Scaremongering on credit cards

Written By: - Date published: 7:22 am, June 16th, 2011 - 100 comments
Categories: blogs, dpf, Ethics, making shit up, national - Tags: ,

Cameron Slater is still spreading disinformation about the data taken from Labour’s web site. Specifically he is claiming that people’s credit card details are at risk:

The problem however was much worse than that. Way worse. Remember that Chris Flatt the Labour General Secretary sent out a letter and email to their donors assuring them that their credit card details were safe. He shouldn’t have been too hasty with that assurance.

Their credit card provider admin details were:

“Flo2Cash_Donate\”;s:9:\“user_name\”;s:8:\“nzlabour\”;s:8:\“password\”;N;s:9:
\“signature\”;N;s:8:\“url_site\”;s:63:\

“https://secure.flo2cash.co.nz/donations/labourparty/donate.aspx\”;s:7:
\“url_api\”;N;s:9:\“url_recur\”;s:63:\

“https://secure.flo2cash.co.nz/donations/labourparty/donate.aspx\”

I never accessed those areas, to do so would have been illegal.

OK that’s pretty funny! Those aren’t “areas” – they are secure (encrypted) links to the web site of the transaction handler Flo2Cash. Slater couldn’t “access” them in a million years. Credit card details go straight to the Flo2Cash server without ever touching the Labour Party site. Neither the username, nor the password needed to access Flo2Cash were stored in the site database that the Nats (and subsequently Slater) accessed. See the statement from Flo2Cash below.

Having demonstrated complete technical incompetence, Slater heads off in to the realm of pure scaremongering:

But given that their systems were open and exposed long enough that Google and 9 other bots were able to cache the entire directory system there is a good chance that Russian or Nigerian scamsters also were able to obtain access to the data base and credit card processing passwords that Labour left exposed. Chris Flatt can not give any assurances that their donor details including credit cards were safe and secure.

Farrar (who should know better) is repeating this drivel. Whether they’re just stupid, or whether they know they’re spreading lies, it amounts to the same thing. National’s bloggers are trying to spread disinformation and concern amongst innocent members of the public. It’s a scummy tactic, but then that is their usual style.

100 comments on “Scaremongering on credit cards”

  1. PeteG 1

    Whether they’re just stupid, or whether they know they’re spreading lies, it amounts to the same thing. National’s bloggers are trying to spread disinformation and concern amongst innocent members of the public. It’s a scummy tactic, but then that is their usual style.

    That’s an interesting accusation coming from you R0b. What would you know about that sort of tactic?

    I don’t like some of what is being done over the credit cards, but it seems like dirty political business as usual, it’s what polipeople want.

    [lprent: r0b doesn’t. In fact he leans over backwards not to. I note that you have offered absolutely nothing to backup that statement. If you read the policy you will find that we don’t allow this type of unsupported underhanded attack on our authors.

    Banned for a two weeks. You should be careful – after this level the ban lengths really start to escalate. You’d have to ask yourself if the cheap thrill you experience is worth it. Even a critic who never says much of substance should be able to understand that. ]

    • wtl 1.1

      FFS, surely if you are serious about improving NZ politics you should be criticising all sides when they blatantly make shit up.

      And yes, you can do that at the same time as trying to point out the ‘Your NZ’ will offer a great new way of doing things. Frankly, it doesn’t inspire much confidence in you or ‘Your NZ’ when you refuse to take a stance on issues such as this.

    • RedLogix 1.2

      I don’t like some of what is being done over the credit cards

      Yeah but you can’t quite bring yourself to condemn it can you?

      • PeteG 1.2.1

        I’ve already condemned it – I’ll repeat specifically if you like.

        It had to be revealed that credit card information was potentially at risk. That’s where I think it should have ended, there should have been no consideration that any of the credit card information should be revealed by anyone, nor threatened.

    • r0b 1.3

      That’s an interesting accusation coming from you R0b. What would you know about that sort of tactic?

      I don’t spread lies to scare innocent individuals.  You can apologise for that shit PeteG, or you can have a week off.

      [lprent: Just banned him. That is one of the self-martyrdom offenses. Sorry, you cannot protect him from that type of offense by getting in there first. ]

      • PeteG 1.3.1

        Attack bloggers for the Nats, a party which runs as a franchise of an Australian company (Crosby Textor)…

        You can’t make this stuff up…

        I think you did make that stuff up.

        If you don’t consider innocent individuals read this blog, and if you don’t think anyone reading this blog is scared by CT paranoia, then I’m happy to apologise.

        [lprent: You’re putting up a sentence of satire from a sarcastic as an explanation? That is beyond being weak.

        Well I have already banned you. But add another week for apparently lacking sense of humor or proportion – but mostly for being really stupid. I could do with the time off from reading you.

        See you in July. ]

        • Gosman 1.3.1.1

          Yes but left wing scaremongering is okay because the ‘evil’ capitalists are really out their trying to screw the workers and eat their babies.

        • r0b 1.3.1.2

          I think you did make that stuff up.

          I think you haven’t read The Hollow Men.

          Anyway, I see that lprent has already sorted you out, so see you in 2 weeks I guess.

        • Kevin Welsh 1.3.1.3

          Ha! More time to watch your Pollyanna DVD collection now PeteG.
          All together now, lets sing the ‘Glad’ song…

      • PeteG 1.3.2

        You’re opening yourself up to claims of political censorship, but I guess you know that.

        [lprent: *grin* I have to let this idiotic comment through. This is from someone who has his own site, and who spends a lot of time commenting at the sewer – hardly short of outlets. What I suspect that he actually means is that he’d like to keep freeloading his party and site on this site’s readership.

        If so, then he should have taken notice of the policy and avoided letting his own behavior fall into a zone that I’d have to act on. There are some behaviors that I don’t tolerate on the site and making unsubstantiated attacks on authors is pretty close to the top of the list.

        It is hard enough to get people to come on board and write the posts without having a blowhard coming in and slagging them off with nothing supporting their statements.

        He was just lucky that he’d accumulated enough brownie points from his comments. My first instinct was to ban him until after the election (and no – I cannot be persuaded to change my mind) ]

        • Jim Nald 1.3.2.1

          Thanks for sparing me from reading rubbish.
          I’ll express my appreciation by doubling my next cash donation to The Standard.

