Ira Bailey

October 16th, 2012 at 9:00 am by David Farrar

Keih Ng blogs:

The guy who tipped me off is . He was one of the Urewera 17. He currently works as a system administrator, has a young child, and is not interested in being the media limelight. That’s why he asked for anonymity.

Mr Bailey is not interested in publicity? This must be a recent thing, as he has sought it in the past.

He did not have any special access to the system – he just had half an hour to kill at a WINZ office.

So Bailey says he just happened to be at a WINZ office, and was bored.

He plugged in his USB drive and it didn’t appear, so he had a poke around the system to find it – and found the giant vulnerability instead.

Yeah, I plug in USB drives to computer terminals all the time.

I should make very clear that I think has acted entirely properly and ethically. He go told of a security breach, he investigated it, he took evidence to prove it, he notified and the Privacy Commissioner, he revealed the breach and handed all the data over to the Privacy Commissioner.

I also think Keith believes what Mr Bailey has told him. I’m just slightly more sceptical of the story that an experienced system admin just happens to be bored, at WINZ, and accidentally finds it. Especially when you consider what he then did.

He called MSD to ask if they had a reward system for reporting security vulnerabilities. This is not unusual practice, and it’s certainly not blackmail. Google and Facebook, for example, both pay for vulnerability reporting. It gives them a opportunity to close holes discretely, without causing embarrassment for their company.

Yes giant global tech companies have been known to have a reward system. I’ve never ever heard of a Govt Dept having such a system, and companies that do, tend to advertise the fact. I asked Keith if Baily asked for or suggested a specific amount, and he said no.

It is unfortunate Bailey thought his “accidental” half hour discovery was something MSD should pay for and did not do what Keith did, and just alert the Privacy Commissioner and publish what happened – either directly or via Keith.

MSD called Ira back two days later. They told Ira that they don’t pay for vulnerability reports. Ira told them he’d been talking to a journalist and the conversation didn’t go anywhere after that.

I’d be interested in details of that conversation. I’d also be interested in how after that MSD didn’t find the massive security hole. Whom was alerted to the request for payment?

Should he have reported the vulnerability, free of charge? Yeah, that would have been the selfless thing to do for the public good. But asking to be compensated for his troubles is not unreasonable, either. After all, it’s not as if the people MSD ended up relying on – KPMG – did it for free.

There is a difference between being asked to locate a vulnerability for a fee, and finding one and asking someone to pay you for it, or otherwise you’ll expose it in the media.

As I said I think Keith has acted entirely appropriately, and I’ve said so on radio – his actions has served the public interest. I’m reserving judgement on Bailey until I’ve heard more detail.

Tags: , ,

80 Responses to “Ira Bailey”

  1. davidp (3,540 comments) says:

    >I should make very clear that I think Keith Ng has acted entirely properly and ethically.

    I disagree. Bailey was essentially trying to blackmail MSD by threatening to publicise a vulnerability that might cost people their jobs unless he was paid. Ng should have revealed the fact that he was helping a blackmailer extract his utu in his initial report.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  2. Keeping Stock (10,100 comments) says:

    It would be interesting to know what was already on the USB drive that Bailey plugged in to the WINZ kiosk. Is it beyond the realm of the imagination that he was trying to introduce something FROM the USB stick TO the MSD computer system?

    It’s also interesting to note that in the Scoop profile on Mr Bailey at the time of his Urewera arrest that he is a friend of Nicky Hager, of the Don Brash e-mail saga infamy; how convenient.

    http://keepingstock.blogspot.co.nz/2012/10/so-many-questions.html

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  3. AG (1,777 comments) says:

    Why does it matter what Bailey’s (or Ng’s) motives were? Does it change the WINZ failings one little bit? And isn’t THAT the real story (along with the oversight failure that allowed them to occur)?

    Or, let’s say Bailey IS a no-good, blackmailing piece of shit. So what?

    [DPF: I'm not suggesting it changes the story. I've blogged and said on radio that the failure by MSD is huge, much more concerning than ACC, and in fact have said I expect sackings.

    But that doesn't mean the public don't deserve to know the full background to what happened. Thee nice thing with a blog is you have no space limits, so can cover multiple aspects to a story.]

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  4. tvb (4,203 comments) says:

    I was staggered at the range of information that was accessed. I would have thought it should have been fenced off. It seems all secret information is held in one place like an aladdins cave. Unbelievable. This is a hanging offence starting at the top. But watch them wheel up some middle ranking official and blame him or her.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  5. wreck1080 (3,730 comments) says:

    MSD should have paid — a thousand bucks to plug a hole which will save millions.

    This is not blackmail. He knew of a security flaw, notified msd that he could provide his services to identify this security hole for them.

    MSD probably paid Pricewaterhouse millions to do the same thing, yet, they detected nothing.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  6. Mark (1,360 comments) says:

    AG couldn’t agree with you more. Bailey’s motives are a sideline to the real issue is that MSD has a massive IT security failure. I am not particularly bothered as to what his motives were, I am a hell of a concerned that he was able to do what he did, and so easily.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  7. Pete George (22,827 comments) says:

    If Bailey was really motivated by money or publicity:
    - wouldn’t he have waited to hear back from MSD before going to Ng?
    - wouldn’t he have gone to media with much bigger pockets?
    - wouldn’t he have dragged out the revelations like on political hit jobs?
    - wouldn’t he have revealed his identity from the start?

    We can quibble about motives and methods but as others are saying the revelation of appalling data security is the big story here, and the responsible way the revelation has been handled by Ng and Bailey – Ira Bailey versus MSD.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  8. davidp (3,540 comments) says:

    wreck1080>This is not blackmail. He knew of a security flaw, notified msd that he could provide his services to identify this security hole for them.

    It isn’t the way we do things in NZ. If I’d visited a rellie in hospital, spent a few minutes wandering around the wards, and spotted some unsafe situation that might cost someone an injury or their life… then would the correct thing to do be:

    a) Tell the hospital staff so they can fix it; or

    b) Ring up MOH. Don’t describe the exact problem so it can be identified and fixed. Demand to be paid, otherwise I’ll tell Keith Ng so that he can do a report on unsafe conditions in hospitals and someone will end up losing their job.

