Scaremongering on credit cards

Written By: - Date published: 7:22 am, June 16th, 2011 - 100 comments
Categories: blogs, dpf, Ethics, making shit up, national - Tags: ,

Cameron Slater is still spreading disinformation about the data taken from Labour’s web site. Specifically he is claiming that people’s credit card details are at risk:

The problem however was much worse than that. Way worse. Remember that Chris Flatt the Labour General Secretary sent out a letter and email to their donors assuring them that their credit card details were safe. He shouldn’t have been too hasty with that assurance.

Their credit card provider admin details were:

“Flo2Cash_Donate\”;s:9:\“user_name\”;s:8:\“nzlabour\”;s:8:\“password\”;N;s:9:
\“signature\”;N;s:8:\“url_site\”;s:63:\

“https://secure.flo2cash.co.nz/donations/labourparty/donate.aspx\”;s:7:
\“url_api\”;N;s:9:\“url_recur\”;s:63:\

“https://secure.flo2cash.co.nz/donations/labourparty/donate.aspx\”

I never accessed those areas, to do so would have been illegal.

OK that’s pretty funny! Those aren’t “areas” – they are secure (encrypted) links to the web site of the transaction handler Flo2Cash. Slater couldn’t “access” them in a million years. Credit card details go straight to the Flo2Cash server without ever touching the Labour Party site. Neither the username, nor the password needed to access Flo2Cash were stored in the site database that the Nats (and subsequently Slater) accessed. See the statement from Flo2Cash below.

Having demonstrated complete technical incompetence, Slater heads off in to the realm of pure scaremongering:

But given that their systems were open and exposed long enough that Google and 9 other bots were able to cache the entire directory system there is a good chance that Russian or Nigerian scamsters also were able to obtain access to the data base and credit card processing passwords that Labour left exposed. Chris Flatt can not give any assurances that their donor details including credit cards were safe and secure.

Farrar (who should know better) is repeating this drivel. Whether they’re just stupid, or whether they know they’re spreading lies, it amounts to the same thing. National’s bloggers are trying to spread disinformation and concern amongst innocent members of the public. It’s a scummy tactic, but then that is their usual style.

100 comments on “Scaremongering on credit cards ”

  1. PeteG 1

    Whether they’re just stupid, or whether they know they’re spreading lies, it amounts to the same thing. National’s bloggers are trying to spread disinformation and concern amongst innocent members of the public. It’s a scummy tactic, but then that is their usual style.

    That’s an interesting accusation coming from you R0b. What would you know about that sort of tactic?

    I don’t like some of what is being done over the credit cards, but it seems like dirty political business as usual, it’s what polipeople want.

    [lprent: r0b doesn’t. In fact he leans over backwards not to. I note that you have offered absolutely nothing to backup that statement. If you read the policy you will find that we don’t allow this type of unsupported underhanded attack on our authors.

    Banned for a two weeks. You should be careful – after this level the ban lengths really start to escalate. You’d have to ask yourself if the cheap thrill you experience is worth it. Even a critic who never says much of substance should be able to understand that. ]

    • wtl 1.1

      FFS, surely if you are serious about improving NZ politics you should be criticising all sides when they blatantly make shit up.

      And yes, you can do that at the same time as trying to point out the ‘Your NZ’ will offer a great new way of doing things. Frankly, it doesn’t inspire much confidence in you or ‘Your NZ’ when you refuse to take a stance on issues such as this.

    • RedLogix 1.2

      I don’t like some of what is being done over the credit cards

      Yeah but you can’t quite bring yourself to condemn it can you?

      • PeteG 1.2.1

        I’ve already condemned it – I’ll repeat specifically if you like.

        It had to be revealed that credit card information was potentially at risk. That’s where I think it should have ended, there should have been no consideration that any of the credit card information should be revealed by anyone, nor threatened.

    • r0b 1.3

      That’s an interesting accusation coming from you R0b. What would you know about that sort of tactic?

      I don’t spread lies to scare innocent individuals.  You can apologise for that shit PeteG, or you can have a week off.

      [lprent: Just banned him. That is one of the self-martyrdom offenses. Sorry, you cannot protect him from that type of offense by getting in there first. ]

      • PeteG 1.3.1

        Attack bloggers for the Nats, a party which runs as a franchise of an Australian company (Crosby Textor)…

        You can’t make this stuff up…

        I think you did make that stuff up.