          • Anne 1.3.2.1.1

            My thanks too and there will be a cheque coming in the post.

            • hawk 1.3.2.1.1.1

              Yes using a credit card would be rather unwise, I agree. Labour dont have a great track record of protection.

              • Draco T Bastard

                Actually, they have an excellent track record. Or, to put it another way, one breach does not make track record – unless you’re a National Party stooge stuck on repeat.

              • Anne

                Tongue in cheek hawk.. tongue in cheek.

          • Jim Nald 1.3.2.1.2

            Well, National’s secret and blindingly obvious trusts, eg Waitemata Trust, won’t be getting any of my money this time.

  2. Luva 2

    r0b you are giving crazy whales story way more legs than it deserves.

    In my opinion he was never going to do anything with the data he found. He wanted to send the blogosphere and specifcally the far left blogosphere into a tail spin. And given the enormous amount of comments on this subject this week he has suceeded in his mission.

    He doesn’t care about the morality or legality of his actions. Whale lives and breathes off the reactions he gets from his posts. Ignoring him would suffocate him. Daily ranting about him brings him back to life

    • r0b 2.1

      r0b you are giving crazy whales story way more legs than it deserves.

      After it blew up in their faces, it needed all the legs it could get.  And in particular those lies on the credit cards, designed to scare specifically targeted individuals, needed to be countered.

      • Luva 2.1.1

        I acccept your point but I don’t think he will see it like that. I don’t know the guy and hope I never do but I’m guesing he is pretty proud of himself right now and keeping his delusions alive will bring a smile to his fat face.

        As for the rest of the world, are they interested in techie geek talk or political sniping? Thats all this story is now.

        Lets move on to talk about our shit salary increases this year and the causess for that.

    • lprent 2.2

      Are you saying that we can’t trust what anything that Cameron Slater says? That he routinely blusters and lies about fact?

      Not your usual line is it?

      I think that this story has some legs, especially the way that the National party is using their poodles to spread their dirty tricks. I for one intend to continue.

      • Luva 2.2.1

        Lynn I am certainly saying that.

        I may be a rightard but i will call bullshit on a fool like whale more often than not

        • Draco T Bastard 2.2.1.1

          And, I suspect, work hard to try to shut down the stories that hurt the right like you’re trying to do with this one.

      • Colonial Viper 2.2.2

        This story about National doesn’t just have legs, it has wings!!!

        Chicken wings, by the looks of what National and Slater are backpeddling on!

    • Peter 2.3

      I suspect you are oh so right about this guy living off reactions etc. I’ll be making another donation.

      • Jim Nald 2.3.1

        Indeed. Ditto. Will stop by the local Labour office and make a cash donation at midday.

        • Colonial Viper 2.3.1.1

          Yeah I’ve already decided to up the level I’m donating to Labour. And I think its time I threw more money at The Standard.

          My honey won’t mind me forwarding on a bit of cash from her Daddy’s trust account.

  3. Gosman 3

    Curious that you have an issue about the scaremongering about credit card details yet one of the regular members of this site sent a letter to both Peter Goodfellow and Cameron Slater in which he specified that he was concerned that they had his credit card details. Isn’t this scaremongering as well then?

    • Morning Gosman.

      See below.

    • r0b 3.2

      Yeah that just shows that the lies that the Nat-bloggers are spreading are working to create fear Gosman.

    • lprent 3.3

      You mean that that a lawyer should have known what a web server configuration looked like and realized that Camerson Slater was lying again.

      I think that you are either a little generous on your understanding of what they teach at law school or more likely you’re just doing a diversion spin.

      • Gosman 3.3.1

        Well as your stated position is that anything coming from Cameron Slater position is likely to be a lie then perhaps you need to pass this piece of advice on to comrade mickeysavage to avoid the embarrassment of him taking Cameron Slater at his word in future 😉

        • jackal 3.3.1.1

          It’s best to assume that everything oozing out of the oil lard is a lie when he has been shown to be untruthful on numerous occasions. The presumption of untruth needs to be disproved by him, and as such is not likely to be forthcoming (because the information does not exist or he is to much of a coward to present it) we must err on the side of caution and his history and say that lard arse is lying in a vain attempt to damage Labour. In this case it’s the presumption that old blubber guts is telling the truth that is the problem.

          Very few people will believe the word of a discredited blogger over that of Labour, especially people who already support the party and know a little about oil lard. In this instance he would have in fact turned many supporters against National for their possible involvement in the underhanded campaign… The ones who are mentally capable of determining the truth of the matter that is.

  4. I must admit I got sucked in by Whale about the credit card numbers after watching his video.  I made the fatal mistake of taking him at his word.  From now on if he says today is Thursday I am going to check a calendar.

    I agree with Luva that this has been a huge beat up and a damp squib in terms of the shock horror revelations.

    And I wish PeteG would discuss specifics.  These broad generalised statements he keeps making are driving me nuts.  It is like wrestling with a flamange.

    • Gosman 4.1

      Morning mickeysavage 😉

      So you agree that it was a tad rash of you to send off that e-mail demanding that the National party let you know what information they had about you and your credit card details then?

      • mickysavage 4.1.1

        No I still want to see what information it holds.
         
        I am in the fortunate position where I am happy to be branded as a Labour Party activist.  There are others, for instance public servants, for who any sort of publicity could be very damaging.  So the privacy issues relating to the data need to be respected.  Presuming that further consideration by the Privacy Commissioner is necessary then a complaint by an affected person as well as the party will be required.

        • Gosman 4.1.1.1

          Quite possibly but there is the potential embarrassment fact that the privacy commissioner will actually come down harder on the Labour Party than anyone else for failing to take proper precautions around the protection of the data.

          I have worked in banking for a while now and there are serious implications, (including large fines in some cases) for allowing customer data to be readily accessable in the way the Labour Party has done in this case.

          Are you also writing to the Labour Party demanding that they put in place proper I.T. security to protect your information or is your real issue on this more politically motivated?