    Telling the media isn’t blackmail. Asking for a reward and handing over detail of the vulnerability regardless isn’t blackmail. Asking for payment and threatening to go to the media unless you’re paid IS blackmail, and Keith Ng was an accessory.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  9. Mark (1,360 comments) says:

    Wreck has a good point also. WTF were PriceWaterhouseCoopers being paid for if they could not find such a fundamental hole in the system security. I would be fascinated to see what PWC was paid for their services in this area and to what benefit. Perhaps the government inquiry should extend to what PWC were contracted to do and what they achieved.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  10. Nostalgia-NZ (4,910 comments) says:

    So the leak is fine, the problem is actually Ira Bailey. Got it.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  11. Alan Johnstone (1,062 comments) says:

    Have these people never heard of vlans ?

    Whole thing is an epic fail.

    is this run internally or outsourced ?

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  12. petal (704 comments) says:

    Geez DPF, your fawning over him is awkward. You don’t have to stick the knife in, but your front-footed support and defence of him is … uncomfortable.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  13. Yvette (2,690 comments) says:

    Are the technicians now presumably working to fix the flaw working for free?
    Ira bailey and Keih Ng would probably like to know how much an hour these technicians are earning.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  14. BeaB (2,057 comments) says:

    I am sure that if he had been paid he would have still gone public and claimed he was given hush money. This guy is subversive with links to others who want to destabilise our society and its agencies. And who knows what inside assistance they were getting from disgruntled fellow travellers in the department who long for the return of their Labour mates to power?

    As well, once again we are shown what a crowd of incompetents we employ, at huge expense, in our public departments. If anything is an argument for privatisation, surely this debacle is.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  15. Manolo (13,363 comments) says:

    PWC will not come out smelling of roses after this gross failure. The company appears to have done a very poor job with its “security audit”.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  16. flipper (3,557 comments) says:

    The more this scab is picked, the more the sepsis is exposed.

    It is clear that the consultant employed by WINZ to find the “Hole” last year (their statement), did not do the job – or something was done to the system at a later date.

    That (Bailey’s) USB drive is not a good look since it may have contained the means by which Bailey and Ng gained entry. In other words the “Hole”.
    It is not quite black, but it is very, very murky.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  17. Doc (88 comments) says:

    Dear neighbour,
    I know you’re overseas on holiday, but I was poking around your place and noticed that your front door isn’t locked… If you flick me some cash, I’ll lock it for you… Otherwise I know some guys who will make it worth my while.
    Sincerely,
    Ira

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  18. Manolo (13,363 comments) says:

    Once a crook, always a crook. Bailey, Urewera terrorist, is a crook.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  19. Auberon (869 comments) says:

    Either that or someone with an axe to grind or political motives inside MSD opened the gate and called Ira Bailey and told him where to look. I wouldn’t be surprised if the gate wasn’t open with PWC went looking. And I expect the inquiry will tell us a lot more about this. It goes way beyond coincidence. In fact it stinks to high heaven.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  20. tristanb (1,133 comments) says:

    @Yvette and Wreck.
    It doesn’t matter how much they technicians are paid to fix the problem. (I’d guess any experienced network guy could fix the isolated problem in 20 minutes. And it’s a government agency, so they’ll be paying the technicians too much.) You can’t demand money when you discover a flaw – that’s not how it works. Besides, he wasn’t offering to fix the problem for a fee, he was offering to tell them about a problem which he accidentally discovered.

    If a parking warden notices the bonnet of your car is very loose, he might have saved you hundreds in repair costs, but a thank you is all that you owe him.

    Bailey’s demands show where his motives lie however. A greedy swindler, who’d rather try and make a quick buck than be honest and report the situation. He put his thirst for cash ahead of the privacy of the children and families whose details were out in the open. What a despicable person – he could have helped people, but he wanted dough.

    None of this should distract from the initial mistake, but from what I understand it is a very, very, very stupid mistake to make. Almost too stupid.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  21. lastmanstanding (1,204 comments) says:

    PWC and KPMG et al are a joke. They charge like wounded bulls and fail to deliver. Look at the finance company collaspes. These bozos provided the so called independent reports and valuations that turned out to be a cock of shit.

    Their reputations are shot thru. None of them should be allowed anywhere near MSD or any other government departments systems.

    What with ACC and now MSD the question is whose going to be next. You can bet your bottom dollar there are systems shot full of holes out there just waiting to be plundered.

    JK should order a complete review of all IT systems by proven independent parties. Otherwise the citizens can have no faith in any government IT system.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  22. macdee (29 comments) says:

    Auberon, I agree with you, there is more to this than meets the eye, especially as it was exposed just as Bennett announced her proposed child at risk data base and Adern was commenting in every interview that it was dodgy

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  23. BeaB (2,057 comments) says:

    Doc
    Well said. Every day I could go through my neighbours’ letterboxes and find out lots about them. I don’t. Neither do they.

    Shearer is building a ‘gotcha’ world and I don’t like it.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  24. Keeping Stock (10,100 comments) says:

    flipper said

    That (Bailey’s) USB drive is not a good look since it may have contained the means by which Bailey and Ng gained entry. In other words the “Hole”.
    It is not quite black, but it is very, very murky.

    Right on the money. A known activist with no need whatsoever to go into a WINZ office to access a computer (he works with computers FFS) goes into WINZ, logs in to a kiosk, inserts his USB drive and suddenly discovers a security breach…have I got a bridge for you! It’s just too convenient, especially when Bailey is a known associate of the likes of Valerie Morse and Nicky Hager. And don’t forget; his sister Emily was one of those convicted of firearms offences after the Urewera trial.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  25. labrator (1,750 comments) says:

    If Ira Bailey is such a nasty piece of work why didn’t he do more damage with the material available? He gave his name over freely and gave a return number. He could’ve easily collated the most sensitive bits of data and secretly sent that to whoever he felt like, including Shearer, Norman et al. and had the government running around in a mad fit trying to find out where this super sensitive stuff was coming from. The last place they would’ve looked was the Winz public kiosks that’s for sure.