        If you don’t consider innocent individuals read this blog, and if you don’t think anyone reading this blog is scared by CT paranoia, then I’m happy to apologise.

        [lprent: You’re putting up a sentence of satire from a sarcastic as an explanation? That is beyond being weak.

        Well I have already banned you. But add another week for apparently lacking sense of humor or proportion – but mostly for being really stupid. I could do with the time off from reading you.

        See you in July. ]

        • Gosman 1.3.1.1

          Yes but left wing scaremongering is okay because the ‘evil’ capitalists are really out their trying to screw the workers and eat their babies.

        • r0b 1.3.1.2

          I think you did make that stuff up.

          I think you haven’t read The Hollow Men.

          Anyway, I see that lprent has already sorted you out, so see you in 2 weeks I guess.

        • Kevin Welsh 1.3.1.3

          Ha! More time to watch your Pollyanna DVD collection now PeteG.
          All together now, lets sing the ‘Glad’ song…

      • PeteG 1.3.2

        You’re opening yourself up to claims of political censorship, but I guess you know that.

        [lprent: *grin* I have to let this idiotic comment through. This is from someone who has his own site, and who spends a lot of time commenting at the sewer – hardly short of outlets. What I suspect that he actually means is that he’d like to keep freeloading his party and site on this site’s readership.

        If so, then he should have taken notice of the policy and avoided letting his own behavior fall into a zone that I’d have to act on. There are some behaviors that I don’t tolerate on the site and making unsubstantiated attacks on authors is pretty close to the top of the list.

        It is hard enough to get people to come on board and write the posts without having a blowhard coming in and slagging them off with nothing supporting their statements.

        He was just lucky that he’d accumulated enough brownie points from his comments. My first instinct was to ban him until after the election (and no – I cannot be persuaded to change my mind) ]

        • Jim Nald 1.3.2.1

          Thanks for sparing me from reading rubbish.
          I’ll express my appreciation by doubling my next cash donation to The Standard.

          • Anne 1.3.2.1.1

            My thanks too and there will be a cheque coming in the post.

            • hawk 1.3.2.1.1.1

              Yes using a credit card would be rather unwise, I agree. Labour dont have a great track record of protection.

              • Draco T Bastard

                Actually, they have an excellent track record. Or, to put it another way, one breach does not make track record – unless you’re a National Party stooge stuck on repeat.

              • Anne

                Tongue in cheek hawk.. tongue in cheek.

          • Jim Nald 1.3.2.1.2

            Well, National’s secret and blindingly obvious trusts, eg Waitemata Trust, won’t be getting any of my money this time.

  2. Luva 2

    r0b you are giving crazy whales story way more legs than it deserves.

    In my opinion he was never going to do anything with the data he found. He wanted to send the blogosphere and specifcally the far left blogosphere into a tail spin. And given the enormous amount of comments on this subject this week he has suceeded in his mission.

    He doesn’t care about the morality or legality of his actions. Whale lives and breathes off the reactions he gets from his posts. Ignoring him would suffocate him. Daily ranting about him brings him back to life

    • r0b 2.1

      r0b you are giving crazy whales story way more legs than it deserves.

      After it blew up in their faces, it needed all the legs it could get.  And in particular those lies on the credit cards, designed to scare specifically targeted individuals, needed to be countered.

      • Luva 2.1.1

        I acccept your point but I don’t think he will see it like that. I don’t know the guy and hope I never do but I’m guesing he is pretty proud of himself right now and keeping his delusions alive will bring a smile to his fat face.

        As for the rest of the world, are they interested in techie geek talk or political sniping? Thats all this story is now.

        Lets move on to talk about our shit salary increases this year and the causess for that.

    • lprent 2.2

      Are you saying that we can’t trust what anything that Cameron Slater says? That he routinely blusters and lies about fact?

      Not your usual line is it?

      I think that this story has some legs, especially the way that the National party is using their poodles to spread their dirty tricks. I for one intend to continue.

      • Luva 2.2.1

        Lynn I am certainly saying that.

        I may be a rightard but i will call bullshit on a fool like whale more often than not

        • Draco T Bastard 2.2.1.1

          And, I suspect, work hard to try to shut down the stories that hurt the right like you’re trying to do with this one.