          • lprent 4.1.1.1.1

            Don’t know about micky, but I have made my displeasure about events known to people at the NZLP. Unlike the National party, we are both members of the Labour Party. So you send polite letters to National and get quite sarcastic within conversations with people at Labour.

            And Gosman, point to something that the banks would consider to be a issue. There is no information that is sensitive to the banks in the exposed directories. It doesn’t show any credit card details

            I know the ones used in NZ and a couple of other countries because I have had to code to their standards. There is nothing there that would constitute a problem under the various bank guidelines. I’d guess that you are just raising yet another diversion.

            Perhaps you should make clear your opinion on what The National Party and Whaleoil have done? Do you think that it is moral and ethical to expose peoples private information to merely make a political point?

            • Gosman 4.1.1.1.1.1

              I’m really not fussed by it to be honest as I quite like the idea of open information disclosure, (although I admit it comes with serious risks).

              The US Government had a massive problem with the Wikileaks cables and took the position that it seriously compromised the ability of US diplomats to do their jobs properly and may potentially lead to harm to some people. However that didn’t stop certain people from publishing some of the information, (including on this blog if my memory serves me correctly), to make a political point.

              Do you have a problem with this sort of thing lprent?

              • lprent

                Do you have a problem with this sort of thing lprent?

                I think that I have made my thoughts on this quite plain on wikileaks, the hollow men, and even this one. I generally follow the legal basis because a lot of thought has gone into balancing out the differing competing rights and obligations. 

                If you want a short answer (I get complaints that some of my comments and posts are long), I’d say that I’m not as simple as you are in the balance.

                With wikileaks, there is at least one person (probably Manning) who released the information. They had obligations that they clearly violated and they will be prosecuted for that. It is likely that there is one of more persons in the National party who did the release of the hollow men e-mails – and the same thing should apply to them.

                Quite frankly it is a risk that you take as a whistle blower because you are violating a position of trust and there should be consequences for doing that. Even whistle blower legislation doesn’t usually shield people from that. If present then it merely mitigates the consequences.

                With journalists it is a whole different matter. The legal systems recognize a public good in having journalists being able to publish information where it is received in an unsolicited and unpaid for fashion. That is enshrined throughout legal systems in democracies and other types of societies. That is the transparency you are referring to.

                Again, most of the legalities reduce but do not remove legal consequences. It simply makes the burden of proof harder to obtain for prosecutors. For instance the ‘shield laws’ in various countries will normally protect sources, but there are circumstances where it will not. 

                Wikileaks and the newspapers that published the information are clearly covered by those protections as the US justice department found out. They look like they have failed to build a case that is likely to succeed against wikileaks or the newspapers.

                So when one of these cases comes up I look to the existing legal structures rather than doing as many do (like yourself?) and make legal principles up based on what you’d like to see happen. I’m afraid I have little respect for such wishlist blathering.

            • Gosman 4.1.1.1.1.2

              BTW Cusomer name and address information is regarded as reasonably sensitive data in the Banking world. While not as vital as credit card or bank account information releasing it into the public domain is still not acceptable.

              • lprent

                Yep, and it is typically not covered in the standards as a requirement.

                They are in the sections that make up the “security concerns” parts of the specs. Those are the ones to do with looking at how secure a system is in overall terms. Those also include a range of concerns such as physical security, vetting of personnel, auditing procedures, etc etc. They apply to corner dairies with their highly secure* eftpos terminals as well.

                * that was sarcasm for those who have humor deficiency issues

              • Colonial Viper

                While not as vital as credit card or bank account information releasing it into the public domain is still not acceptable.

                Which is what Whaleoil’s National paid lawyers will finally have managed to get through to him.

              • ianmac

                A few years ago I was given a huge stack of computer printout paper to draw on. It turned out to be the printout from a local bank and at a glance I recognised local names and details. Hells Bells. I got my trusty guillotine out and slashed the pages especially on the left hand side as the names appeared to be thus. Am sure that that would not happen today though. Pity Whale couldn’t have done the same thing, though with other bits fed to the guillotine.

  5. ghostwhowalksnz 5

    128 bit encryption ? Isnt that a bit weak these days

    • lprent 5.1

      Not uncommon on payment sites. If you are looking at man in the middle attacks there isn’t much point in having encryption on one leg that is stronger than that on other legs. Typically the banks set their standards long ago.

      I must pop on to the computer downstairs. I can’t read the flo2cash statement on my iPad.

      • Bazar 5.1.1

        128bit encryption is perfectly fine. Its already in the overkill stage.

        It’d probably take more energy in our solar system powering a pc for a trillion years, then to crack 128 bit encryption given a brute force attack.

        There was something like a slight flaw in a leading encryption alogorithm discovered a while back, if it uses that alothirim, then perhaps it’d only take a billion years and the power of our sun to do it.

        • infused 5.1.1.1

          Not quite. There is a reason you cannot use more than 128bit encryption in the US. It’s not crackable in our lifetime. 128 is.

  6. ron 6

    Can we all just agree that Slater et al are f*#k heads and leave it at that?

    • ZeeBop 6.1

      Sorry but hasn’t Slater broke the law if he suggests that? If a donor is forced to change their credit cards at time and cost, then finds out that Slater never had the details. So he must have them. Any credit card company would be very concerned by what Slater is saying, it makes them look bad too, the more cases of credit card numbers the less integrity there is the their product, and so will they be mighty happy to take Slater to task if he were lying. Oh, oops, maybe the data has fake credit cards numbers, like a bank who hold a marked bank note in the cashier draw.
      Slater should be more mindful of the wikileak of massive amount of US intelligence, just because
      a diplomat says it in private does not make it US policy. How exactly does Slater know those are correct credit card numbers.

      • Kaplan 6.1.1

        That is a very interesting point. I know for a fact that my credit card details will be in there. I wonder if a complaint to the police about my information ‘potentially’ being stolen is warranted?

        • lprent 6.1.1.1

          Your credit card details won’t be there.

          However information that you have provided to Labour for a specific purpose is now in the hands of Whaleoil (and probably the National party – somehow I don’t really believe their “I didn’t inhale defense”). There is nothing to prevent you from making a complaint as there is a prima facia case that information you own (as the privacy act makes quite clear) is in the hands of someone not authorized to have it.

