web analytics

Scaremongering on credit cards

Written By: - Date published: 7:22 am, June 16th, 2011 - 100 comments
Categories: blogs, dpf, Ethics, making shit up, national - Tags: ,

Cameron Slater is still spreading disinformation about the data taken from Labour’s web site. Specifically he is claiming that people’s credit card details are at risk:

The problem however was much worse than that. Way worse. Remember that Chris Flatt the Labour General Secretary sent out a letter and email to their donors assuring them that their credit card details were safe. He shouldn’t have been too hasty with that assurance.

Their credit card provider admin details were:

“Flo2Cash_Donate\”;s:9:\“user_name\”;s:8:\“nzlabour\”;s:8:\“password\”;N;s:9:
\“signature\”;N;s:8:\“url_site\”;s:63:\

“https://secure.flo2cash.co.nz/donations/labourparty/donate.aspx\”;s:7:
\“url_api\”;N;s:9:\“url_recur\”;s:63:\

“https://secure.flo2cash.co.nz/donations/labourparty/donate.aspx\”

I never accessed those areas, to do so would have been illegal.

OK that’s pretty funny! Those aren’t “areas” – they are secure (encrypted) links to the web site of the transaction handler Flo2Cash. Slater couldn’t “access” them in a million years. Credit card details go straight to the Flo2Cash server without ever touching the Labour Party site. Neither the username, nor the password needed to access Flo2Cash were stored in the site database that the Nats (and subsequently Slater) accessed. See the statement from Flo2Cash below.

Having demonstrated complete technical incompetence, Slater heads off in to the realm of pure scaremongering:

But given that their systems were open and exposed long enough that Google and 9 other bots were able to cache the entire directory system there is a good chance that Russian or Nigerian scamsters also were able to obtain access to the data base and credit card processing passwords that Labour left exposed. Chris Flatt can not give any assurances that their donor details including credit cards were safe and secure.

Farrar (who should know better) is repeating this drivel. Whether they’re just stupid, or whether they know they’re spreading lies, it amounts to the same thing. National’s bloggers are trying to spread disinformation and concern amongst innocent members of the public. It’s a scummy tactic, but then that is their usual style.

100 comments on “Scaremongering on credit cards ”

  1. PeteG 1

    Whether they’re just stupid, or whether they know they’re spreading lies, it amounts to the same thing. National’s bloggers are trying to spread disinformation and concern amongst innocent members of the public. It’s a scummy tactic, but then that is their usual style.

    That’s an interesting accusation coming from you R0b. What would you know about that sort of tactic?

    I don’t like some of what is being done over the credit cards, but it seems like dirty political business as usual, it’s what polipeople want.

    [lprent: r0b doesn’t. In fact he leans over backwards not to. I note that you have offered absolutely nothing to backup that statement. If you read the policy you will find that we don’t allow this type of unsupported underhanded attack on our authors.

    Banned for a two weeks. You should be careful – after this level the ban lengths really start to escalate. You’d have to ask yourself if the cheap thrill you experience is worth it. Even a critic who never says much of substance should be able to understand that. ]

    • wtl 1.1

      FFS, surely if you are serious about improving NZ politics you should be criticising all sides when they blatantly make shit up.

      And yes, you can do that at the same time as trying to point out the ‘Your NZ’ will offer a great new way of doing things. Frankly, it doesn’t inspire much confidence in you or ‘Your NZ’ when you refuse to take a stance on issues such as this.

    • RedLogix 1.2

      I don’t like some of what is being done over the credit cards

      Yeah but you can’t quite bring yourself to condemn it can you?

      • PeteG 1.2.1

        I’ve already condemned it – I’ll repeat specifically if you like.

        It had to be revealed that credit card information was potentially at risk. That’s where I think it should have ended, there should have been no consideration that any of the credit card information should be revealed by anyone, nor threatened.

    • r0b 1.3

      That’s an interesting accusation coming from you R0b. What would you know about that sort of tactic?

      I don’t spread lies to scare innocent individuals.  You can apologise for that shit PeteG, or you can have a week off.

      [lprent: Just banned him. That is one of the self-martyrdom offenses. Sorry, you cannot protect him from that type of offense by getting in there first. ]

      • PeteG 1.3.1

        Attack bloggers for the Nats, a party which runs as a franchise of an Australian company (Crosby Textor)…

        You can’t make this stuff up…

        I think you did make that stuff up.

        If you don’t consider innocent individuals read this blog, and if you don’t think anyone reading this blog is scared by CT paranoia, then I’m happy to apologise.

        [lprent: You’re putting up a sentence of satire from a sarcastic as an explanation? That is beyond being weak.

        Well I have already banned you. But add another week for apparently lacking sense of humor or proportion – but mostly for being really stupid. I could do with the time off from reading you.

        See you in July. ]

        • Gosman 1.3.1.1

          Yes but left wing scaremongering is okay because the ‘evil’ capitalists are really out their trying to screw the workers and eat their babies.

        • r0b 1.3.1.2

          I think you did make that stuff up.

          I think you haven’t read The Hollow Men.

          Anyway, I see that lprent has already sorted you out, so see you in 2 weeks I guess.

        • Kevin Welsh 1.3.1.3

          Ha! More time to watch your Pollyanna DVD collection now PeteG.
          All together now, lets sing the ‘Glad’ song…

      • PeteG 1.3.2

        You’re opening yourself up to claims of political censorship, but I guess you know that.

        [lprent: *grin* I have to let this idiotic comment through. This is from someone who has his own site, and who spends a lot of time commenting at the sewer – hardly short of outlets. What I suspect that he actually means is that he’d like to keep freeloading his party and site on this site’s readership.

        If so, then he should have taken notice of the policy and avoided letting his own behavior fall into a zone that I’d have to act on. There are some behaviors that I don’t tolerate on the site and making unsubstantiated attacks on authors is pretty close to the top of the list.

        It is hard enough to get people to come on board and write the posts without having a blowhard coming in and slagging them off with nothing supporting their statements.

        He was just lucky that he’d accumulated enough brownie points from his comments. My first instinct was to ban him until after the election (and no – I cannot be persuaded to change my mind) ]

        • Jim Nald 1.3.2.1

          Thanks for sparing me from reading rubbish.
          I’ll express my appreciation by doubling my next cash donation to The Standard.