      • Colonial Viper 2.2.2

        This story about National doesn’t just have legs, it has wings!!!

        Chicken wings, by the looks of what National and Slater are backpeddling on!

    • Peter 2.3

      I suspect you are oh so right about this guy living off reactions etc. I’ll be making another donation.

      • Jim Nald 2.3.1

        Indeed. Ditto. Will stop by the local Labour office and make a cash donation at midday.

        • Colonial Viper 2.3.1.1

          Yeah I’ve already decided to up the level I’m donating to Labour. And I think its time I threw more money at The Standard.

          My honey won’t mind me forwarding on a bit of cash from her Daddy’s trust account.

  3. Gosman 3

    Curious that you have an issue about the scaremongering about credit card details yet one of the regular members of this site sent a letter to both Peter Goodfellow and Cameron Slater in which he specified that he was concerned that they had his credit card details. Isn’t this scaremongering as well then?

    • Morning Gosman.

      See below.

    • r0b 3.2

      Yeah that just shows that the lies that the Nat-bloggers are spreading are working to create fear Gosman.

    • lprent 3.3

      You mean that that a lawyer should have known what a web server configuration looked like and realized that Camerson Slater was lying again.

      I think that you are either a little generous on your understanding of what they teach at law school or more likely you’re just doing a diversion spin.

      • Gosman 3.3.1

        Well as your stated position is that anything coming from Cameron Slater position is likely to be a lie then perhaps you need to pass this piece of advice on to comrade mickeysavage to avoid the embarrassment of him taking Cameron Slater at his word in future 😉

        • jackal 3.3.1.1

          It’s best to assume that everything oozing out of the oil lard is a lie when he has been shown to be untruthful on numerous occasions. The presumption of untruth needs to be disproved by him, and as such is not likely to be forthcoming (because the information does not exist or he is to much of a coward to present it) we must err on the side of caution and his history and say that lard arse is lying in a vain attempt to damage Labour. In this case it’s the presumption that old blubber guts is telling the truth that is the problem.

          Very few people will believe the word of a discredited blogger over that of Labour, especially people who already support the party and know a little about oil lard. In this instance he would have in fact turned many supporters against National for their possible involvement in the underhanded campaign… The ones who are mentally capable of determining the truth of the matter that is.

  4. I must admit I got sucked in by Whale about the credit card numbers after watching his video.  I made the fatal mistake of taking him at his word.  From now on if he says today is Thursday I am going to check a calendar.

    I agree with Luva that this has been a huge beat up and a damp squib in terms of the shock horror revelations.

    And I wish PeteG would discuss specifics.  These broad generalised statements he keeps making are driving me nuts.  It is like wrestling with a flamange.

    • Gosman 4.1

      Morning mickeysavage 😉

      So you agree that it was a tad rash of you to send off that e-mail demanding that the National party let you know what information they had about you and your credit card details then?

      • mickysavage 4.1.1

        No I still want to see what information it holds.
         
        I am in the fortunate position where I am happy to be branded as a Labour Party activist.  There are others, for instance public servants, for who any sort of publicity could be very damaging.  So the privacy issues relating to the data need to be respected.  Presuming that further consideration by the Privacy Commissioner is necessary then a complaint by an affected person as well as the party will be required.

        • Gosman 4.1.1.1

          Quite possibly but there is the potential embarrassment fact that the privacy commissioner will actually come down harder on the Labour Party than anyone else for failing to take proper precautions around the protection of the data.

          I have worked in banking for a while now and there are serious implications, (including large fines in some cases) for allowing customer data to be readily accessable in the way the Labour Party has done in this case.

          Are you also writing to the Labour Party demanding that they put in place proper I.T. security to protect your information or is your real issue on this more politically motivated?

          • lprent 4.1.1.1.1

            Don’t know about micky, but I have made my displeasure about events known to people at the NZLP. Unlike the National party, we are both members of the Labour Party. So you send polite letters to National and get quite sarcastic within conversations with people at Labour.

            And Gosman, point to something that the banks would consider to be a issue. There is no information that is sensitive to the banks in the exposed directories. It doesn’t show any credit card details

            I know the ones used in NZ and a couple of other countries because I have had to code to their standards. There is nothing there that would constitute a problem under the various bank guidelines. I’d guess that you are just raising yet another diversion.