    A malicious USB stick? Are you kidding? They used the file open dialog in Microsoft Word, they didn’t install a trojan. Go down to your local photo printing place, you can stick a USB stick in there too. Some people even store stuff, like, I don’t know, their CV on a USB stick, which is kind of what the whole point of the kiosk was for anyway, to get a job.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  26. campit (462 comments) says:

    Prime Minister John Key says Government chief information officer Colin MacDonald will conduct a Government-wide review of online information.

    Why online information? I would have thought a review of internal security would be in order. Why would the user account used at the kiosk have access to so many servers? Internally at MSD do staff have access to all servers, regardless of their role?

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  27. Kevin (1,122 comments) says:

    Yes the problem is when he got in there he only found information to back up the public criticism of the welfare gravy train.

    Nothing useful to the left except the fact that NZ government computer systems are NZ custom designed crap designed by ma and pa limited in a garage in taihape. Now tell us something we didn’t know.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  28. Dirty Rat (383 comments) says:

    I dont know whats worse

    The shocking exposure of personal information available through MSD, that even a two year old could access……

    or the hang , draw and quarter hatchet job on the one that discovered it.

    I guess if it were Whaleoil, like he did with the adserver hacking, you’d all be rubbing yourselves in babyoil and commenting on what a fine job that was done.

    WINZ = leaks, poor security, blame the left
    ACC = Leaks, poor security, blame Bronwyn Puller
    Secret Service = Leaks, poor security, blame DotCom or whoever

    A piss poor attempt at deflection

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  29. tristanb (1,133 comments) says:

    If Ira Bailey is such a nasty piece of work why didn’t he do more damage with the material available?

    Because he’s as stupid as he is greedy?

    I think his main motivation was money. That’s why he gave them his name, they can’t write a cheque to “anonymous blackmailer”. It was only when he realised the MSD wasn’t going to cave in to his extortion attempt that he clumsily gave the material to a blogger.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  30. hj (6,350 comments) says:

    Nicky Hager the objective journalist told us that affidavits don’t mean much with regard to the urewera molotov cocktail cricket club yet the sniff of any activity at Waihopai sends him into a fizz. So why does Radio NZ use him for comment. Wouldn’t Paul Buchanan be (a lot) better?

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  31. Kevin (1,122 comments) says:

    Nah it was political. These groups will have been trying to hack everything. I wonder how many times a day banks get attempted hackings?

    - but they are too secure.

    Then police – too secure :(

    … so they feed down the food chain until they manage to hack big fat slack old MSD. Bingo….oops …. no book for Hagar here, no brethren, WASPs or multinationals registered.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  32. PaulL (5,873 comments) says:

    Not convinced. Sure, there’s a mistake here. But it boils down to the kiosk having access to the MSD network. Sounds like all MSD file servers are accessible to all staff. That’s pretty common, and windows does an ok job of finding them when you go “map network drive”. Why kiosks wouldn’t be on a separate network segment or at least running under an unprivileged user is I don’t know, but I guess it’s a mistake someone could make.

    As for security audit – unless you knew they had kiosks and were asked to audit them, this would never show up. Security audits usually focus on access via the internet, not someone already inside the firewall.

    Embarrassing, yes. Surprising, no.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  33. wreck1080 (3,730 comments) says:

    Anyone wonder why the MSD managers did not pay him? I bet they wish for a time machine now.

    If I were an MSD IT manager and advised of a massive security hole, I’d have negotiated a confidentiality agreement on the basis the security flaw was large.

    Why on earth would they not do this? Surely this method is far cheaper than some pricewaterhouse security audit. I’ve been involved in these big accounting firm IT audits –they really are a joke. More an exercise in box ticking.

    Anyway, it is a good thing that this has surfaced so now we all know what a joke these highly paid IT staff are. This is what happens when you put lawyers in charge instead of technical people.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  34. Colville (2,079 comments) says:

    How do you wank into a MSD office and sit alone for half hour with acess to a MSD computer?

    No point paying him anyways coz he would have outed the hole for public good anyways after he had taken the dosh.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  35. niggly (799 comments) says:

    @labrator, you do make some good points.

    Whilst there are more questions than answers at the moment, perhaps upon reflection (and thinking about political & media game playing that could result) one shouldn’t be in a rush to condemn Ira Bailey especially as not all the facts are known.

    Sure there are questions one could ask of him, such as, how did he hear about the security vulnerability? From another source (if so who, someone within MSD or another MSD client or another activist or even hacker etc)? Does he have a habit of checking govt/corporate public computers/kiosks for vulnerabilities (and even if so, I doubt he’d be the only person in NZ to have done that)? If so, has he been rewarded in the past and thought he would look for more vulnerabilities elsewhere eg MSD? Or was it something that he tried for the first time and hit the jack pot? It could even be the latter here – who knows.

    Just saying this because he may be somewhat innocent (and unintentional consequences of accusing him could result in media fallout for the Govt). But otherwise if not, then in time once the audits are done we’d have more info to go on.

    Having said this I’m amazed that someone like Ira Bailey could access sensitive areas with the MSD network. Question: did the kiosks have admin privileges set which allowed anyone with System Administration knowledge to browse around (and even if so, it must have been a hell of a high level admin privilege to get into many systems) or else was this not the case and Ira Bailey used his SA knowledge to get around internal security measures to delve deeper? So far Keith Ng isn’t suggesting the latter in his commentary (but then again I’m sure how much SA knowledge Keith Ng would have). I think we may need for more info to come out via Keith’s sources or otherwise the Govt audit before passing judgement.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  36. david c (254 comments) says:

    This distinctly smells of Ad Hominem to me

    Now I’ll save you some time: oh but no you said at the end what a bad thing the leak is….nope…that doesn’t fly because the crux of your article is about the individual. You even headlined it “Ira Bailey”. And then hilariously said that because he was involved in an environmental movement THREE YEARS AGO that got some press, you imply he’s a publicity whore.