          • Gosman 6.1.1.1.1

            Yes but who is at fault here for the information getting into the public domain. If it was in a banking environment the onus is on the bank to keep your information securely and if it doesn’t then the issue is with the bank who stored the information not with the people who accessed the information. One of the reasons for this is practicality. If 1000 people accessed your information it is obviously difficult to try and get recourse from each of these 100 people. It is much easier to go directly to the organisation that should have kept your information securely.

          • rouppe 6.1.1.1.2

            Then the complaint should be against the Labour Party. They were the ones who collected it and are responsible for making sure it isn’t compromised.

            Principle 5 of the Privacy Act.

            • Kaplan 6.1.1.1.2.1

              I completely disagree. If I give any property or information to someone and they leave it unsecured, sure I can be upset with them, but if an unauthorised person takes it KNOWLINGLY from the people I have entrusted it to then they are the ones that have committed the crime.
              In this case it’s Cameron Slater who ‘claims’ to have my credit card details. I’ve never authorised him to have them so a complaint to the police seems warranted.
              At the very least I am going to ring my bank and seek their advice. Perhaps they will take a complaint against him.

              • rouppe

                What crime?

                This is akin to some Labour staffer dumping the records into a skip and then complaining that someone went through the skip and pulled them out again.

                This is not akin to someone entering your home. Your home is private property. An unsecured server is public. If you have wi-fi at home and haven’t secured it, you can’t complain if someone uses your bandwidth.

                It is up to the collector of the information to ensure that it is secure against loss, access and disclosure. The collector was the Labour Party.

                • Draco T Bastard

                  Pretty sure that going through someone else’s rubbish is illegal. It’s still their rubbish.

                  • rouppe

                    If the skip or rubbish bin is in a public place then it is most certainly not illegal.

                    That is why Police can sift through rubbish dumps without a warrant, whereas they can’t sift through your house without a warrant

                    • Draco T Bastard

                      Nope, When I worked for a contractor that dealt with rubbish in Auckland we had to get permission from the council before we opened the rubbish that had been dumped to see if we could find an address to charge the bastards.

                    • The Voice of Reason

                      It’s both theft and trespass to take from bins on private property and it’s a handy real world corollory to the digital world charges Slater would face if he had the guts to go through with his threat to publish the names.

                    • rouppe

                      Fair enough.

                      I concede I was wrong on that point.

                  • Bunji

                    Yup taking or going thru rubbish is illegal.

                    • Jim Nald

                      Indeed.

                      For the NZ context, the Crimes Act is applicable and see also this piece:

                      http://www.odt.co.nz/opinion/opinion/42471/there-are-ways-and-ways-thieving

                    • McFlock

                      Yeah the police can search a dump because the owners (the local council) let them, although if the council said “no” the police would then need a warrant or statutory power (e.g. s19 search powers).

                      It varies from country to country, but generally everything is owned by somebody. Some places let you take a person’s rubbish bags from the street, but if the refuse contractor is paid by the tonnage then you’re stealing from them. If they have a nice incremental revenue stream from salvage/ reuse/ composting, then you’re stealing from them. Some countries/ states  regard rubbish bins/bags in the street as “plain view” searches, but it still belongs to somebody.

                      Nice try though.

                  • ZeeBop

                    If you pick rubbish up to recycle it, then I think that’s permissible. I think
                    where it gets illegal is when information is gathered from the rubbish,
                    since the rubbish is paid by the owner to have it removed, and the
                    expectation that the rubbish remains private is assumed. The theft is
                    the loss of privacy. If you have information you want to dump in
                    the rubbish, and there are people who will take newspaper to read
                    out of the paper recycler bin, then you should put the information
                    in with the wet rubbish, DUH.

                    Now what about dumpster diving. Well yes there is a commerical
                    interest to have the food go to waste, so consumers but new, and
                    the health issues. But conversely if you can’t afford it, are in end
                    of food, can’t get a benefit because WINZ don’t believe in the social
                    security net, then I would say plunge away.

                    Now what about the yellow pages, great for recylcing, but
                    the owner might have written in the margins. Mostly undiscernable
                    but some might make sense. So should that information then sit
                    in your fire basket waiting for years to dry out with information
                    that a person left on it, well if they also wrote their name on the
                    yellow pages!!!! Who does that??

                    I think once you have come into information that you should
                    not of, like you come into possession of property, you have
                    a duty to take it too the police and if nobody claims it, then
                    claim and use it????? Would Police be reckless if they let you have
                    the used needle you found back?

                • If you have wi-fi at home and haven’t secured it, you can’t complain if someone uses your bandwidth.

                  rouppe, why on earth do you think that – in these circumstances – someone can’t complain? I certainly would. If I can’t complain about someone doing something that is wrong and that they would know was wrong, then under what circumstances would I be able to complain about anything? (Please don’t answer ‘If someone broke the law’ because that would be the reduction of social sanctions to legal sanctions – and no society could exist on that alone.)

                  Should we have no expectations of each other’s behaviour?

            • mickysavage 6.1.1.1.2.2

              This issue is not an either or.  

              I am absolutely certain there has been some private ass kicking within the Labour Party.  I am satisfied with the steps that have been taken.

              I am also concerned that the Nats have information about me. This does not prevent me or others from asking and the way I see it they are under an obligation to provide.  I am also keen to find out what they thought gave them the right to download the data.

              • Gosman

                I’d suggest your faith in the Labour Party resolving this issue might be blinded by your idealogical bent rather than reflecting what the reality may actually be. It would probably pay for you to do what lprent has done and request an assurance from Labour that your personal information will not be kept in such a sloppy unprotected manner in future.

                • lprent

                  I didn’t request an assurance, that would definitely be the wrong word for it.

                  I have had a series of very sarcastic conversations with various people asking how it happened, what they are doing to fix it, offering my assistance if it is required, and asking what steps have been taken to ensure that it doesn’t happen again. 

                  I think that “arse-kicking” would be a better description. It was an accident and it was one that shouldn’t have happened. But I’ve been around human/managerial/computer systems long enough to know that they will. What I was really concerned about was the way that a single failure opened so much of the system up. There simply wasn’t enough layering of protection in there.

