks, has named the man that gave him the tip-off as Ira Bailey.

The revelation, which Ng writes was made with Bailey’s permission, adds a certain spice to the story, since Bailey is an activist who was arrested in 2007 as part a series of raids over “terrorist” camps in New Zealand’s Urewera Ranges. Charges were not pursued.

Ng states that Bailey had asked the MSD whether it offered any kind of “bug-bounty”, and denies that this inquiry amounted to a “demand” for money.

While not describing the request as a demand, ministry CEO Brendan Boyle said yesterday that “He indicated he would be prepared to co-operate with us if there was a reward for providing information. We made it very clear we didn’t provide money in situations like that.”

According to Ng, Bailey discovered the security vulnerability while trying to work out why a kiosk didn’t load his USB key: “he had a poke around the file system to find it – and found the giant vulnerability instead”.

The kiosks were installed by Dimension Data, which earlier this year reportedly conducted an audit of the system.

While calling the privacy breach “totally unacceptable”, NZ prime minister John Key has lashed out at Bailey, saying in a television interview that Bailey should have identified the kiosks as vulnerable when he first contacted the ministry.

The political row over the privacy breach seems certain to widen, since the security of government information has been a sore point for some time. In 2009, that country's Privacy Commissioner criticized the security of citizens' information across a range of departments.

New Zealand's Accident Compensation Corporation is under siege after last year releasing thousands of customer records by accident. ®

Internet Security Threat Report 2014

More from The Register

next story
FYI: OS X Yosemite's Spotlight tells Apple EVERYTHING you're looking for
It's on by default – didn't you read the small print?
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
Edward who? GCHQ boss dodges Snowden topic during last speech
UK spies would rather 'walk' than do 'mass surveillance'
Microsoft pulls another dodgy patch
Redmond makes a hash of hashing add-on
'LulzSec leader Aush0k' found to be naughty boy not worthy of jail
15 months home detention leaves egg on feds' faces as they grab for more power
China is ALREADY spying on Apple iCloud users, claims watchdog
Attack harvests users' info at iPhone 6 launch
Carders punch holes through Staples
Investigation launched into East Coast stores
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.