    Then you imply that he couldn’t have been bored with time to kill and at a WINZ office, and that he must’ve MALICIOUSLY plugged his USB stick in because WHY ELSE WOULD ANYONE DO THAT?

    Which is a good question. Why would he maliciously put his USB stick in? What possible gain is there for anyone?

    Our friend Ira Bailey gained nothing from this. Nada. Zilch. Zip. So he’s either the worst blackmailer ever, or you’ve just gotten his motives wrong.

    You’re clearly not reserving judgement. This whole post is a judgement.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  37. Kimble (4,379 comments) says:

    Reward that man!

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  38. Auberon (869 comments) says:

    PaulL, you say “Sounds like all MSD file servers are accessible to all staff.” Actually MSD chief executive Brendan Boyle refuted that utterly yesterday – he said the file Keith Ng opened was most definitely not accessible by most internal MSD computer terminals/users. Which is just one of a number of reasons why this stinks to me as an inside and politically motivated job.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  39. david c (254 comments) says:

    What part of this is politically motivated? Is exposing a massive security flaw now considered a partisan action?

    The reason you could access these things in kiosks was because when they were installed they were given “Admin” privileges. Whereas generic MSD staff were not.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  40. OTGO (512 comments) says:

    Maybe the MSD should openly make available these details that Ira so helpfully accessed? If we the taxpayer are paying these people haven’t we the right to know who they are and the circumstances that allow them to get on a benefit?
    (OK I’m not so sure about the info regarding safe houses for battered women)

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  41. Colville (2,079 comments) says:

    this is politically motivated the same way that Whaleoil getting in the backdoor of the LP computer system was.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  42. david c (254 comments) says:

    But MSD aren’t a political party? They’re a Government Department. No matter who’s in Government.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  43. campit (462 comments) says:

    Why online information? I would have thought a review of internal security would be in order. Why would the user account used at the kiosk have access to so many servers? Internally at MSD do staff have access to all servers, regardless of their role?

    Ah, here we go.

    MSD appoints Deloittes to review network security:

    The second phase would involve a broader look at security across all the ministry’s IT systems, including policies, governance and culture.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  44. Colville (2,079 comments) says:

    But MSD aren’t a political party? They’re a Government Department. No matter who’s in Government.

    So this affair couldnt possibly used to attack the govt then?

    Like this? http://thestandard.org.nz/no-accountability-in-national-government/

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  45. Mary Rose (393 comments) says:

    There’s a difference between a blackmailer and a bounty hunter.

    But ” Bailey says he just happened to be at a WINZ office, and was bored. He plugged in his USB drive..”

    Has anyone asked him WHY? Has he given an answer?

    David C >Why would he maliciously put his USB stick in?

    Er, why would you innocently do so?
    Only two reasons to plug in a memory stick: to copy things from it to the computer, or vice versa.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  46. david c (254 comments) says:

    Umm WINZ staff tell you to bring your CV in on a USB stick so you can work on them at the Kiosk.

    They don’t allow webmail, and you can’t get to Google Docs so USB is the only option.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  47. Mary Rose (393 comments) says:

    Ah ok. Never needed their services to find a job, so didn’t know that.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  48. Keeping Stock (10,100 comments) says:

    @ davidc – the guy is a system administrator working with computers all day long. Why would he need a WINZ computer to print off a CV?

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  49. dc (173 comments) says:

    I’m not buying his story either. Would someone working in the industry really be stupid and naive enough to think that an NZ government department would have a bug bounty program? They are really rare, even for private companies, let alone the civil service. It seems like a thinly disguised blackmail attempt. With hindsight they should have paid it anyway, but without details he probably came across as a scammer. Note that according to Ng he didn’t mention the kiosks to MSD at all, so they had no idea where to look.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  50. Mark (1,360 comments) says:

    Colville (331) Says:
    October 16th, 2012 at 11:15 am
    this is politically motivated the same way that Whaleoil getting in the backdoor of the LP computer system was.

    So what if it was. That does not take away the fact that there was no data security. Why shoot the messengers here. It is a major data security failure by a government department. The motivations are completely irrelevant.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  51. Keeping Stock (10,100 comments) says:

    @ Mark; no-one is resiling from the fact that a major blunder at MSD has been exposed. But Bailey’s involvement raises some very legitimate questions, some of which have not been asked yet.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  52. Pete George (22,827 comments) says:

    If you didn’t think it could be any worse:

    SD security flaw probably found last year – Bennett

    Social Development Minister Paula Bennett has conceded it is likely a flaw in her ministry’s computer systems that led to a security breach was actually uncovered in a review last year.

    On Monday, the Ministry of Social Development said an investigation by Dimension Data in April last year did not discover the weakness.

    Today, it says the company did identify flaws in the system and is not confident the right actions were taken after that report.

    Ms Bennett says it looks like the same weakness that’s been made public this week.

    “They had identified a flaw. I think its our responsibility now to find out if had been followed up appropriately.

    “You have to just say, by what we’re dealing with in the last few days, they haven’t been.”

    http://www.radionz.co.nz/news/national/118287/msd-security-flaw-probably-found-last-year-bennett

    About the only good thing about this is Bennett appears to be upfront about it.

    Maybe Bailey was looking through some old news and decided to check to see if it had been addressed adequately.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  53. Longknives (4,454 comments) says:

    “WINZ staff tell you to bring your CV in on a USB stick so you can work on them at the Kiosk.”

    I’d love to see Ira Bailey’s CV-
    Work skills: Molotov Cocktails, Blowing up dams, Inciting a race-war…

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  54. scrubone (3,048 comments) says:

    The fact that he had a USB drive is neither here not there. The point is that “looking for it” was the figleaf he used to exuse his poking around the system if he got caught.