          • Anne 1.3.2.1.1

            My thanks too and there will be a cheque coming in the post.

            • hawk 1.3.2.1.1.1

              Yes using a credit card would be rather unwise, I agree. Labour dont have a great track record of protection.

              • Draco T Bastard

                Actually, they have an excellent track record. Or, to put it another way, one breach does not make track record – unless you’re a National Party stooge stuck on repeat.

              • Anne

                Tongue in cheek hawk.. tongue in cheek.

          • Jim Nald 1.3.2.1.2

            Well, National’s secret and blindingly obvious trusts, eg Waitemata Trust, won’t be getting any of my money this time.

  2. Luva 2

    r0b you are giving crazy whales story way more legs than it deserves.

    In my opinion he was never going to do anything with the data he found. He wanted to send the blogosphere and specifcally the far left blogosphere into a tail spin. And given the enormous amount of comments on this subject this week he has suceeded in his mission.

    He doesn’t care about the morality or legality of his actions. Whale lives and breathes off the reactions he gets from his posts. Ignoring him would suffocate him. Daily ranting about him brings him back to life

    • r0b 2.1

      r0b you are giving crazy whales story way more legs than it deserves.

      After it blew up in their faces, it needed all the legs it could get.  And in particular those lies on the credit cards, designed to scare specifically targeted individuals, needed to be countered.

      • Luva 2.1.1

        I acccept your point but I don’t think he will see it like that. I don’t know the guy and hope I never do but I’m guesing he is pretty proud of himself right now and keeping his delusions alive will bring a smile to his fat face.

        As for the rest of the world, are they interested in techie geek talk or political sniping? Thats all this story is now.

        Lets move on to talk about our shit salary increases this year and the causess for that.

    • lprent 2.2

      Are you saying that we can’t trust what anything that Cameron Slater says? That he routinely blusters and lies about fact?

      Not your usual line is it?

      I think that this story has some legs, especially the way that the National party is using their poodles to spread their dirty tricks. I for one intend to continue.

      • Luva 2.2.1

        Lynn I am certainly saying that.

        I may be a rightard but i will call bullshit on a fool like whale more often than not

        • Draco T Bastard 2.2.1.1

          And, I suspect, work hard to try to shut down the stories that hurt the right like you’re trying to do with this one.

      • Colonial Viper 2.2.2

        This story about National doesn’t just have legs, it has wings!!!

        Chicken wings, by the looks of what National and Slater are backpeddling on!

    • Peter 2.3

      I suspect you are oh so right about this guy living off reactions etc. I’ll be making another donation.

      • Jim Nald 2.3.1

        Indeed. Ditto. Will stop by the local Labour office and make a cash donation at midday.

        • Colonial Viper 2.3.1.1

          Yeah I’ve already decided to up the level I’m donating to Labour. And I think its time I threw more money at The Standard.

          My honey won’t mind me forwarding on a bit of cash from her Daddy’s trust account.

  3. Gosman 3

    Curious that you have an issue about the scaremongering about credit card details yet one of the regular members of this site sent a letter to both Peter Goodfellow and Cameron Slater in which he specified that he was concerned that they had his credit card details. Isn’t this scaremongering as well then?

    • Morning Gosman.

      See below.

    • r0b 3.2

      Yeah that just shows that the lies that the Nat-bloggers are spreading are working to create fear Gosman.

    • lprent 3.3

      You mean that that a lawyer should have known what a web server configuration looked like and realized that Camerson Slater was lying again.

      I think that you are either a little generous on your understanding of what they teach at law school or more likely you’re just doing a diversion spin.

      • Gosman 3.3.1

        Well as your stated position is that anything coming from Cameron Slater position is likely to be a lie then perhaps you need to pass this piece of advice on to comrade mickeysavage to avoid the embarrassment of him taking Cameron Slater at his word in future 😉

        • jackal 3.3.1.1

          It’s best to assume that everything oozing out of the oil lard is a lie when he has been shown to be untruthful on numerous occasions. The presumption of untruth needs to be disproved by him, and as such is not likely to be forthcoming (because the information does not exist or he is to much of a coward to present it) we must err on the side of caution and his history and say that lard arse is lying in a vain attempt to damage Labour. In this case it’s the presumption that old blubber guts is telling the truth that is the problem.

          Very few people will believe the word of a discredited blogger over that of Labour, especially people who already support the party and know a little about oil lard. In this instance he would have in fact turned many supporters against National for their possible involvement in the underhanded campaign… The ones who are mentally capable of determining the truth of the matter that is.

  4. I must admit I got sucked in by Whale about the credit card numbers after watching his video.  I made the fatal mistake of taking him at his word.  From now on if he says today is Thursday I am going to check a calendar.

    I agree with Luva that this has been a huge beat up and a damp squib in terms of the shock horror revelations.

    And I wish PeteG would discuss specifics.  These broad generalised statements he keeps making are driving me nuts.  It is like wrestling with a flamange.

    • Gosman 4.1

      Morning mickeysavage 😉

      So you agree that it was a tad rash of you to send off that e-mail demanding that the National party let you know what information they had about you and your credit card details then?

      • mickysavage 4.1.1

        No I still want to see what information it holds.
         
        I am in the fortunate position where I am happy to be branded as a Labour Party activist.  There are others, for instance public servants, for who any sort of publicity could be very damaging.  So the privacy issues relating to the data need to be respected.  Presuming that further consideration by the Privacy Commissioner is necessary then a complaint by an affected person as well as the party will be required.

        • Gosman 4.1.1.1

          Quite possibly but there is the potential embarrassment fact that the privacy commissioner will actually come down harder on the Labour Party than anyone else for failing to take proper precautions around the protection of the data.

          I have worked in banking for a while now and there are serious implications, (including large fines in some cases) for allowing customer data to be readily accessable in the way the Labour Party has done in this case.

          Are you also writing to the Labour Party demanding that they put in place proper I.T. security to protect your information or is your real issue on this more politically motivated?

          • lprent 4.1.1.1.1

            Don’t know about micky, but I have made my displeasure about events known to people at the NZLP. Unlike the National party, we are both members of the Labour Party. So you send polite letters to National and get quite sarcastic within conversations with people at Labour.