                  However that doesn’t detract from the fact that what the National Party and Whaleoil did was morally and almost certainly legally reprehensible – which is what you seem to want to avoid talking about. I guess you have a double standard?

                  • Draco T Bastard

                    No, he has only one standard – cover up the immoral dealings of NAct at all costs.

  7. Sam 7

    As a spectator, the show that you guys and whale have put on this week has been highly entertaining!

    Thanks! 😀

  8. Tangled up in blue 8

    I noticed on TV3s Firstline this morning that Garner was spinning that National have done nothing wrong and that Labour were trying to blame National for everything.

    • r0b 8.1

      Didn’t see it, but I heard that Garner confirmed that the Nats passed on the details to Slater.

      • Gosman 8.1.1

        Please provide evidence for this please. At the moment it is just hearsay from you.

        • Jim Nald 8.1.1.1

          Here .. ?

          http://www.3news.co.nz/The-Week-in-Politics/tabid/419/articleID/215314/Default.aspx

          From around 2’53 – 2’58” (out of 4’16” … although note that the timing on the clip restarted part way)

          Duncan Garner:
          “if you look at some of the hits on the Labour Party’s website last weekend,
          yes, someone from National Party headquarters tried to get in there
          although they didn’t and it looks like they passed the information on
          to Whaleoil to go and do it himself which he did”

          • Lanthanide 8.1.1.1.1

            That’s not a “confirmation”, just Garner repeating hear-say.

            • Pascal's bookie 8.1.1.1.1.1

              I though Gos was after confirmation that Garner said it.

              And Garner is saying from the evidence, it looks like National passed it on…

              No?

              • Lanthanide

                r0b said Garner “confirmed” it. r0b could have just said “Garner said it”, but he didn’t.
                 
                So my interpretation of what r0b wrote is that he had heard that Garner had new, inside information which he stated on the show. Whether or not Gosman interpreted what r0b said in the same way I did, I don’t know.

                • r0b

                  Yes, I was careful to point out that I was repeating something I’d “heard” (seen claimed elsewhere).  The person who made the original claim may be correct or not, I don’t know, and don’t have time to find out right now!

      • Tangled up in blue 8.1.2

        I’ve re-watched it and yes although he does say that National didn’t get in, you’re right his comment about Labour blaming National looks to be in context of passing details to Slater.

        http://www.3news.co.nz/The-Week-in-Politics/tabid/370/articleID/215314/Default.aspx

        This week they’ve tried to blame the National Party because if you look at some of the hits on the Labour Party website last weekend yes someone from National Party headquarters tried to get in there, although they didn’t, and it looks like they’ve passed the information on to whaleoil to go and do it himself which he did.

        edit: beaten by Jim!

  9. Jim Nald 9

    I have yet to catch up with the NZ news sites which I tend to shun these days (The Standard is my first call before I look up Google news).

    Can someone tell me whether the so-called list of 18,000 will be publicly released or not?

    I’ll pledge here that for the detail of every one donor that is released, I’ll donate one cent to the Labour Party.

  10. rouppe 10

    Well Flo2Cash might be secure, but the point is that this is only fine once the data gets there.

    The original collection point for the credti card data was on Labour servers, the card (PAN) data was retained when it shouldn’t be, it was retained in a non-PCI-DSS compliant way (i.e. there is no obfuscation of the PAN data), and the server was then left wide open.

    I haven’t seen WO’s files, and I didn’t bother going to look at the cached data. But if there are credit card numbers among that data, then Labour really screwed up.

    [Read the post. There are no credit card details in the cached data. Credit card details were never stored on the Labour site. — r0b]

    • I just went and made a donation.  When I got to the stage of entering in credit card details I was taken to the flotocash website and away from the Labour website.  There was extra code in the url to obviously record who the donation was for but it was definately flotocash’s site.
       
      If anyone else wants to do the same they start at http://labour.org.nz/civicrm/contribute/transact?reset=1&id=1

    • lprent 10.2

      If the long text string in the video is what you’re referring to, then it wasn’t a PAN – wrong format. It looks like a transaction ID or a transaction key.

    • rouppe 10.3

      Well good then. That’s a major concern taken care of.

      That means the only problem is the public finding out who the donors are.

      You thought WikiLeaks was good, and the information disclosed there was protected, and was secured, but leaked by someone in a privileged position.

      Disclosing the names there could lead to their death, but that seemed to be fine. Why is this leak is a travesty of the most humungous proportions?

      • Lanthanide 10.3.1

        1. A lot of the stuff wikileaks has had names and identifying details redacted.
        2. Wikileaks leaked stuff about large corporates, governments, and their mechanations. Not private details about members of the public.
         
        It took me 2 minutes to come up with that. I’m sure there are many other differences between them, too.

      • lprent 10.3.2

        The leak isn’t – that is an accident that needs to be fixed.

        What is of interest is that Whaleoil was talking about releasing private information to the world with no more “public interest” motivation than if he’d want to display his cock size. And it is easy to argue that is what he was doing by publishing the details (doing a “Weiner”).

        Since he has no “public interest” protections in the legal sense, then he should probably be prosecuted at some level for what he did do. Of course being Whale, he will attempt to feebly avoid the consequences of his actions in the same way that he did when he violated the suppression laws. He isn’t exactly well known for his stands on principles – more for his displays of juvenile narcissism.

        The other question is that knowing what Whaleoil was likely to do, why did someone in the National Party, probably quite senior, feel that it was a good idea to pass the details about how to such a juvenile narcissist. That doesn’t seem to be a particularly wise thing to do, and even it was not criminally negligent then you could certainly make a case that it directly violated several aspects of the privacy laws.

    • lprent 10.4

      And besides your statement is that of a technical idiot, how exactly do you get the PAN from the mag stripe on the card into a payment made on the internet?

      • Lanthanide 10.4.1

        He’s clearly just name-dropping things like “PAN” in order to sound like he knows what he’s talking about.

        • rouppe 10.4.1.1

          Actually, that is only part of the information on the mag stripe. The PAN is the primary account number – the number embossed on the front of the card and usually entered in an online transaction.

          It took me less than 2 minutes to come up with that.