    It’s clear that the security on this system… well, using the word “security” implies that someone actually tried to secure something. They didn’t.

    This is basic, basic stuff. Any competent IT person knows that just restricting access to windows explorer is not going to stop people accessing the file system or network.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  55. Pete George (22,827 comments) says:

    MSD boss admits warnings might have been ignored

    Ministry of Social Development CEO Brendan Boyle has admitted his agency might have ignored warnings from Dimension Data – the company that tested security on its WINZ kiosks.

    “We received a report from Dimension Data in April 2011, which identified flaws in our system,” Mr Boyle said in a statement this morning.

    At a press briefing yesterday afternoon, Mr Boyle said KPMG and Dimension Data consulted on security to the MSD. Dimension Data had carried out penetration testing on the kiosks and found no issues.

    “Since yesterday afternoon I have received further information that means I am not confident that we took the right actions in response to Dimension Data’s recommendations on security. I will look to the review to provide me with the answers.

    “We will be asking Deloitte to determine what we did to follow up this report’s recommendations and whether our response was adequate.”

    He added, ““I can confirm that KPMG was not engaged to penetration test our public kiosks. They have, however, been engaged in doing testing on other parts of our system.”

    http://www.nbr.co.nz/article/msd-boss-admits-warnings-might-have-been-ignored-ck-130774

    Possibly eighteen months. A few people may be doing a lot of sweating.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  56. kowtow (7,624 comments) says:

    Will the usual suspects in the Lame Stream Media who breathlessly led the night’s propaganda broadcasts when this sensational “news” broke,do a similar breathless follow up?

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  57. Reid (15,942 comments) says:

    Further to Pete’s 1:23, NBR has this story on who may? have leaked Ng’s source: Bennett.

    http://www.nbr.co.nz/opinion/linkedin-trail-leads-bennetts-office-%E2%80%93-ng

    One of the dumbest things to come out of this developing farce is the govt CIO conducting an across-govt review to identify similar issues across every single govt agency.

    I mean talk about politician knee-jerk to a point problem. What is the matter with Key? Doesn’t the guy understand how expensive this is going to be, for what will probably be very little result? I would have expected Hulun to do something like this, since she’s never worked outside of govt where our money grows on her trees and it’s there for her benefit and we should be gwateful she’s spending it cos she’s so fucking wise, but Key doing it? WTF is wrong with this idiot? Hasn’t he ever worked in private enterprise? Oh wait. He has. Fucking d’oh, Key. This knee jerk reaction speaks volumes about you, your management style, your political style, your strategic analysis, your commercial perspicacity and your lack thereof in every one of the aforesaid arenas.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  58. Nostalgia-NZ (4,910 comments) says:

    Good point Reid. Deal firstly with this problem – then expand later if necessary.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  59. Reid (15,942 comments) says:

    Just listened to the Bailey interview on Checkpoint around 6:05 where he details the exposure, will be worth listening to when its posted on their site. He alleges in his opinion an across govt audit is necessary. Well he would say that wouldn’t he.

    But let’s get real people. The Kiosk project is clearly to me at a guess, a project where either the Security Architect was asleep at the switch or where one wasn’t engaged at all and personally I plump for the latter which means the project manager was asleep at the switch. I mean, a Kiosk and you don’t bother about security? Either way, it’s an elementary, no brainer, fucking d’oh level of mistake which is the IT equivalent of designing a car, clay models and all, spending millions tooling up the machines, then discovering when it hits the market that, oh dear, it has square wheels instead of the usual round ones. This was fuckup #1.

    But not only that, a consulting company unfortunately employed only after all this money had been spent, apparently pointed out that square wheels weren’t the usual thing and possibly this should be investigated. This was fuckup #2.

    Now this doesn’t happen everyday does it. Not too many cars with square wheels hit the market, do they. Same as this. So what the heck is the point in overreacting the way Key has, notwithstanding the monstrous incompetence on the part of someone, an individual, that this represents?

    But FFS, the point is, you don’t need Deloittes to tell you what went wrong, you would easily find this out if you wander down the corridor and talk to the staff, which is precisely what Deloittes is going to do, isn’t it. The reason why the CEO appointed Deloittes is because of this look she gave him.

    One main reason why both govt and corporate managers hire the big six IMO is because of their reputation and their massive liability insurance. For this reason the managers are quite happy to ditch (and I do mean ditch) $100′s sometimes S1000′s of k on twenty-somethings in nice suits who type really fast all the time and come in really early and work really late and whom are led by a “senior partner” who looks and sounds as slick as Richard Griffin but may not have quite as much going on upstairs, or more precisely, has the consulting fees he’ll earn for “the firm” going on mostly upstairs and secondly a small amount of concern for doing a good job on the fundamentals that the client thinks they’re paying for.

    As long as the output looks really really professional, who really gives a damn about the actual efficacy behind the output. That’s for losers, not senior execs. The point is that most managers in most corporates and most govt depts are as dumb as a box of hair and this is proven by the fact that when said consultant’s senior partner presents “the findings” they normally don’t even understand that they could have got the same answers had they wandered down the hall and talked to the staff who do the actual job(s) in question, it’s just that they wouldn’t have got the excellent powerpoint presso. And they sign off on said $100′s of k or even said $1000′s of k without another thought, even with a smile and a congratulatory handshake and sleep well at night, thinking the money they have just spent which now can’t be spent on anything actually productive was well spent.

    And so it looks to me like, because politicians are mental “shoot-from-the-hip” idiots and govt CEO’s are sycophantic gutless idiots who wish only to cover their own butts, we the taxpayer will pay almost certainly not 100′s of k but rather 1000′s of k, for nothing. At a time when the GFC continues to hit hard, unemployment is dire, confidence is dire, every cent counts, and we have a conservative govt in power.

    I’d call it a circus, but in a circus, they have trained animals.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  60. niggly (799 comments) says:

    @ Reid. Not really sure why you think the idea is dumb – after all its’ a review and apart from the cost to conduct a review, the real expense will be following through with the recommendations.