            And Gosman, point to something that the banks would consider to be a issue. There is no information that is sensitive to the banks in the exposed directories. It doesn’t show any credit card details

            I know the ones used in NZ and a couple of other countries because I have had to code to their standards. There is nothing there that would constitute a problem under the various bank guidelines. I’d guess that you are just raising yet another diversion.

            Perhaps you should make clear your opinion on what The National Party and Whaleoil have done? Do you think that it is moral and ethical to expose peoples private information to merely make a political point?

            • Gosman 4.1.1.1.1.1

              I’m really not fussed by it to be honest as I quite like the idea of open information disclosure, (although I admit it comes with serious risks).

              The US Government had a massive problem with the Wikileaks cables and took the position that it seriously compromised the ability of US diplomats to do their jobs properly and may potentially lead to harm to some people. However that didn’t stop certain people from publishing some of the information, (including on this blog if my memory serves me correctly), to make a political point.

              Do you have a problem with this sort of thing lprent?

              • lprent

                Do you have a problem with this sort of thing lprent?

                I think that I have made my thoughts on this quite plain on wikileaks, the hollow men, and even this one. I generally follow the legal basis because a lot of thought has gone into balancing out the differing competing rights and obligations. 

                If you want a short answer (I get complaints that some of my comments and posts are long), I’d say that I’m not as simple as you are in the balance.

                With wikileaks, there is at least one person (probably Manning) who released the information. They had obligations that they clearly violated and they will be prosecuted for that. It is likely that there is one of more persons in the National party who did the release of the hollow men e-mails – and the same thing should apply to them.

                Quite frankly it is a risk that you take as a whistle blower because you are violating a position of trust and there should be consequences for doing that. Even whistle blower legislation doesn’t usually shield people from that. If present then it merely mitigates the consequences.

                With journalists it is a whole different matter. The legal systems recognize a public good in having journalists being able to publish information where it is received in an unsolicited and unpaid for fashion. That is enshrined throughout legal systems in democracies and other types of societies. That is the transparency you are referring to.

                Again, most of the legalities reduce but do not remove legal consequences. It simply makes the burden of proof harder to obtain for prosecutors. For instance the ‘shield laws’ in various countries will normally protect sources, but there are circumstances where it will not. 

                Wikileaks and the newspapers that published the information are clearly covered by those protections as the US justice department found out. They look like they have failed to build a case that is likely to succeed against wikileaks or the newspapers.

                So when one of these cases comes up I look to the existing legal structures rather than doing as many do (like yourself?) and make legal principles up based on what you’d like to see happen. I’m afraid I have little respect for such wishlist blathering.

            • Gosman 4.1.1.1.1.2

              BTW Cusomer name and address information is regarded as reasonably sensitive data in the Banking world. While not as vital as credit card or bank account information releasing it into the public domain is still not acceptable.

              • lprent

                Yep, and it is typically not covered in the standards as a requirement.

                They are in the sections that make up the “security concerns” parts of the specs. Those are the ones to do with looking at how secure a system is in overall terms. Those also include a range of concerns such as physical security, vetting of personnel, auditing procedures, etc etc. They apply to corner dairies with their highly secure* eftpos terminals as well.

                * that was sarcasm for those who have humor deficiency issues

              • Colonial Viper

                While not as vital as credit card or bank account information releasing it into the public domain is still not acceptable.

                Which is what Whaleoil’s National paid lawyers will finally have managed to get through to him.

              • ianmac

                A few years ago I was given a huge stack of computer printout paper to draw on. It turned out to be the printout from a local bank and at a glance I recognised local names and details. Hells Bells. I got my trusty guillotine out and slashed the pages especially on the left hand side as the names appeared to be thus. Am sure that that would not happen today though. Pity Whale couldn’t have done the same thing, though with other bits fed to the guillotine.

  5. ghostwhowalksnz 5

    128 bit encryption ? Isnt that a bit weak these days

    • lprent 5.1

      Not uncommon on payment sites. If you are looking at man in the middle attacks there isn’t much point in having encryption on one leg that is stronger than that on other legs. Typically the banks set their standards long ago.

      I must pop on to the computer downstairs. I can’t read the flo2cash statement on my iPad.

      • Bazar 5.1.1

        128bit encryption is perfectly fine. Its already in the overkill stage.

        It’d probably take more energy in our solar system powering a pc for a trillion years, then to crack 128 bit encryption given a brute force attack.

        There was something like a slight flaw in a leading encryption alogorithm discovered a while back, if it uses that alothirim, then perhaps it’d only take a billion years and the power of our sun to do it.

        • infused 5.1.1.1

          Not quite. There is a reason you cannot use more than 128bit encryption in the US. It’s not crackable in our lifetime. 128 is.

  6. ron 6

    Can we all just agree that Slater et al are f*#k heads and leave it at that?

    • ZeeBop 6.1

      Sorry but hasn’t Slater broke the law if he suggests that? If a donor is forced to change their credit cards at time and cost, then finds out that Slater never had the details. So he must have them. Any credit card company would be very concerned by what Slater is saying, it makes them look bad too, the more cases of credit card numbers the less integrity there is the their product, and so will they be mighty happy to take Slater to task if he were lying. Oh, oops, maybe the data has fake credit cards numbers, like a bank who hold a marked bank note in the cashier draw.
      Slater should be more mindful of the wikileak of massive amount of US intelligence, just because
      a diplomat says it in private does not make it US policy. How exactly does Slater know those are correct credit card numbers.

      • Kaplan 6.1.1

        That is a very interesting point. I know for a fact that my credit card details will be in there. I wonder if a complaint to the police about my information ‘potentially’ being stolen is warranted?

        • lprent 6.1.1.1

          Your credit card details won’t be there.

          However information that you have provided to Labour for a specific purpose is now in the hands of Whaleoil (and probably the National party – somehow I don’t really believe their “I didn’t inhale defense”). There is nothing to prevent you from making a complaint as there is a prima facia case that information you own (as the privacy act makes quite clear) is in the hands of someone not authorized to have it.

