back to article NZ government network leaking data like a sieve

A row has broken out in New Zealand after a blogger exposed serious security flaws in that country’s job-seeker network. The blogger, Keith Ng, demonstrated that public job-seeker kiosks had unauthenticated access to the corporate network of the Ministry of Social Development (MND). His posting raised concerns that attackers …

COMMENTS

This topic is closed for new posts.
Anonymous Coward

NZ

New Zealand still exists as if it were the 1950's, no wonder they get a bit flummoxed where technology is concerned, first Dotcom, now this, and with the Prime Minister asking why he needed to put a password on his email, there was a look of amazement on his face.

'Do you mean I don't have to put any stamps on the envelope?' He said gazing at the screen.

'And what's that beige box next to the telly that's whirring?' He asked.

Yes 1950's.

3
7
Anonymous Coward

Re: NZ

Well I would take that as an improvement to [INSERT COUNTRY HERE]. Here they would lock him up and throw away they key. How dare someone highlight a governmental screwup.

Anon for good reason

0
0
Silver badge

Not as bad as reported

The leak only affects a minority of NZ's population.

No sheep's details were revealed

7
3

it's MSD not MND

Meanwhile, Institute of IT Professionals New Zealand chief executive Paul Matthews says MSD's security woes appear to go far beyond the kiosks:

"As well as the clear issues of placing a publicly accessible system on an internal network containing highly sensitive data, the fact that any computer on the network can seemingly openly access these types of files points to a potential widespread systemic failure of IT security and governance."

4
0
Big Brother

Ministry of Social Development

Is it just me, or does Ministry of Social Development sound like just the sort of name that George Orwell might have come up with?

3
0

Re: Ministry of Social Development

we also have the GCSB (Dotcom spies) and MoBIE (otherwise known as Ministry of Bloody EverythIng)

0
0
Silver badge

Again, is it only me?

Or is there an extreme lack of basic security administration knowledge amongst government employed Kiwi sysadmins?

0
2
Anonymous Coward

Re: Again, is it only me?

Anyone wanting decent pay based on actual ability leaves the country.

Seriously.

0
0
Alert

Re: Again, is it only me?

Really?

You think NZ has a monopoly on inept government contractors?

WOW.

The only reason this came to light was because they connected a kiosk to it. What is crazier is that all users inside their network could see everything about everyone, including the setup scripts for the VM's used. Probably have for a long time.

The whole network was basically one giant shared drive.

0
0
Silver badge

Re: Again, is it only me?

Don't knock it - government incompetence is the only real defence against them.

0
0
Silver badge
FAIL

They must be using the ultra reliable ...

Cisco equipment ... made in China, just like Huawei and ZTE.

0
0
Meh

kinda of explains...

...why all the competent and accomplised kiwi i.t pros iv'e met all work in aus. i guess a brain drain will do that to your skill base. im not sure which way i feel about Mr. Ng's actions morally, however i'm all about naming and shaming idiots who insist on poor i.t practice and get paid in six figures. i assume that's the pay grade for manager in a ministry department.

0
0
Silver badge

It keeps happening

Given the number of incidents of this type over the years, there seem to be many skilled amateur penetration and security testers out there. (Also, many clueless software developers). Why don't they just hire them on a short term contract with low basic salary and big bonuses for every flaw they find? If it's important enough to spend money on, then spend a bit more to find the faults.

0
0
Anonymous Coward

MND?

More like MSD than MND (what does MND stand for??). Blooming TLA´s all over the place.

Anonymous ´cause I´m posting from the great white whale across the road that is MOBY

0
0
Bronze badge
Thumb Up

Good response by minister

Admit fault, crack on with getting it fixed, make world a better place.

Keith Ng is a serious tech & social blogger, has been for years, not some skiddie or look-at-me-I-can-haxor type. Throwing the rulebook at him would be a traversty - you want these people on your side.

0
0
This topic is closed for new posts.

Forums