    Anyway what I think is really dumb is the political games now being played out. I hope you were fortunate enough to miss Meteria Turei’s whining dribbling rant about how Paula Bennet “doesn’t care” about Winz clients and she is blame for all this. Awwwwwwwww! Talk about kindergarden age child logic sheesh. Now we have Labour’s Jacinda on her pony wagon going on about how she had concerns years ago. Y’know, nevermind Ira Bailey, he may have been a fall guy, but looks like Labour + Greens have been taking a keen interest over a period of time to see this all fail, makes one wonder whether they had their own activist IT types probing the system’s weaknesses and then set up these others to find the hole and report it to the media????

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  61. toad (3,669 comments) says:

    @Reid 6:42 pm

    Thanks for that sensible and well-reasoned comment. I’ve often been critical of your comments, but don’t often get a frank acceptance of that which can’t be contested from right wingers on KB when their elected politicians are under serious attack for serious failures.

    Have to also admit some on the left also not that good in that regard – Clark should have sidelined Peters as soon as the Owen Glenn donations issue came out & David Benson-Pope should have been dumped much earlier than her was.

    And we should all be gunning for #JohnDotBanks.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  62. Reid (15,942 comments) says:

    @ Reid. Not really sure why you think the idea is dumb – after all its’ a review and apart from the cost to conduct a review, the real expense will be following through with the recommendations.

    niggly you can’t boil the ocean, it takes too much energy, plus it won’t work anyway since there’s not enough energy available in the whole world, so don’t even bother embarking on the endeavour. That’s my point.

    To identify every single security risk presented by every single public-facing IT system is boiling the ocean. This is what Key has asked the govt CIO to do. Based on a point situation in a point govt dept which may or may not be widespread.

    Correct me if I’m wrong, but this is mental. Is it not. Would it not be better to broadcast internally to govt IT security experts the root causes of why this MSD failure happened, and instruct the CEOs of all govt depts to make sure their IT depts take this on board on all current in future public-facing projects? Wouldn’t that be a more efficient way to make this problem go away and never ever rear its ugly head again, which is the whole point of the exercise?

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  63. Reid (15,942 comments) says:

    toad @ 7:02 thank you for that. I agree we don’t often see eye-to-eye which has over the years resulted in lack of engagement between us on the issues. I’ve wondered if that’s because of my online lisping and swearing which I admit is forthright and often, offensive.

    Personally this lack has been a regret for me albeit understandable. However you’re amongst the most astute opposition on this forum along with people like Ryan Sproull and I enjoy engaging with people like you, not to defeat or because I rate myself, but so I can be learned.

    Many conservatives here also, as I hope you’ve observed, have no time for the shall we say, less salubrious aspects of the 5th National govt, even though they like I, may or will probably vote that way next time – I certainly will I can’t speak for them. But I suggest for all of us in this group, it is the truth which counts, and truth doesn’t have an ideology.

    I can’t promise toad I won’t continue my use of the less “conventional” communication techniques but can I ask please, look straight through that and focus on the message, because AFAIK, all my messages seek the truth, as I see it, and if I’m wrong, how will I recognise that if people like you don’t explain it to me? If you happen to be arsed at the time :)

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  64. hj (6,350 comments) says:

    Wikipedia:
    A moral economy, in one interpretation, is an economy that is based on goodness, fairness, and justice. Such an economy is generally only stable in small, closely knit communities, where the principles of mutuality — i.e. “I’ll scratch your back if you’ll scratch mine” — operate to avoid the free rider problem. *Where economic transactions arise between strangers who cannot be informally sanctioned by a social network*, the free rider problem lacks a solution and a moral economy becomes harder to maintain.
    ……………….. that’s why we need people like Bailey to make everyone’s details available rather than cover for them (as the Green Party does).

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  65. Kevin (1,122 comments) says:

    Yep you could have seen a bit of “happy mischief ” if a less than moral rightie had got hold of those files eh.

    I don’t understand why anyone would still vote for national.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  66. Reid (15,942 comments) says:

    I don’t understand why anyone would still vote for national.

    Because they’re simply the best Kev. Better than all the rest.

    Yes I know.

    Pathetic, isn’t it.

    Perhaps it’s because we’re all trying to emulate eventually in our later years becoming a big, fat, helpless bird that can’t fly and get’s picked on by all the small furry forest creatures. As I’ve said before, our national symbol should be the Haast Eagle and Country Calendar should be filled with stories of our great national emblem landing on the backs of Moas and simply tearing them to shreds, symbolising at last the great nation we could become, if and when someone (like Winston maybe?) finally, finally, at last, get’s a bit of vision.

    Then we’d learn em. And if not now, then when?

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  67. hj (6,350 comments) says:

    people vote national because of the Great Divide (refs Australia but is same here):

    “In a book initially published in 1988 called Ideology and Immigration , she demonstrated how race, immigration policy and the concept of multiculturalism had combined to produce a set of ideas that had caused a new and fundamental division with Australian society. She showed this ideology had created a ‘great divide’ between the intellectual class and the majority of the population. Intellectuals, who mostly worked for universities and the public service, had endorsed a set of values that won the ear of the then Labor government and the news media. They established a terminology that soon became the only publicly acceptable discourse on the topic. Although they professed their motives were social justice and political progress, the same in­tellectuals held an overt contempt for the majority of Austra­lians, who they thought remained mired in materialism and shrouded in xenophobia. Betts argued that the cultural outlook of these intellectuals was so different to mainstream Australia that they constituted a ‘new class’. Her thesis was subsequently publicised by a number of conservative media commentators and its accuracy was even grudgingly admitted by some on the left. Her analysis was proven accurate when the despised majority took their revenge in the 1996 election by subjecting Paul Keating to the greatest electoral defeat of any Prime Minister since Federation.”