          • Gosman 6.1.1.1.1

            Yes but who is at fault here for the information getting into the public domain. If it was in a banking environment the onus is on the bank to keep your information securely and if it doesn’t then the issue is with the bank who stored the information not with the people who accessed the information. One of the reasons for this is practicality. If 1000 people accessed your information it is obviously difficult to try and get recourse from each of these 100 people. It is much easier to go directly to the organisation that should have kept your information securely.

          • rouppe 6.1.1.1.2

            Then the complaint should be against the Labour Party. They were the ones who collected it and are responsible for making sure it isn’t compromised.

            Principle 5 of the Privacy Act.

            • Kaplan 6.1.1.1.2.1

              I completely disagree. If I give any property or information to someone and they leave it unsecured, sure I can be upset with them, but if an unauthorised person takes it KNOWLINGLY from the people I have entrusted it to then they are the ones that have committed the crime.
              In this case it’s Cameron Slater who ‘claims’ to have my credit card details. I’ve never authorised him to have them so a complaint to the police seems warranted.
              At the very least I am going to ring my bank and seek their advice. Perhaps they will take a complaint against him.

              • rouppe

                What crime?

                This is akin to some Labour staffer dumping the records into a skip and then complaining that someone went through the skip and pulled them out again.

                This is not akin to someone entering your home. Your home is private property. An unsecured server is public. If you have wi-fi at home and haven’t secured it, you can’t complain if someone uses your bandwidth.

                It is up to the collector of the information to ensure that it is secure against loss, access and disclosure. The collector was the Labour Party.

                • Draco T Bastard

                  Pretty sure that going through someone else’s rubbish is illegal. It’s still their rubbish.

                  • rouppe

                    If the skip or rubbish bin is in a public place then it is most certainly not illegal.

                    That is why Police can sift through rubbish dumps without a warrant, whereas they can’t sift through your house without a warrant

                    • Draco T Bastard

                      Nope, When I worked for a contractor that dealt with rubbish in Auckland we had to get permission from the council before we opened the rubbish that had been dumped to see if we could find an address to charge the bastards.

                    • The Voice of Reason

                      It’s both theft and trespass to take from bins on private property and it’s a handy real world corollory to the digital world charges Slater would face if he had the guts to go through with his threat to publish the names.

                    • rouppe

                      Fair enough.

                      I concede I was wrong on that point.

                  • Bunji

                    Yup taking or going thru rubbish is illegal.

                    • Jim Nald

                      Indeed.

                      For the NZ context, the Crimes Act is applicable and see also this piece:

                      http://www.odt.co.nz/opinion/opinion/42471/there-are-ways-and-ways-thieving

                    • McFlock

                      Yeah the police can search a dump because the owners (the local council) let them, although if the council said “no” the police would then need a warrant or statutory power (e.g. s19 search powers).

                      It varies from country to country, but generally everything is owned by somebody. Some places let you take a person’s rubbish bags from the street, but if the refuse contractor is paid by the tonnage then you’re stealing from them. If they have a nice incremental revenue stream from salvage/ reuse/ composting, then you’re stealing from them. Some countries/ states  regard rubbish bins/bags in the street as “plain view” searches, but it still belongs to somebody.

                      Nice try though.

                  • ZeeBop

                    If you pick rubbish up to recycle it, then I think that’s permissible. I think
                    where it gets illegal is when information is gathered from the rubbish,
                    since the rubbish is paid by the owner to have it removed, and the
                    expectation that the rubbish remains private is assumed. The theft is
                    the loss of privacy. If you have information you want to dump in
                    the rubbish, and there are people who will take newspaper to read
                    out of the paper recycler bin, then you should put the information
                    in with the wet rubbish, DUH.

                    Now what about dumpster diving. Well yes there is a commerical
                    interest to have the food go to waste, so consumers but new, and
                    the health issues. But conversely if you can’t afford it, are in end
                    of food, can’t get a benefit because WINZ don’t believe in the social
                    security net, then I would say plunge away.

                    Now what about the yellow pages, great for recylcing, but
                    the owner might have written in the margins. Mostly undiscernable
                    but some might make sense. So should that information then sit
                    in your fire basket waiting for years to dry out with information
                    that a person left on it, well if they also wrote their name on the
                    yellow pages!!!! Who does that??

                    I think once you have come into information that you should
                    not of, like you come into possession of property, you have
                    a duty to take it too the police and if nobody claims it, then
                    claim and use it????? Would Police be reckless if they let you have
                    the used needle you found back?

                • If you have wi-fi at home and haven’t secured it, you can’t complain if someone uses your bandwidth.

                  rouppe, why on earth do you think that – in these circumstances – someone can’t complain? I certainly would. If I can’t complain about someone doing something that is wrong and that they would know was wrong, then under what circumstances would I be able to complain about anything? (Please don’t answer ‘If someone broke the law’ because that would be the reduction of social sanctions to legal sanctions – and no society could exist on that alone.)

                  Should we have no expectations of each other’s behaviour?

            • mickysavage 6.1.1.1.2.2

              This issue is not an either or.  

              I am absolutely certain there has been some private ass kicking within the Labour Party.  I am satisfied with the steps that have been taken.

              I am also concerned that the Nats have information about me. This does not prevent me or others from asking and the way I see it they are under an obligation to provide.  I am also keen to find out what they thought gave them the right to download the data.

              • Gosman

                I’d suggest your faith in the Labour Party resolving this issue might be blinded by your idealogical bent rather than reflecting what the reality may actually be. It would probably pay for you to do what lprent has done and request an assurance from Labour that your personal information will not be kept in such a sloppy unprotected manner in future.

                • lprent

                  I didn’t request an assurance, that would definitely be the wrong word for it.

                  I have had a series of very sarcastic conversations with various people asking how it happened, what they are doing to fix it, offering my assistance if it is required, and asking what steps have been taken to ensure that it doesn’t happen again. 

                  I think that “arse-kicking” would be a better description. It was an accident and it was one that shouldn’t have happened. But I’ve been around human/managerial/computer systems long enough to know that they will. What I was really concerned about was the way that a single failure opened so much of the system up. There simply wasn’t enough layering of protection in there.

                  However that doesn’t detract from the fact that what the National Party and Whaleoil did was morally and almost certainly legally reprehensible – which is what you seem to want to avoid talking about. I guess you have a double standard?