            Perhaps you should make clear your opinion on what The National Party and Whaleoil have done? Do you think that it is moral and ethical to expose peoples private information to merely make a political point?

            • Gosman 4.1.1.1.1.1

              I’m really not fussed by it to be honest as I quite like the idea of open information disclosure, (although I admit it comes with serious risks).

              The US Government had a massive problem with the Wikileaks cables and took the position that it seriously compromised the ability of US diplomats to do their jobs properly and may potentially lead to harm to some people. However that didn’t stop certain people from publishing some of the information, (including on this blog if my memory serves me correctly), to make a political point.

              Do you have a problem with this sort of thing lprent?

              • lprent

                Do you have a problem with this sort of thing lprent?

                I think that I have made my thoughts on this quite plain on wikileaks, the hollow men, and even this one. I generally follow the legal basis because a lot of thought has gone into balancing out the differing competing rights and obligations. 

                If you want a short answer (I get complaints that some of my comments and posts are long), I’d say that I’m not as simple as you are in the balance.

                With wikileaks, there is at least one person (probably Manning) who released the information. They had obligations that they clearly violated and they will be prosecuted for that. It is likely that there is one of more persons in the National party who did the release of the hollow men e-mails – and the same thing should apply to them.

                Quite frankly it is a risk that you take as a whistle blower because you are violating a position of trust and there should be consequences for doing that. Even whistle blower legislation doesn’t usually shield people from that. If present then it merely mitigates the consequences.

                With journalists it is a whole different matter. The legal systems recognize a public good in having journalists being able to publish information where it is received in an unsolicited and unpaid for fashion. That is enshrined throughout legal systems in democracies and other types of societies. That is the transparency you are referring to.

                Again, most of the legalities reduce but do not remove legal consequences. It simply makes the burden of proof harder to obtain for prosecutors. For instance the ‘shield laws’ in various countries will normally protect sources, but there are circumstances where it will not. 

                Wikileaks and the newspapers that published the information are clearly covered by those protections as the US justice department found out. They look like they have failed to build a case that is likely to succeed against wikileaks or the newspapers.

                So when one of these cases comes up I look to the existing legal structures rather than doing as many do (like yourself?) and make legal principles up based on what you’d like to see happen. I’m afraid I have little respect for such wishlist blathering.

            • Gosman 4.1.1.1.1.2

              BTW Cusomer name and address information is regarded as reasonably sensitive data in the Banking world. While not as vital as credit card or bank account information releasing it into the public domain is still not acceptable.

              • lprent

                Yep, and it is typically not covered in the standards as a requirement.

                They are in the sections that make up the “security concerns” parts of the specs. Those are the ones to do with looking at how secure a system is in overall terms. Those also include a range of concerns such as physical security, vetting of personnel, auditing procedures, etc etc. They apply to corner dairies with their highly secure* eftpos terminals as well.

                * that was sarcasm for those who have humor deficiency issues

              • Colonial Viper

                While not as vital as credit card or bank account information releasing it into the public domain is still not acceptable.

                Which is what Whaleoil’s National paid lawyers will finally have managed to get through to him.

              • ianmac

                A few years ago I was given a huge stack of computer printout paper to draw on. It turned out to be the printout from a local bank and at a glance I recognised local names and details. Hells Bells. I got my trusty guillotine out and slashed the pages especially on the left hand side as the names appeared to be thus. Am sure that that would not happen today though. Pity Whale couldn’t have done the same thing, though with other bits fed to the guillotine.

  5. ghostwhowalksnz 5

    128 bit encryption ? Isnt that a bit weak these days

    • lprent 5.1

      Not uncommon on payment sites. If you are looking at man in the middle attacks there isn’t much point in having encryption on one leg that is stronger than that on other legs. Typically the banks set their standards long ago.

      I must pop on to the computer downstairs. I can’t read the flo2cash statement on my iPad.

      • Bazar 5.1.1

        128bit encryption is perfectly fine. Its already in the overkill stage.

        It’d probably take more energy in our solar system powering a pc for a trillion years, then to crack 128 bit encryption given a brute force attack.

        There was something like a slight flaw in a leading encryption alogorithm discovered a while back, if it uses that alothirim, then perhaps it’d only take a billion years and the power of our sun to do it.

        • infused 5.1.1.1

          Not quite. There is a reason you cannot use more than 128bit encryption in the US. It’s not crackable in our lifetime. 128 is.