    //
    Opposition to both the Vietnam War and White Australia forged the links between the new identity and support for immigration. ‘For some activists,’ Betts writes, ‘parochial Australians and their cherished way of life came to be seen as the problem common to all these causes, and immigration diversity as the universal solution. Racism provided the key.’ Their assumption was that old or parochial Australians had supported White Australia and the Vietnam War because of their racist beliefs. The same fault, combined with the inane materialism of their outer suburban lives, purportedly prejudiced them against immigrants. ‘An active celebration of diversity, and further immigration might cure them but, even if it did not, these policies would make it clear that the new class would not tolerate parochial sentiments and that they would make the most of every opportunity to confront them.’ [8] Any politicians who might have doubts about the policy, especially those from the Labor Party trying to retain their old constituency, were isolated and ridiculed by a supportive news media, and identified either with old men from another era, like Bruce Ruxton and Arthur Tunstall, or with extremist fringe groups. Aspiring members of this in-group soon realised that correct views on race and the composition of the migrant intake were essential badges of entry. To question immigration was to step outside the circle of acceptability. In 1972, the foreign corre­spondent Bruce Grant returned to find ‘an air of unreality’ sur­rounding the whole question. ‘The governing elite pre-empted the issue and made ordinary Australians feel that to be racially intolerant was to be unfashionable, even unpatriotic.’ [9]

    In Canberra in the 1960s, a small group of sociologists and social policy researchers had decided that migrants from non-English speaking backgrounds were not doing as well as they should. No immigrant political identities had emerged within the major political parties and migrants seemed to be dispropor­tionately represented on the lowest rungs of the socio-economic ladder. Even though this was an outcome to be expected, indeed inevitable, for the early stages of any large-scale program of immigration to another society, it was defined as a social problem. A research industry, funded by both governments and universities, soon emerged to confirm immigrants’ status as victims. Although their findings were usually loaded and migrants to Australia actually progressed better than they did in most countries, they took the field unchallenged. [10] The group, whose activities have been analysed in another landmark work of Australian social science, The Origins of Multiculturalism in Australian Politics by Mark Lopez, decided that the then offi­cial policy of assimilation was the cause of the ‘problem’ they had uncovered. [11] Their initial response was soft multiculturalism, with its call for tolerance and respect of the migrants’ ori­gins. But in the climate of opinion in the radical Sixties, the analysis soon found that it was not merely the attitude of Aus­tralians that was the problem but the very structure of the host society. The academic Marxists who emerged to join this burgeoning movement predictably found Australia was exploiting its migrants and that their position would not improve without structural change. They helped shift the conceptualisation of the issue from assimilation, the idea that the migrants should change to fit Australia , to multiculturalism, the notion that Australia should change to fit the migrants. Hard multiculturalism was born.
    http://www.sydneyline.com/Multiculturalism%20sociology%20of%20shame.htm

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  68. Reid (15,942 comments) says:

    hj you don’t need screds (though I should talk). But IMO people vote National because they’re conservative.

    People as they grow older are more conservative because they have more to conserve.

    Simple. As. That.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  69. hj (6,350 comments) says:

    Herman Daly on the environmetal movement:

    “Demographers and economists have understandably become reluctant to prescribe birth control to other countries. If a country historically “chooses” many people, low wages, and high inequality over fewer people, higher wages, and less inequality, who is to say that is wrong? Let all make their own choices, since it is they who will have to live with the consequences.
    But while that may be a defensible position under internationalization, it is not defensible under globalization. The whole point of an integrated world is that these consequences, both costs of overpopulation and benefits of population control, are externalized to all nations. The costs and benefits of overpopulation under globalization are now distributed by class more than by nation. Labor bears the cost of reduced wage income; capital enjoys the benefit of reduced wage costs. Malthusian and Marxian considerations both seem to foster inequality. The old conflict between Marx and Malthus, always more ideological than logical, has now for practical purposes been further diminished. After all, both always held that wages tend toward subsistence under capitalism. Marx would probably see globalization as one more capitalist strategy to lower wages. Malthus might agree, while arguing that it is the fact of overpopulation that allows the capitalist’s strategy to work in the first place. Presumably Marx would accept that, but insist that the overpopulation is only relative to capitalist institutions, not to any limits of nature’s bounty, and would not exist under socialism. Malthus would disagree, along with the post-Mao Chinese communists.,; I confess that my sympathies lean more toward Malthus, and that I lament the recent tendency of the environmental movement to court “political correctness” by soft-pedaling issues of population, migration, and globalization.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  70. Alan Wilkinson (1,816 comments) says:

    @Reid, you are correct in all of your description @16:42 except that the CEO is not always stupid. Some at least simply know that is the game they have to play so that all requisite butts are protected. Of course those are the ones who have made sure that they have managers and staff who actually know what they are doing and talking about so are not likely to be involved in cases like this. A department like MSD will have its own internal audit section, but in my experience it was pretty useless anyway.

    The other thing you missed out is that the Big Six report is basically taken off their shelf with the local info filled in by the hired gun – and is largely a sales pitch for the next job – another report or the remedial project.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  71. Kea (11,878 comments) says:

    I lament the recent tendency of the environmental movement to court “political correctness” by soft-pedaling issues of population, migration, and globalization.

    I also lament that tendency. They appear more interested in politics than the environment. A fact observed by many of the environmental movements founding fathers, who have seen the likes of Greenpeace over run by political zealots.

    It is easy to raise support (& money) to save cute faced Harp Seals, Dolphins and other charming creatures. It is not so easy to sell the idea of not having kids. Most folk will nod their heads and agree population control is needed. Now try telling them they can not have baby and see the reaction. The fact is that having kids is the single most damaging thing you can do to the environment. No amount of hemp shopping bags and Pirus driving will change that.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  72. SJP (3 comments) says:

    David Farrar, I know you’ll want to correct this error as soon as possible: The article you have linked to on stuff has a mislabeled photograph. Neither of the people in the photo are Ira Bailey. And he’s not mentioned in the article. And there is no other evidence on the internet, to my knowledge, that he seeks publicity. And that’s just one redundant point of many you have made here, one that is easy to debunk. If you want to double check, compare the photo with pics of Ira and/or his identical twin. C’est tout.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  73. Alan Wilkinson (1,816 comments) says:

    Reid @16:10, according to the Herald it is Rennie who ordered the all-dept security review, not Key.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  74. Kevin (1,122 comments) says:

    Thanks for the comments I appreciate it. I wish lefties would be as honest as to why they vote as they do. The problem is every party has skeletons in the closet that makes,it repugnant for me to vote for them.