          So since you failed in your attempt to divert the question, what is so bad about leaking details about donors to the Labour organisation, when it was OK for WikiLeaks to leak details about different organisations

          • lprent 10.4.1.1.1

            Interesting. I have only come across it in the context of the magnetic strip or smart cards at the programming level.

            But in any case it is still the wrong format if you look at it as a human or as a machine. The payment system is such that Labour’s website never sees the payment details like credit card numbers or CVV’s.

  11. djg 11

    Rob, has the Labour party made the same statement,

    “There are no credit card details in the cached data. Credit card details were never stored on the Labour site.”

    if not will they do so ? I note the letter above from Flo2cash but that only refers to there own site and process.

    It would be a very compelling statement from the President.

    [lprent: It was in the press statement several days ago. Look it up.

    In the meantime I have trashed most of the flame thread that arose from this troll comment as being of zero interest to anyone. djg, you are now on troll watch. CV – constrain yourself or I will do it for you. ]

    • Colonial Viper 11.1

      Hey djg, why don’t you charge for your valuable advice? A-hole.

      [lprent: Don’t feed the trolls. ]

    • djg 11.2

      But I see Colonial Viper’s first abuse remains. That’s nice work.

  12. randal 12

    what the hell uis going on.
    these people have comitted a crime but you are carrying on as if it is just some interweb jape.
    are these crums above the law?
    get the cops on them right away and dont let up.

  13. infused 13

    “Having demonstrated complete technical incompetence”

    Yeah, still claiming it was a security hole eh? yawn

    • Colonial Viper 13.1

      It was an unsecured webserver where confidential information not intended for public access was stored.

      That confidential information was then accessed by parties who did not have authorisation to do so.

      I’m happy to keep repeating this as long as you’re happy to be obtuse 🙂

      • Gosman 13.1.1

        Was the information in question tagged in anyway as being confidential and not for the general public? If not then you are then you have to presuppose that people have to make a distinction between public data on a publically available website and private data on a publically available website. You see the issue there don’t you?

        • Lanthanide 13.1.1.1

          Anyone that could make sense of the data would know what it was and that it wasn’t *intended* for public consumption. Therefore those who specifically took the data *knew* they were taking something that they shouldn’t have had access to.
           
          As we’ve seen with the looting in Christchurch, there’s quite a difference between someone with autism stealing light fittings out of houses because he has an affinity to them, and someone else stealing a generator that was to be used to power a cell-site.

  14. wawot 14

    I don’t know much about this so could you please clarify:

    Your quote from the whale blog has the following bit edited out…

    “….with that assurance.

    In the MySQL data­base files there were also plain txt strings that con­tained other data­base pass­words along with the user name and pass­words of their credit card provider.

    $db_url = ‘mysqli://labour_admin:N0t3b00kC0r0n3t@localhost/labour_production’;

    which equates to $db_url = ‘mysqli://username:password@localhost/databasename’;

    Their credit card….”

    From the example provided the username is labour_admin and the password is N0t3b00kC0r0n3t, which although it mightn’t be a credit card, is a username and password to something?

    After reading a bit on this blog and some on the other blog I’d tend to be scaremongered if I was a Labour supporter.

