June 13, 2011 5:10pm by David Farrar

Labour’s 0/100 for security

The usual suspects have been trying to say that Labour’s website was hacked or cracked, or some sort of vulnerability was exploited.

But the video done by Whale shows how they had their entire server directory listed on the front page on their campaign site www.healthyhomeshealthykiwis.org.nz. No guessing directory names, no clever tricks. All you had to do was type in the URL and instead of getting an index.html page, you got the server directory.

Whale blogs on the background in further detail here.

Phil Quinn has called for the Labour Party General Secretary to resign over this. I’m not sure who is the appropriate person to resign, but I think someone does have to be held accountable for such a total failure of even the most basic security.

If Labour don’t hold someone accountable, then the only message you can take from it is that they don’t see this as serious enough.

Related Stories

  1. Labour’s passwords
  2. Labour and the Privacy Commissioner
  3. Whale’s response

Comments (85)

Login to comment or vote

Add a Comment