  6. ron 6

    Can we all just agree that Slater et al are f*#k heads and leave it at that?

    • ZeeBop 6.1

      Sorry but hasn’t Slater broke the law if he suggests that? If a donor is forced to change their credit cards at time and cost, then finds out that Slater never had the details. So he must have them. Any credit card company would be very concerned by what Slater is saying, it makes them look bad too, the more cases of credit card numbers the less integrity there is the their product, and so will they be mighty happy to take Slater to task if he were lying. Oh, oops, maybe the data has fake credit cards numbers, like a bank who hold a marked bank note in the cashier draw.
      Slater should be more mindful of the wikileak of massive amount of US intelligence, just because
      a diplomat says it in private does not make it US policy. How exactly does Slater know those are correct credit card numbers.

      • Kaplan 6.1.1

        That is a very interesting point. I know for a fact that my credit card details will be in there. I wonder if a complaint to the police about my information ‘potentially’ being stolen is warranted?

        • lprent 6.1.1.1

          Your credit card details won’t be there.

          However information that you have provided to Labour for a specific purpose is now in the hands of Whaleoil (and probably the National party – somehow I don’t really believe their “I didn’t inhale defense”). There is nothing to prevent you from making a complaint as there is a prima facia case that information you own (as the privacy act makes quite clear) is in the hands of someone not authorized to have it.

          • Gosman 6.1.1.1.1

            Yes but who is at fault here for the information getting into the public domain. If it was in a banking environment the onus is on the bank to keep your information securely and if it doesn’t then the issue is with the bank who stored the information not with the people who accessed the information. One of the reasons for this is practicality. If 1000 people accessed your information it is obviously difficult to try and get recourse from each of these 100 people. It is much easier to go directly to the organisation that should have kept your information securely.

          • rouppe 6.1.1.1.2

            Then the complaint should be against the Labour Party. They were the ones who collected it and are responsible for making sure it isn’t compromised.

            Principle 5 of the Privacy Act.

            • Kaplan 6.1.1.1.2.1

              I completely disagree. If I give any property or information to someone and they leave it unsecured, sure I can be upset with them, but if an unauthorised person takes it KNOWLINGLY from the people I have entrusted it to then they are the ones that have committed the crime.
              In this case it’s Cameron Slater who ‘claims’ to have my credit card details. I’ve never authorised him to have them so a complaint to the police seems warranted.
              At the very least I am going to ring my bank and seek their advice. Perhaps they will take a complaint against him.

              • rouppe

                What crime?

                This is akin to some Labour staffer dumping the records into a skip and then complaining that someone went through the skip and pulled them out again.

                This is not akin to someone entering your home. Your home is private property. An unsecured server is public. If you have wi-fi at home and haven’t secured it, you can’t complain if someone uses your bandwidth.

                It is up to the collector of the information to ensure that it is secure against loss, access and disclosure. The collector was the Labour Party.

                • Draco T Bastard

                  Pretty sure that going through someone else’s rubbish is illegal. It’s still their rubbish.

                  • rouppe

                    If the skip or rubbish bin is in a public place then it is most certainly not illegal.

                    That is why Police can sift through rubbish dumps without a warrant, whereas they can’t sift through your house without a warrant

                    • Draco T Bastard

                      Nope, When I worked for a contractor that dealt with rubbish in Auckland we had to get permission from the council before we opened the rubbish that had been dumped to see if we could find an address to charge the bastards.

                    • The Voice of Reason

                      It’s both theft and trespass to take from bins on private property and it’s a handy real world corollory to the digital world charges Slater would face if he had the guts to go through with his threat to publish the names.

                    • rouppe

                      Fair enough.

                      I concede I was wrong on that point.

                  • Bunji

                    Yup taking or going thru rubbish is illegal.

                    • Jim Nald

                      Indeed.

                      For the NZ context, the Crimes Act is applicable and see also this piece:

                      http://www.odt.co.nz/opinion/opinion/42471/there-are-ways-and-ways-thieving

                    • McFlock

                      Yeah the police can search a dump because the owners (the local council) let them, although if the council said “no” the police would then need a warrant or statutory power (e.g. s19 search powers).

