And the furore over WhaleLeaks isn't going to die away any time soon; the man himself has a new instalment this morning which is very sobering reading for anyone who gave personal details to the Labour Party with the expectation that their privacy would be protected. It's pretty clear that Labour has failed dismally in its duty of care - check this out:
Labour have gone all in on their attacks on me and my alleged puppet masters in National. They forgot though that Trevor Mallard mounted a months worth of attacks on me for being in the pocket of Don Brash and ACT. So it is clear they are not “on message” as they say in the beltway.
After I posted my video that showed how easy it was to obtain data from their wide open site the IT community unanimously delivered their verdict that Labour and no one else was to blame for their woeful breach of people’s privacy.
Commenters at Kiwiblog and other sites quickly realised what I did long ago and that was that Google and other bots had archived Labour’s open site extensively. All their data is still in the cache and will be for quite some time.
Oh dear. Keeping Stock gets visits from Google bots every day. That's why, when you comment, that you have to use a randon anti-spam word. Even when we were temporarily retired from blogging in late 2009, we were having comments left on the blog, even though there was no fresh contact; it was the work of bots.
And for those who reckon that Slater has acted illegally, he blogs:
Their credit card provider admin details were:
This shows the appalling lack of security not only for the donor and membership details but also with regard to usernames and passwords for other secure areas.
I never accessed those areas, to do so would have been illegal. But given that their systems were open and exposed long enough that Google and 9 other bots were able to cache the entire directory system there is a good chance that Russian or Nigerian scamsters also were able to obtain access to the database and credit card processing passswords that Labour left exposed. Chris Flatt cannot give any assurances that their donor details including credit cards were safe and secure.
I know that Labour have been warned about the details of this post so presumably their IT muppets have now changed these details.
This is entirely Labour's problem. Had there not been a story in the Herald on Sunday four days ago, and had Cam Slater not started a series of blog posts, there would still be huge holes in Labour's website security, and they would be unaware of them. It was only the revelations of Sunday which ramg alarm bells at Labour Party HQ.
We're not experts in this area; indeed, we are technical neanderthals. But surely, more could have been expected from one of New Zealand's largest political parties. It is going to be interesting to see how this pans out, and we reckon that the Privacy Commissioner is going to be asking Chris Flatt and Moira Coatsworth some searching questions as to why their website security was so woefully inadequate.
The Labour Party head honchos and those who blog supporting Labour need to stop shooting at the messenger, Cam Slater, and look a bit closer to home. This is wholly Labour's problem, and if they can't run a website, it begs a question that we needn't even ask.