                  • Draco T Bastard

                    No, he has only one standard – cover up the immoral dealings of NAct at all costs.

  7. Sam 7

    As a spectator, the show that you guys and whale have put on this week has been highly entertaining!

    Thanks! 😀

  8. Tangled up in blue 8

    I noticed on TV3s Firstline this morning that Garner was spinning that National have done nothing wrong and that Labour were trying to blame National for everything.

    • r0b 8.1

      Didn’t see it, but I heard that Garner confirmed that the Nats passed on the details to Slater.

      • Gosman 8.1.1

        Please provide evidence for this please. At the moment it is just hearsay from you.

        • Jim Nald 8.1.1.1

          Here .. ?

          http://www.3news.co.nz/The-Week-in-Politics/tabid/419/articleID/215314/Default.aspx

          From around 2’53 – 2’58” (out of 4’16” … although note that the timing on the clip restarted part way)

          Duncan Garner:
          “if you look at some of the hits on the Labour Party’s website last weekend,
          yes, someone from National Party headquarters tried to get in there
          although they didn’t and it looks like they passed the information on
          to Whaleoil to go and do it himself which he did”

          • Lanthanide 8.1.1.1.1

            That’s not a “confirmation”, just Garner repeating hear-say.

            • Pascal's bookie 8.1.1.1.1.1

              I though Gos was after confirmation that Garner said it.

              And Garner is saying from the evidence, it looks like National passed it on…

              No?

              • Lanthanide

                r0b said Garner “confirmed” it. r0b could have just said “Garner said it”, but he didn’t.
                 
                So my interpretation of what r0b wrote is that he had heard that Garner had new, inside information which he stated on the show. Whether or not Gosman interpreted what r0b said in the same way I did, I don’t know.

                • r0b

                  Yes, I was careful to point out that I was repeating something I’d “heard” (seen claimed elsewhere).  The person who made the original claim may be correct or not, I don’t know, and don’t have time to find out right now!

      • Tangled up in blue 8.1.2

        I’ve re-watched it and yes although he does say that National didn’t get in, you’re right his comment about Labour blaming National looks to be in context of passing details to Slater.

        http://www.3news.co.nz/The-Week-in-Politics/tabid/370/articleID/215314/Default.aspx

        This week they’ve tried to blame the National Party because if you look at some of the hits on the Labour Party website last weekend yes someone from National Party headquarters tried to get in there, although they didn’t, and it looks like they’ve passed the information on to whaleoil to go and do it himself which he did.

        edit: beaten by Jim!

  9. Jim Nald 9

    I have yet to catch up with the NZ news sites which I tend to shun these days (The Standard is my first call before I look up Google news).

    Can someone tell me whether the so-called list of 18,000 will be publicly released or not?

    I’ll pledge here that for the detail of every one donor that is released, I’ll donate one cent to the Labour Party.

  10. rouppe 10

    Well Flo2Cash might be secure, but the point is that this is only fine once the data gets there.

    The original collection point for the credti card data was on Labour servers, the card (PAN) data was retained when it shouldn’t be, it was retained in a non-PCI-DSS compliant way (i.e. there is no obfuscation of the PAN data), and the server was then left wide open.

    I haven’t seen WO’s files, and I didn’t bother going to look at the cached data. But if there are credit card numbers among that data, then Labour really screwed up.

    [Read the post. There are no credit card details in the cached data. Credit card details were never stored on the Labour site. — r0b]

    • I just went and made a donation.  When I got to the stage of entering in credit card details I was taken to the flotocash website and away from the Labour website.  There was extra code in the url to obviously record who the donation was for but it was definately flotocash’s site.
       
      If anyone else wants to do the same they start at http://labour.org.nz/civicrm/contribute/transact?reset=1&id=1

    • lprent 10.2

      If the long text string in the video is what you’re referring to, then it wasn’t a PAN – wrong format. It looks like a transaction ID or a transaction key.

    • rouppe 10.3

      Well good then. That’s a major concern taken care of.

      That means the only problem is the public finding out who the donors are.

      You thought WikiLeaks was good, and the information disclosed there was protected, and was secured, but leaked by someone in a privileged position.

      Disclosing the names there could lead to their death, but that seemed to be fine. Why is this leak is a travesty of the most humungous proportions?

      • Lanthanide 10.3.1

        1. A lot of the stuff wikileaks has had names and identifying details redacted.
        2. Wikileaks leaked stuff about large corporates, governments, and their mechanations. Not private details about members of the public.
         
        It took me 2 minutes to come up with that. I’m sure there are many other differences between them, too.

      • lprent 10.3.2

        The leak isn’t – that is an accident that needs to be fixed.

        What is of interest is that Whaleoil was talking about releasing private information to the world with no more “public interest” motivation than if he’d want to display his cock size. And it is easy to argue that is what he was doing by publishing the details (doing a “Weiner”).

        Since he has no “public interest” protections in the legal sense, then he should probably be prosecuted at some level for what he did do. Of course being Whale, he will attempt to feebly avoid the consequences of his actions in the same way that he did when he violated the suppression laws. He isn’t exactly well known for his stands on principles – more for his displays of juvenile narcissism.

        The other question is that knowing what Whaleoil was likely to do, why did someone in the National Party, probably quite senior, feel that it was a good idea to pass the details about how to such a juvenile narcissist. That doesn’t seem to be a particularly wise thing to do, and even it was not criminally negligent then you could certainly make a case that it directly violated several aspects of the privacy laws.

    • lprent 10.4

      And besides your statement is that of a technical idiot, how exactly do you get the PAN from the mag stripe on the card into a payment made on the internet?

      • Lanthanide 10.4.1

        He’s clearly just name-dropping things like “PAN” in order to sound like he knows what he’s talking about.

        • rouppe 10.4.1.1

          Actually, that is only part of the information on the mag stripe. The PAN is the primary account number – the number embossed on the front of the card and usually entered in an online transaction.

          It took me less than 2 minutes to come up with that.

          So since you failed in your attempt to divert the question, what is so bad about leaking details about donors to the Labour organisation, when it was OK for WikiLeaks to leak details about different organisations

          • lprent 10.4.1.1.1

            Interesting. I have only come across it in the context of the magnetic strip or smart cards at the programming level.