                      It varies from country to country, but generally everything is owned by somebody. Some places let you take a person’s rubbish bags from the street, but if the refuse contractor is paid by the tonnage then you’re stealing from them. If they have a nice incremental revenue stream from salvage/ reuse/ composting, then you’re stealing from them. Some countries/ states  regard rubbish bins/bags in the street as “plain view” searches, but it still belongs to somebody.

                      Nice try though.

                  • ZeeBop

                    If you pick rubbish up to recycle it, then I think that’s permissible. I think
                    where it gets illegal is when information is gathered from the rubbish,
                    since the rubbish is paid by the owner to have it removed, and the
                    expectation that the rubbish remains private is assumed. The theft is
                    the loss of privacy. If you have information you want to dump in
                    the rubbish, and there are people who will take newspaper to read
                    out of the paper recycler bin, then you should put the information
                    in with the wet rubbish, DUH.

                    Now what about dumpster diving. Well yes there is a commerical
                    interest to have the food go to waste, so consumers but new, and
                    the health issues. But conversely if you can’t afford it, are in end
                    of food, can’t get a benefit because WINZ don’t believe in the social
                    security net, then I would say plunge away.

                    Now what about the yellow pages, great for recylcing, but
                    the owner might have written in the margins. Mostly undiscernable
                    but some might make sense. So should that information then sit
                    in your fire basket waiting for years to dry out with information
                    that a person left on it, well if they also wrote their name on the
                    yellow pages!!!! Who does that??

                    I think once you have come into information that you should
                    not of, like you come into possession of property, you have
                    a duty to take it too the police and if nobody claims it, then
                    claim and use it????? Would Police be reckless if they let you have
                    the used needle you found back?

                • If you have wi-fi at home and haven’t secured it, you can’t complain if someone uses your bandwidth.

                  rouppe, why on earth do you think that – in these circumstances – someone can’t complain? I certainly would. If I can’t complain about someone doing something that is wrong and that they would know was wrong, then under what circumstances would I be able to complain about anything? (Please don’t answer ‘If someone broke the law’ because that would be the reduction of social sanctions to legal sanctions – and no society could exist on that alone.)

                  Should we have no expectations of each other’s behaviour?

            • mickysavage 6.1.1.1.2.2

              This issue is not an either or.  

              I am absolutely certain there has been some private ass kicking within the Labour Party.  I am satisfied with the steps that have been taken.

              I am also concerned that the Nats have information about me. This does not prevent me or others from asking and the way I see it they are under an obligation to provide.  I am also keen to find out what they thought gave them the right to download the data.

              • Gosman

                I’d suggest your faith in the Labour Party resolving this issue might be blinded by your idealogical bent rather than reflecting what the reality may actually be. It would probably pay for you to do what lprent has done and request an assurance from Labour that your personal information will not be kept in such a sloppy unprotected manner in future.

                • lprent

                  I didn’t request an assurance, that would definitely be the wrong word for it.

                  I have had a series of very sarcastic conversations with various people asking how it happened, what they are doing to fix it, offering my assistance if it is required, and asking what steps have been taken to ensure that it doesn’t happen again. 

                  I think that “arse-kicking” would be a better description. It was an accident and it was one that shouldn’t have happened. But I’ve been around human/managerial/computer systems long enough to know that they will. What I was really concerned about was the way that a single failure opened so much of the system up. There simply wasn’t enough layering of protection in there.

                  However that doesn’t detract from the fact that what the National Party and Whaleoil did was morally and almost certainly legally reprehensible – which is what you seem to want to avoid talking about. I guess you have a double standard?

                  • Draco T Bastard

                    No, he has only one standard – cover up the immoral dealings of NAct at all costs.

  7. Sam 7

    As a spectator, the show that you guys and whale have put on this week has been highly entertaining!

    Thanks! 😀

  8. Tangled up in blue 8

    I noticed on TV3s Firstline this morning that Garner was spinning that National have done nothing wrong and that Labour were trying to blame National for everything.

    • r0b 8.1

      Didn’t see it, but I heard that Garner confirmed that the Nats passed on the details to Slater.

      • Gosman 8.1.1

        Please provide evidence for this please. At the moment it is just hearsay from you.

