Feeds

NZ blogger names source for data leak tipoff

Kiwi self-serve privacy outrage continues

Intelligent flash storage arrays

Blogger Keith Ng, who went public over the deeply-careless kiosk implementation in New Zealand’s Ministry of Social Development job-seeker kiosks, has named the man that gave him the tip-off as Ira Bailey.

The revelation, which Ng writes was made with Bailey’s permission, adds a certain spice to the story, since Bailey is an activist who was arrested in 2007 as part a series of raids over “terrorist” camps in New Zealand’s Urewera Ranges. Charges were not pursued.

Ng states that Bailey had asked the MSD whether it offered any kind of “bug-bounty”, and denies that this inquiry amounted to a “demand” for money.

While not describing the request as a demand, ministry CEO Brendan Boyle said yesterday that “He indicated he would be prepared to co-operate with us if there was a reward for providing information. We made it very clear we didn’t provide money in situations like that.”

According to Ng, Bailey discovered the security vulnerability while trying to work out why a kiosk didn’t load his USB key: “he had a poke around the file system to find it – and found the giant vulnerability instead”.

The kiosks were installed by Dimension Data, which earlier this year reportedly conducted an audit of the system.

While calling the privacy breach “totally unacceptable”, NZ prime minister John Key has lashed out at Bailey, saying in a television interview that Bailey should have identified the kiosks as vulnerable when he first contacted the ministry.

The political row over the privacy breach seems certain to widen, since the security of government information has been a sore point for some time. In 2009, that country's Privacy Commissioner criticized the security of citizens' information across a range of departments.

New Zealand's Accident Compensation Corporation is under siege after last year releasing thousands of customer records by accident. ®

Top 5 reasons to deploy VMware with Tegile

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.