    National are too close to iwi and never gave the promised tax cuts. They are up to their 90s tricks of big government business as usual. Remember they brought in much of the paranoid human rights legislation that we still,suffer from.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  75. niggly (799 comments) says:

    @ Reid. I get where you are coming from and agree to an extent but not totally. Eg in theory a top down directive should work but in practice it won’t so a full independent audit is needed.

    Any top down directive risks any incompetent department(s) not carrying out the recomendations properly (as said incompetent manager/staff member may not prioritise due to other work demands or not carry out effectively etc). There’s also no consistency nor whole of govt stocktake of the situation, also meaning mistakes could continue to occur.

    The Govt needs to reassure the public (and sure enough the media and opposition parties) that the issues are being addressed throughout the entire public service.

    Make no mistake, what Ira Bailey came across, the top level accessing of sensitive data could be replicated by others, including criminal elements, unethical hackers and potentially there’s no reason why such data couldn’t be sold off to foreign interests. Or have malware introduced. This may have already happened – so this is serious shit and the Govt needs to ensure all public systems are secure (and looks like the entire MSD computer network and workstations need to “rebuilt” from scratch in case they were compromised).

    http://podcast.radionz.co.nz/ckpt/ckpt-20121016-1807-massive_breach_of_security_at_the_msd-048.mp3

    Ok I listened to the Checkpoint audio of Ira Bailey and I will say this:

    On the good side: He has been helpful in explaining to the Privacy Commissioner what he did and what he saw, in the interests of (hopefully) preventing this happening again. I hope he remains cooperative if asked to discuss with Govt auditors or even the authorities if required – this will be a good test for him and us to judge his “honesty” in this affair, I mean he ceertainly sounded sincere on Checkpoint.

    On the questionable side. He hasn’t explained (nor been asked by the media) exactly why was he in WINZ and inserting a USB in the first place! Why? Perhaps he had heard about the flaw and curiousity took hold. But if so, how did he know to check? How did he hear about the flaw?

    In his own words he discovered the problem two Friday’s ago (Newtown WINZ) and double checked on Monday (Willis St WINZ). Informed WINZ that day (good) by leaving message with number and name, it seems waited until Tuesday and contacted Keith Ng (hmmmm). On Wed he was contacted by WINZ/MSD had a chat about being rewarded and when told he can’t, he didn’t want to divulge further details such as location or description of problem i.e. kiosks and what he could see (because he said he wanted Keith Ng to break the story, which happened Sunday – another hmmmmmm, this isn’t a good look).

    Also on the questionable side is that in a system admin role one would see sensitive data all the time but in this case he knew about a flaw and didn’t disclose any meaningful info to WINZ to remedy, instead talked to a blogger which is a little at odds with the ethics of his system admin role.

    As for dissing John Key, this issue absolutely nothing to do with him or his management style, that part of your comment I disagree with, it also plays into the hands of the likes of Toad, who like the Greens and Meteria today are using the issue to attack the PM and his Minister’s, ignoring the real “victims” (WINZ clients) and not addressing the security ramifications. Amd these amateurs think they want to Govern one day?

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  76. Mark (1,360 comments) says:

    Niggly I think it is fair to assume that Ira Baily was there to make mischief. Whether it was illegal is for others to decide but it is very hard to imagine that his motives were positive. But that is exactly why we have internet security, to stop those who should not have access to data getting to see it. The realiy is if everyone was as honest, as we all obviously are, then the security would not be necessary.

    So the issue here is not at all about Ira Bailey or Keith Ng. The fault lies squarely at the feet of MSD with some collateral responsibility falling at the feet of their consultants and advisers. From a political responsibility perspective the risk for the government is that the oposition can draw the dots between the expenditure cuts and doing IT security on the cheap. That is a tenuous argument at best but the crap will be thrown and some disquiet will stick for some of the public.

    Niggly as for the opposition “dissing”the PM and national I agree that it is hardly Key’s fault but that is politics and it is the job of the opposition to fire as much crap at the Government as they can to have people asking questions. Of course they are going to be directing as much criticism at Key as possible as he has been the difference between national winning and losing the last two elections. It is hard to imagine that National would not be using exactly the same strategy if the roles were reversed. Whether the voters are gullible enough is another matter however most will beleive what suits their political bias.

    In the mean time Key is taking the right approach. Fix MSD but also review the whole public sector data security. That in itself must be a huge task and hopefully the review is not a superficial one.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  77. Lee C (4,516 comments) says:

    So we’re not going to shoot the messenger, just blindfold, him, stick him against the wall with a fag in his mouth, in front of a firing squad until we can. . .

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  78. niggly (799 comments) says:

    @ Mark – all good points, I wouldn’t disagree.

    As for the PSA (and no doubt Labour when they wake up) will target budget cuts and security and say they are related. To which I’d say BS – security is paramount, it’s an area that must be top priority (so why this happened at MSD is beyond comprehension – massive fail), there’s always room for budget cuts eg not sure what you see, but I see too many staff (IT and non IT esp middle management) all with the latest expensive Apple i-gizmos and knowing IT, they are a law into themselves wasting massive amounts on piss poor projects, which are hushed up within house. Perhaps Brenda Pilot could comment on that!

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  79. Ed Snack (1,737 comments) says:

    Can anyone point to a description of what the actual security flaw was ?

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  80. alex Masterley (1,490 comments) says:

    Ed,
    I have been waiting for that.
    I doubt that we will find out as the white noise about the existence of a flaw rather than what it actually is will drown everything else out.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote

Leave a Reply

You must be logged in to post a comment.