            But in any case it is still the wrong format if you look at it as a human or as a machine. The payment system is such that Labour’s website never sees the payment details like credit card numbers or CVV’s.

  11. djg 11

    Rob, has the Labour party made the same statement,

    “There are no credit card details in the cached data. Credit card details were never stored on the Labour site.”

    if not will they do so ? I note the letter above from Flo2cash but that only refers to there own site and process.

    It would be a very compelling statement from the President.

    [lprent: It was in the press statement several days ago. Look it up.

    In the meantime I have trashed most of the flame thread that arose from this troll comment as being of zero interest to anyone. djg, you are now on troll watch. CV – constrain yourself or I will do it for you. ]

    • Colonial Viper 11.1

      Hey djg, why don’t you charge for your valuable advice? A-hole.

      [lprent: Don’t feed the trolls. ]

    • djg 11.2

      But I see Colonial Viper’s first abuse remains. That’s nice work.

  12. randal 12

    what the hell uis going on.
    these people have comitted a crime but you are carrying on as if it is just some interweb jape.
    are these crums above the law?
    get the cops on them right away and dont let up.

  13. infused 13

    “Having demonstrated complete technical incompetence”

    Yeah, still claiming it was a security hole eh? yawn

    • Colonial Viper 13.1

      It was an unsecured webserver where confidential information not intended for public access was stored.

      That confidential information was then accessed by parties who did not have authorisation to do so.

      I’m happy to keep repeating this as long as you’re happy to be obtuse 🙂

      • Gosman 13.1.1

        Was the information in question tagged in anyway as being confidential and not for the general public? If not then you are then you have to presuppose that people have to make a distinction between public data on a publically available website and private data on a publically available website. You see the issue there don’t you?

        • Lanthanide 13.1.1.1

          Anyone that could make sense of the data would know what it was and that it wasn’t *intended* for public consumption. Therefore those who specifically took the data *knew* they were taking something that they shouldn’t have had access to.
           
          As we’ve seen with the looting in Christchurch, there’s quite a difference between someone with autism stealing light fittings out of houses because he has an affinity to them, and someone else stealing a generator that was to be used to power a cell-site.

  14. wawot 14

    I don’t know much about this so could you please clarify:

    Your quote from the whale blog has the following bit edited out…

    “….with that assurance.

    In the MySQL data­base files there were also plain txt strings that con­tained other data­base pass­words along with the user name and pass­words of their credit card provider.

    $db_url = ‘mysqli://labour_admin:[email protected]/labour_production’;

    which equates to $db_url = ‘mysqli://username:[email protected]/databasename’;

    Their credit card….”

    From the example provided the username is labour_admin and the password is N0t3b00kC0r0n3t, which although it mightn’t be a credit card, is a username and password to something?

    After reading a bit on this blog and some on the other blog I’d tend to be scaremongered if I was a Labour supporter.