Recent Comments

Recent Posts

  • NZ economy strong amid global headwinds
    New Zealand’s economic strength and resilience has been recognised in a major update on the state of the global economy. The IMF’s latest World Economic Outlook released overnight shows a reduced global growth forecast over the next two years as issues like the US-China trade war and Brexit take hold. ...
    BeehiveBy beehive.govt.nz
    41 mins ago
  • Keeping New Zealanders safer with better counter-terrorism laws
    Justice Minister Andrew Little has today introduced a new Bill to prevent terrorism and support the de-radicalisation of New Zealanders returning from overseas. The Terrorism Suppression (Control Orders) Bill gives the New Zealand Police the ability to apply to the High Court to impose control orders on New Zealanders who ...
    BeehiveBy beehive.govt.nz
    48 mins ago
  • Improved succession and dispute resolution core of Ture Whenua changes
    A Bill that proposes targeted changes to simplify the processes for Māori land owners when engaging with the Māori Land Court has had its First Reading today. “The approach taken by the Government is to ensure that the protection of Māori land remains a priority as we seek to improve ...
    BeehiveBy beehive.govt.nz
    2 hours ago
  • Speech to CTU Biennial Conference
    Let me first thank all the new unionists and members in the room. There is nothing more important to improving people’s working lives than people making the decision to care, to get on board and help, to take up the reins and get involved. Congratulations to you. You bring the ...
    BeehiveBy beehive.govt.nz
    2 hours ago
  • Minister ensures continued Whenuapai flight operations
    Minister of Defence Ron Mark has signed a certificate exempting the activity of engine testing at Whenuapai Airbase from the Resource Management Act 1991. The Act gives the Minister of Defence the power to exempt activities for the purposes of national security.  The certificate will mean the recent Environment Court ...
    BeehiveBy beehive.govt.nz
    2 hours ago
  • NZ joins Coalition of Finance Ministers for Climate Action
    Finance Minister Grant Robertson has announced New Zealand will join the Coalition of Finance Ministers for Climate Action while attending APEC meetings in Chile. The objective of the 39 member Coalition is to share information and promote action to tackle climate change. It was formed in April this year, in ...
    BeehiveBy beehive.govt.nz
    5 hours ago
  • CTU speech – DPM
    Ladies and gentlemen, NZCTU President Richard Wagstaff, members of respective unions – thank you for the invitation to speak to you today. This might be preaching to the choir, but the importance of trade unions in New Zealand’s historical arch is difficult to understate. And it is my belief that ...
    BeehiveBy beehive.govt.nz
    1 day ago
  • Police Association Annual Conference
    "Let’s start by acknowledging that it has been a huge year. " Police Association Annual Conference James Cook Grand Chancellor Hotel Wellington Nau mai, haere mai. Tēnā koutou, tēnā koutou, ka nui te mihi, ki a koutou katoa. President of the Police Association, Chris Cahill; Members of the Association and ...
    BeehiveBy beehive.govt.nz
    1 day ago
  • New Zealand announces a further P-3 deployment in support of UN sanctions
    Minister of Foreign Affairs Winston Peters and Minister of Defence Ron Mark have announced the New Zealand Government’s decision to again deploy a Royal New Zealand Air Force P-3K2 (P-3) maritime patrol aircraft to support the implementation of United Nations Security Council (UNSC) resolutions imposing sanctions against North Korea. New ...
    BeehiveBy beehive.govt.nz
    1 day ago
  • New Zealand deeply concerned at developments in north-east Syria
    Foreign Affairs Minister Winston Peters says New Zealand continues to have serious concerns for peace and stability in north-east Syria. “Recent reports that hundreds of ISIS-affiliated families have fled from a camp are deeply concerning from a humanitarian and security perspective”, Mr Peters says. “While we acknowledge Turkey’s domestic security ...
    BeehiveBy beehive.govt.nz
    1 day ago
  • Government on high alert for stink bugs
    Biosecurity Minister Damien O’Connor is warning travelling Kiwis to be vigilant as the high-season for the crop-eating brown marmorated stink bug (BMSB) is under way. “We’re on high alert to stop BMSB arriving in NZ. The high season runs until April 30 and we’ve strengthened our measures to stop stink ...
    BeehiveBy beehive.govt.nz
    1 day ago
  • Better protections for students in halls of residence
    The Government is moving swiftly to change the law to improve the welfare and pastoral care of students living in university halls of residence and other tertiary hostels. Cabinet has agreed to several changes, including creating a new mandatory Code of Practice that sets out the duty of pastoral care ...
    BeehiveBy beehive.govt.nz
    2 days ago
  • New trapping guide for community and expert trappers alike
    The Minister for Conservation Eugenie Sage has launched a new comprehensive trapping guide for community trappers to help them protect our native birds, plants and other wildlife, at Zealandia in Wellington today. ‘A practical guide to trapping’, has been developed by the Department of Conservation (DOC), and was launched during ...
    BeehiveBy beehive.govt.nz
    2 days ago
  • Widening Access to Contraceptives Welcomed
    Associate Health Minister Julie Anne Genter welcomes PHARMAC’s move to improve access to long-acting reversible contraception (LARCs). PHARMAC has today announced it will fund the full cost of Mirena and Jaydess for anyone seeking long term contraception, lifting previous restrictions on access to Mirena. “I welcome women having greater choices ...
    BeehiveBy beehive.govt.nz
    2 days ago
  • Major upgrade for Taranaki Base Hospital
    The Government has approved the next stage of a major redevelopment of Taranaki Base Hospital, which will deliver new and improved facilities for patients. Health Minister Dr David Clark has announced details of a $300 million dollar project to build a new East Wing at the New Plymouth hospital. It ...
    BeehiveBy beehive.govt.nz
    3 days ago
  • Extra support for rural families
    Extra funding will allow Rural Support Trusts to help farming families, says Minister for Rural Communities and Agriculture Damien O’Connor. “I know that rural families are worried about some of the challenges facing them, including the ongoing uncertainty created by the Mycoplasma bovis outbreak. “Those concerns sit alongside ongoing worries ...
    BeehiveBy beehive.govt.nz
    4 days ago
  • Howard Leaque Beekeeper programme graduation
    Thank you for the opportunity to be here to present certificates to the 16 graduates who have completed a beekeeping course delivered by the Howard League.  Let us start by acknowledging Auckland Prison’s Deputy Prison Director Tom Sherlock, and Acting Assistant Regional Commissioner of Corrections Northern Region Scott Walker - ...
    BeehiveBy beehive.govt.nz
    5 days ago
  • Finance Minister to attend APEC meetings
    Finance Minister Grant Robertson leaves this weekend to attend the APEC Finance Ministers meeting in Santiago, Chile. Discussions between APEC Finance Ministers at the meeting will include the effects of the current global economic uncertainty, risks for APEC economies and sustainable development of the region. While at APEC Grant Robertson ...
    BeehiveBy beehive.govt.nz
    5 days ago
  • Pacific languages are a source of strength, they ground us and build confidence
    The Minister for Pacific Peoples Aupito William Sio says for Pacific people, language can be a source of strength. It can help ground us and give us confidence. When we speak them, our languages provide us with an immediate and intimate access to our identity and our story - and ...
    BeehiveBy beehive.govt.nz
    5 days ago
  • Major boost to support disabled people in sport and recreation
    The Coalition Government has announced an action plan to improve the wellbeing of disabled New Zealanders by addressing inequalities in play, active recreation and sport. The initiative includes training to develop a workforce that understands the needs of children and young people with a range of impairments, advocacy for fit ...
    BeehiveBy beehive.govt.nz
    5 days ago
  • More prefab homes to be built as red tape cut
    The construction sector is being freed up to allow more homes to be built more quickly as the Government cuts through some of the red tape of the Building Act.  “Every New Zealander deserves a warm, dry, safe home and old inefficiencies in the Building Act make building slow and ...
    BeehiveBy beehive.govt.nz
    5 days ago
  • Further details of Prince of Wales and Duchess of Cornwall visit to New Zealand
    Prime Minister Jacinda Ardern has welcomed further details on the Prince of Wales and Duchess of Cornwall’s visit to New Zealand next month. Their Royal Highnesses will visit New Zealand from 17-23 November – their third joint visit to New Zealand and first in four years. They arrive in Auckland ...
    BeehiveBy beehive.govt.nz
    5 days ago
  • O’Connor in Thailand to push for RCEP deal
    Minister of State for Trade and Export Growth and Minister of Agriculture, Damien O’Connor, heads to Thailand today to attend the final Regional Comprehensive Economic Partnership (RCEP) Ministerial meeting, as negotiations enter their final stages. “The RCEP Agreement would anchor New Zealand in a regional agreement that covers 16 countries, ...
    BeehiveBy beehive.govt.nz
    5 days ago
  • Young Pacific people can access earning and learning opportunities in Hawke’s Bay, Otago and South...
    Pacific young people living in the Hawke’s Bay, Southland and Otago regions will have access to support services that have proved successful in helping young people find new earning and learning opportunities. “Tupu Aotearoa is about changing Pacific young peoples’ lives. Our young people are talented, they are smart, they ...
    BeehiveBy beehive.govt.nz
    6 days ago
  • Protecting wellbeing – ACC HQSC Trauma Forum
    Introduction As the Minister for ACC I thank you all for the work that you do supporting New Zealanders in their literally most vulnerable moments. From those who hold people’s lives in their hands, to the people who research technique, technology and trends, your work is highly valued. A special ...
    BeehiveBy beehive.govt.nz
    6 days ago
  • NZ economy in good shape – notes prepared for speeches in Christchurch
    Notes prepared for speeches in Christchurch – Wednesday 9 October 2019 Today’s topic, “trends and opportunities for the New Zealand economy,” is certainly one getting a great deal of commentary at the moment. Looking across the media landscape lately you’ll notice we aren’t the only ones having this discussion. There ...
    BeehiveBy beehive.govt.nz
    6 days ago
  • World Mental Health Day a reminder of the importance of mental health work
    Minister of Health Dr David Clark and Associate Minister of Health Peeni Henare say this year’s World Mental Health Day theme is a reminder of why the Government’s work on mental health is so important. “This year the World Federation for Mental Health has made suicide prevention the main theme ...
    BeehiveBy beehive.govt.nz
    6 days ago
  • Cultural Ministers Meeting
    Associate Arts, Culture and Heritage Minister Carmel Sepuloni will represent the government at Australia’s Meeting of Cultural Ministers in Adelaide this week. “This year’s meeting is special because New Zealand is expected to become an International Member of the Meeting of Cultural Ministers at this Australian forum,” Carmel Sepuloni said. “The meeting is an opportunity to ...
    BeehiveBy beehive.govt.nz
    7 days ago
  • 608 claims resolved by GCCRS in first year
    The Greater Christchurch Claims Resolution Service has resolved 608 insurance and EQC claims in its first year in operation, Minister Megan Woods has announced. The government service, which celebrates its first birthday today, provides a one stop shop to help Cantabrians still battling to get their homes repaired or rebuilt ...
    BeehiveBy beehive.govt.nz
    7 days ago
  • NZ economy in good shape
    Today’s topic, “trends and opportunities for the New Zealand economy,” is certainly one getting a great deal of commentary at the moment. Looking across the media landscape lately you’ll notice we aren’t the only ones having this discussion. There has been an increasing amount of attention paid to the outlook ...
    BeehiveBy beehive.govt.nz
    1 week ago
  • NZTA to refocus on safety following review
    The Government is acting swiftly to strengthen NZTA’s regulatory role following a review into the Transport Agency, and Ministry of Transport’s performance as its monitor, Transport Minister Phil Twyford said today. An independent review by Martin Jenkins has found NZTA failed to properly regulate the transport sector under the previous ...
    BeehiveBy beehive.govt.nz
    1 week ago
  • Joint Cooperation Statement on Climate Change between the Netherlands and New Zealand
    The Netherlands and New Zealand have a long-standing and close relationship based on many shared interests and values. We value the rule of law, our democracies, and multilateralism.  And we value our environment – at home and globally. Right now there are major global challenges in all of these areas – ...
    BeehiveBy beehive.govt.nz
    1 week ago
  • Government putting right Holidays Act underpayment in Health
    The Government is putting right a decade’s worth of underpayment to nurses, doctors and other health workers, says Health Minister Dr David Clark.  Initial sampling of District Health Boards payroll records has found that around $550-$650 million is owed to DHB staff to comply with the Holidays Act. It’s expected ...
    BeehiveBy beehive.govt.nz
    1 week ago
  • Government accounts show strong economy
    A strong surplus and low debt show the economy is performing well, and means the Government is in a good position to meet the challenges of global economic uncertainty. “The surplus and low levels of debt show the economy is in good shape. This allows the Government to spend more ...
    BeehiveBy beehive.govt.nz
    1 week ago
  • Ministers approve application to expand Waihi mine
    New applications from mining company OceanaGold to purchase land in Waihi for new tailings ponds associated with its gold mines have been approved. Minister of Finance Grant Robertson and Associate Minister of Finance David Parker considered the applications under the Overseas Investment Act. Earlier this year, applications from OceanaGold to ...
    BeehiveBy beehive.govt.nz
    1 week ago
  • Tuia 250 Voyage flotilla launches with tribute to tangata whenua
    New Zealanders in Tūranganui-a-Kiwa / Poverty Bay will witness Māori, Pākehā and Pacific voyaging traditions come together today as the Tuia 250 Voyage flotilla assembles for the first time, Māori Crown Relations: Te Arawhiti Minister Kelvin Davis says. “Tuia 250 is a national commemoration and an opportunity for honest conversations ...
    BeehiveBy beehive.govt.nz
    1 week ago
  • Visit to advance trade agenda with Europe and the Commonwealth
    Minister for Trade and Export Growth David Parker leaves tomorrow for Dubai, London and Berlin for a series of meetings to advance New Zealand’s trade interests.  In Dubai he will visit New Zealand’s Pavilion at Expo 2020 where construction is underway.  There he will meet Minister of State for International Cooperation, Her ...
    BeehiveBy beehive.govt.nz
    1 week ago
  • More cancer drugs confirmed – even more on horizon
    Confirmation that PHARMAC will fund two new cancer drugs is further evidence of the good progress the Government is making to improve the treatment of New Zealand’s leading cause of death, Health Minister David Clark says. From 1 December PHARMAC will fund alectinib (Alecensa) for ALK positive advanced non-small cell ...
    BeehiveBy beehive.govt.nz
    1 week ago
  • Boost for women in high performance sport
    An additional $2.7 million has been announced for the Government Strategy for Women and Girls in Sport and Active Recreation on the first anniversary of the strategy’s launch. Sport and Recreation Minister Grant Robertson gave the opening address to the first Sport NZ Women + Girls Summit in Wellington today, ...
    BeehiveBy beehive.govt.nz
    1 week ago
  • Parent support to help retain skilled migrants
    As part of its work to ensure businesses can get the skilled workers they need, the Coalition Government is re-opening and re-setting the Parent Category visa programme, Immigration Minister Iain Lees-Galloway says. The move will: support skilled migrants who help fill New Zealand’s skills gaps by providing a pathway for ...
    BeehiveBy beehive.govt.nz
    1 week ago