Recent Comments

Recent Posts

  • Call for New Zealanders to get on-board with rail safety
    With additional trains operating across the network, powered by the Government’s investment in rail, there is need for a renewed focus on rail safety, Transport Minister Michael Wood emphasised at the launch of Rail Safety Week 2022. “Over the last five years the Government has invested significantly to improve level ...
    BeehiveBy beehive.govt.nz
    4 hours ago
  • Regional approach the focus at ASEAN and East Asia Summit talks
    The Foreign Minister has wrapped up a series of meetings with Indo-Pacific partners in Cambodia which reinforced the need for the region to work collectively to deal with security and economic challenges. Nanaia Mahuta travelled to Phnom Penh for a bilateral meeting between ASEAN foreign ministers and Aotearoa New Zealand, ...
    BeehiveBy beehive.govt.nz
    21 hours ago
  • The beat goes on as Government renews support for musicians
    Extension of Aotearoa Touring Programme supporting domestic musicians The Programme has supported more than 1,700 shows and over 250 artists New Zealand Music Commission estimates that around 200,000 Kiwis have been able to attend shows as a result of the programme The Government is hitting a high note, with ...
    BeehiveBy beehive.govt.nz
    3 days ago
  • Minister of Defence to attend Guadalcanal Commemorations in the Solomon Islands
    Minister of Defence Peeni Henare will depart tomorrow for Solomon Islands to attend events commemorating the 80th anniversary of the Battle of Guadalcanal. While in Solomon Islands, Minister Henare will also meet with Solomon Islands Minister of National Security, Correctional Services and Police Anthony Veke to continue cooperation on security ...
    BeehiveBy beehive.govt.nz
    3 days ago
  • New programme to provide insights into regenerative dairy farming 
    The Government is partnering with Ngāi Tahu Farming Limited and Ngāi Tūāhuriri on a whole-farm scale study in North Canterbury to validate the science of regenerative farming, Agriculture Minister Damien O’Connor announced today.   The programme aims to scientifically evaluate the financial, social and environmental differences between regenerative and conventional practices. ...
    BeehiveBy beehive.govt.nz
    3 days ago
  • More women on public boards than ever before
    52.5% of people on public boards are women Greatest ever percentage of women Improved collection of ethnicity data “Women’s representation on public sector boards and committees is now 52.5 percent, the highest ever level. The facts prove that diverse boards bring a wider range of knowledge, expertise and skill. ...
    BeehiveBy beehive.govt.nz
    4 days ago
  • Awards support Pacific women
    I am honoured to support the 2022 Women in Governance Awards, celebrating governance leaders, directors, change-makers, and rising stars in the community, said Minister for Pacific Peoples Aupito William Sio. For the second consecutive year, MPP is proudly sponsoring the Pacific Governance Leader category, recognising Pacific women in governance and presented to ...
    BeehiveBy beehive.govt.nz
    4 days ago
  • Govt investment into Whakatāne regeneration reaches new milestones
    Today Economic and Regional Development Minister Stuart Nash turned the sod for the new Whakatāne Commercial Boat Harbour, cut the ribbon for the revitalised Whakatāne Wharf, and inspected work underway to develop the old Whakatāne Army Hall into a visitor centre, all of which are part of the $36.8 million ...
    BeehiveBy beehive.govt.nz
    4 days ago
  • Government determined to get a better deal for consumers
    New Zealanders are not getting a fair deal on some key residential building supplies and while the Government has already driven improvements in the sector, a Commerce Commission review finds that  changes are needed to make it more competitive. “New Zealand is facing the same global cost of living and ...
    BeehiveBy beehive.govt.nz
    4 days ago
  • Government exceeds Mana in Mahi target
    Mana in Mahi reaches a milestone surpassing 5,000 participants 75 per cent of participants who had been on a benefit for two or more years haven’t gone back onto a benefit 89 per cent who have a training pathway are working towards a qualification at NZQA level 3 or ...
    BeehiveBy beehive.govt.nz
    4 days ago
  • Government opens new research and innovation hub
    The Government has invested $7.7 million in a research innovation hub which was officially opened today by Minister of Research, Science and Innovation Dr Ayesha Verrall. The new facility named Te Pā Harakeke Flexible Labs comprises 560 square metres of new laboratory space for research staff and is based at ...
    BeehiveBy beehive.govt.nz
    5 days ago
  • Unemployment remains low and wages rise despite volatile global environment
    Unemployment has remained near record lows thanks to the Government’s economic plan to support households and businesses through the challenging global environment, resulting in more people in work and wages rising. Stats NZ figures show the unemployment rate was 3.3 percent in the June quarter, with 96,000 people classed out ...
    BeehiveBy beehive.govt.nz
    5 days ago
  • First ever climate adaptation plan lays foundations for resilient communities
    Action to address the risks identified in the 2020 climate change risk assessment, protecting lives, livelihoods, homes, businesses and infrastructure A joined up approach that will support community-based adaptation with national policies and legislation Providing all New Zealanders with information about local climate risks via a new online data ...
    BeehiveBy beehive.govt.nz
    5 days ago
  • New mental health and addiction services making a difference for Māori
    Māori with mental health and addiction challenges have easier access to care thanks to twenty-nine Kaupapa Māori primary mental health and addiction services across Aotearoa, Associate Minister of Health Peeni Henare says. “Labour is the first government to take mental health seriously for all New Zealanders. We know that Māori ...
    BeehiveBy beehive.govt.nz
    5 days ago
  • Data and Statistics Bill Passes its Third Reading
    A Bill which updates New Zealand’s statistics legislation for the 21st century has passed its third and final reading today, Minister of Statistics David Clark said. The Data and Statistics Act replaces the Statistics Act, which has been in effect since 1975. “In the last few decades, national data and ...
    BeehiveBy beehive.govt.nz
    6 days ago
  • Further moves to improve the lives of disabled people
    The Accessibility for New Zealanders Bill has passed its first reading in Parliament today, marking a significant milestone to improve the lives of disabled people. “The Bill aims to address accessibility barriers that prevent disabled people, tāngata whaikaha and their whānau, and others with accessibility needs from living independently,” said ...
    BeehiveBy beehive.govt.nz
    6 days ago
  • Speech to the China Business Summit
    Kia ora koutou, da jia hao It’s great to be back at this year’s China Business Summit. I would first like to acknowledge Prime Minister Jacinda Ardern, former Prime Minister Helen Clark, His Excellency Ambassador Wang Xiaolong, and parliamentary colleagues both current and former the Right Honourable Winston Peters, the ...
    BeehiveBy beehive.govt.nz
    6 days ago
  • Further changes to CCCFA Regulations will improve safe access to credit
    Narrowing the expenses considered by lenders Relaxing the assumptions that lenders were required to make about credit cards and buy-now pay-later schemes. Helping make debt refinancing or debt consolidation more accessible if appropriate for borrowers The Government is clarifying the Credit Contracts and Consumer Finance (CCCFA) Regulations, to ensure ...
    BeehiveBy beehive.govt.nz
    6 days ago
  • Government prioritises firearm prohibition orders to reduce gun harm
    The Firearms Prohibition Order Legislation Bill will be passed through all remaining stages by the end of next week, Police Minister Chris Hipkins said. The Justice Select Committee has received public feedback and finalised its report more quickly than planned. It reported back to the House on Friday.  “The Bill will ...
    BeehiveBy beehive.govt.nz
    6 days ago
  • National plan to protect kauri commences
    The Government has stepped up activity to protect kauri, with a National Pest Management Plan (NPMP) coming into effect today, Biosecurity Minister Damien O'Connor and Associate Environment Minister James Shaw said. “We have a duty to ensure this magnificent species endures for future generations and also for the health of ...
    BeehiveBy beehive.govt.nz
    6 days ago
  • Support for Samoa’s Climate Change Plan and rebuild of Savalalo Market
     Prime Minister Ardern met with members of Samoa’s Cabinet in Apia, today, announcing the launch of a new climate change partnership and confirming support for the rebuild of the capital’s main market, on the occasion of the 60th Anniversary of the signing of the Treaty of Friendship between Aotearoa New ...
    BeehiveBy beehive.govt.nz
    6 days ago
  • Reconnecting with ASEAN and Malaysia
    Foreign Minister Nanaia Mahuta departs for the Indo-Pacific region today for talks on security and economic issues at meetings of ASEAN and the East Asia Summit in Cambodia, and during bilateral engagements in Malaysia. “Engaging in person with our regional partners is a key part of our reconnecting strategy as ...
    BeehiveBy beehive.govt.nz
    6 days ago
  • Statement to the 2022 Review Conference for the Treaty on the Non-Proliferation of Nuclear Weapons
    United Nations Headquarters, New York City  Thank you, Mr President. Ngā mihi ki a koutou. I extend my warm congratulations to you and assure you of the full cooperation of the New Zealand delegation. I will get right to it. In spite of the Nuclear Non-Proliferation Treaty and the nuclear ...
    BeehiveBy beehive.govt.nz
    6 days ago
  • 10,000 more permanent public homes added under the Labour Government
    A major milestone of 10,037 additional public homes has been achieved since Labour came into office, the Housing Minister Dr Megan Woods confirmed today. “It’s extremely satisfying and a testament to our commitment to providing a safety net for people who need public housing, that we have delivered these warm, ...
    BeehiveBy beehive.govt.nz
    6 days ago
  • Sanctions on Russian armed forces and weapons manufacturers
    The Minister of Foreign Affairs Nanaia Mahuta has announced further sanctions on the armed forces and military-industrial complex of the Russian Federation. “President Putin and the Russian military are responsible for violating the sovereignty and territorial integrity of Ukraine, which is a grave breach of fundamental international law,” Nanaia Mahuta ...
    BeehiveBy beehive.govt.nz
    7 days ago
  • Government plan to boost health workers
    Easing the process for overseas nurses and provision of up to $10,000 in financial support for international nurses for NZ registration costs. Provide for the costs of reregistration for New Zealand nurses who want to return to work. Covering international doctors’ salaries during their six-week clinical induction courses and ...
    BeehiveBy beehive.govt.nz
    7 days ago
  • Today marks one year since Government’s Dawn Raids apology
    A new  future between Pacific Aotearoa and Ngāti Whātua Ōrākei is the essence of a Dawn Raids Apology anniversary event in Auckland this month, said Minister for Pacific Peoples Aupito William Sio. One year ago, Prime Minister Jacinda Ardern formally apologised to Pacific communities impacted by the Dawn Raids in ...
    BeehiveBy beehive.govt.nz
    1 week ago
  • PM Speech to China Business Summit
    Tēnā koutou katoa Tuia ngā waka, Tuia ngā wawata, Tuia ngā hou-kura Let us bind our connection, let us bind our vision, let us bind our shared aspiration for peace and prosperity. This year marks a significant milestone in the New Zealand – China relationship.   Fifty years ago – 1972 – ...
    BeehiveBy beehive.govt.nz
    1 week ago
  • Cook Islands Language Week will close generational gap
    It’s Cook Islands Language week and the Minister of Pacific Peoples, Aupito William Sio wants the community to focus on what it means to keep the language alive across the generations. “Our Cook Islands community in Aotearoa have decided to focus on the same theme as last years; ‘ Ātuitui’ia ...
    BeehiveBy beehive.govt.nz
    1 week ago
  • Cost of Living support payment to reach over 2 million New Zealanders
    From 1 August an estimated 2.1 million New Zealanders will be eligible to receive the first targeted Cost of Living Payment as part of the Government’s plan to help soften the impact of rising global inflationary pressures affecting New Zealanders, Prime Minister Jacinda Ardern says. The payments will see eligible ...
    BeehiveBy beehive.govt.nz
    1 week ago
  • New Zealand’s border fully open to visitors and students
    · New Zealand’s international border opens to all visitors, including from non-visa waiver countries, and international students from 11:59PM, 31 July 2022. · Cruise ships and recreational yachts able to arrive at New Zealand ports. This evening marks the final step in the Government’s reconnecting plan, with visitors from non-visa ...
    BeehiveBy beehive.govt.nz
    1 week ago
  • Government sets out plan to eliminate HIV transmission in New Zealand
    New Action Plan to eliminate HIV transmission released for consultation today $18 million Budget 2022 boost Key measures to achieve elimination include increasing prevention and testing, improving access to care and treatment and addressing stigma The Government has today released its plan to eliminate the transmission of HIV in ...
    BeehiveBy beehive.govt.nz
    1 week ago
  • Government support lifts income for beneficiaries
    A report released today shows Government support has lifted incomes for Beneficiaries by 40 percent over and above inflation since 2018. “This is the first time this data set has been collected, and it clearly shows Government action is having an impact,” Carmel Sepuloni said. “This Government made a commitment ...
    BeehiveBy beehive.govt.nz
    1 week ago
  • Māori Housing: Urban development underway in Mt Wellington
    Thirty new warm, safe and affordable apartments to be delivered by Tauhara North No 2 Trust in Tāmaki Makaurau Delivered through Whai Kāinga Whai Oranga programme, jointly delivered by Te Puni Kōkiri and the Ministry of Housing and Urban Development Allocation of the apartments will be prioritised to support ...
    BeehiveBy beehive.govt.nz
    1 week ago
  • Phil Twyford to attend Nuclear Non-Proliferation Treaty meeting
    Disarmament and Arms Control Minister Phil Twyford will lead Aotearoa New Zealand’s delegation to the Nuclear Non-Proliferation Treaty (NPT) Review Conference at the United Nations in New York next week. “Aotearoa New Zealand has a long history of advocating for a world free of nuclear weapons,” Phil Twyford said. “The NPT has ...
    BeehiveBy beehive.govt.nz
    1 week ago
  • Construction Sector Accord – launch of Transformation Plan 2022-2025
      I am delighted to join you today for the launch of the Construction Sector Accord Transformation Plan 2022-2025. I would like to acknowledge my colleagues – the other Accord Ministers, the Accord governance and sector leadership, the CEOs of Government agencies, and leaders from the construction sector. The construction ...
    BeehiveBy beehive.govt.nz
    1 week ago
  • Work underway to make Wairarapa roads safer
    Associate Minister of Transport Kieran McAnulty was joined this morning by the Mayors of Carterton and Masterton, local Iwi and members of the Wairarapa community to turn the first sod on a package of crucial safety improvements for State Highway 2 in Wairarapa. “The work to improve safety on this ...
    BeehiveBy beehive.govt.nz
    1 week ago
  • Next steps taken to deliver Milford Opportunities Project
    The board to take the Milford Opportunities Project (MOP) forward has been announced by Minister of Conservation Poto Williams today.  “The Milford Opportunities Project is a once in a generation chance to reshape the gateway to Milford Sound Piopiotahi and redesign our transport infrastructure to benefit locals, visitors, and our ...
    BeehiveBy beehive.govt.nz
    1 week ago
  • Construction Sector Transformation Plan to accelerate change in industry
    A new three year plan to transform the construction industry into a high-performing sector with increased productivity, diversity and innovation has been unveiled by the Minister for Building and Construction Dr Megan Woods and Accord Steering group this morning. As lead minister for the Construction Sector Accord, Dr Woods told ...
    BeehiveBy beehive.govt.nz
    1 week ago
  • More counsellors to boost mental health workforce
    For the first time counsellors will be able to become accredited to work in publicly funded clinical roles to support the mental wellbeing of New Zealanders. The Government and the board of the New Zealand Association of Counsellors (NZAC) have developed a new opt-in accreditation pathway so NZCA members can ...
    BeehiveBy beehive.govt.nz
    1 week ago