        • Jim Nald 8.1.1.1

          Here .. ?

          http://www.3news.co.nz/The-Week-in-Politics/tabid/419/articleID/215314/Default.aspx

          From around 2’53 – 2’58” (out of 4’16” … although note that the timing on the clip restarted part way)

          Duncan Garner:
          “if you look at some of the hits on the Labour Party’s website last weekend,
          yes, someone from National Party headquarters tried to get in there
          although they didn’t and it looks like they passed the information on
          to Whaleoil to go and do it himself which he did”

          • Lanthanide 8.1.1.1.1

            That’s not a “confirmation”, just Garner repeating hear-say.

            • Pascal's bookie 8.1.1.1.1.1

              I though Gos was after confirmation that Garner said it.

              And Garner is saying from the evidence, it looks like National passed it on…

              No?

              • Lanthanide

                r0b said Garner “confirmed” it. r0b could have just said “Garner said it”, but he didn’t.
                 
                So my interpretation of what r0b wrote is that he had heard that Garner had new, inside information which he stated on the show. Whether or not Gosman interpreted what r0b said in the same way I did, I don’t know.

                • r0b

                  Yes, I was careful to point out that I was repeating something I’d “heard” (seen claimed elsewhere).  The person who made the original claim may be correct or not, I don’t know, and don’t have time to find out right now!

      • Tangled up in blue 8.1.2

        I’ve re-watched it and yes although he does say that National didn’t get in, you’re right his comment about Labour blaming National looks to be in context of passing details to Slater.

        http://www.3news.co.nz/The-Week-in-Politics/tabid/370/articleID/215314/Default.aspx

        This week they’ve tried to blame the National Party because if you look at some of the hits on the Labour Party website last weekend yes someone from National Party headquarters tried to get in there, although they didn’t, and it looks like they’ve passed the information on to whaleoil to go and do it himself which he did.

        edit: beaten by Jim!

  9. Jim Nald 9

    I have yet to catch up with the NZ news sites which I tend to shun these days (The Standard is my first call before I look up Google news).

    Can someone tell me whether the so-called list of 18,000 will be publicly released or not?

    I’ll pledge here that for the detail of every one donor that is released, I’ll donate one cent to the Labour Party.

  10. rouppe 10

    Well Flo2Cash might be secure, but the point is that this is only fine once the data gets there.

    The original collection point for the credti card data was on Labour servers, the card (PAN) data was retained when it shouldn’t be, it was retained in a non-PCI-DSS compliant way (i.e. there is no obfuscation of the PAN data), and the server was then left wide open.

    I haven’t seen WO’s files, and I didn’t bother going to look at the cached data. But if there are credit card numbers among that data, then Labour really screwed up.

    [Read the post. There are no credit card details in the cached data. Credit card details were never stored on the Labour site. — r0b]

    • I just went and made a donation.  When I got to the stage of entering in credit card details I was taken to the flotocash website and away from the Labour website.  There was extra code in the url to obviously record who the donation was for but it was definately flotocash’s site.
       
      If anyone else wants to do the same they start at http://labour.org.nz/civicrm/contribute/transact?reset=1&id=1

    • lprent 10.2

      If the long text string in the video is what you’re referring to, then it wasn’t a PAN – wrong format. It looks like a transaction ID or a transaction key.

    • rouppe 10.3

      Well good then. That’s a major concern taken care of.

      That means the only problem is the public finding out who the donors are.

      You thought WikiLeaks was good, and the information disclosed there was protected, and was secured, but leaked by someone in a privileged position.

      Disclosing the names there could lead to their death, but that seemed to be fine. Why is this leak is a travesty of the most humungous proportions?

      • Lanthanide 10.3.1

        1. A lot of the stuff wikileaks has had names and identifying details redacted.
        2. Wikileaks leaked stuff about large corporates, governments, and their mechanations. Not private details about members of the public.
         
        It took me 2 minutes to come up with that. I’m sure there are many other differences between them, too.

      • lprent 10.3.2

        The leak isn’t – that is an accident that needs to be fixed.

        What is of interest is that Whaleoil was talking about releasing private information to the world with no more “public interest” motivation than if he’d want to display his cock size. And it is easy to argue that is what he was doing by publishing the details (doing a “Weiner”).

        Since he has no “public interest” protections in the legal sense, then he should probably be prosecuted at some level for what he did do. Of course being Whale, he will attempt to feebly avoid the consequences of his actions in the same way that he did when he violated the suppression laws. He isn’t exactly well known for his stands on principles – more for his displays of juvenile narcissism.

        The other question is that knowing what Whaleoil was likely to do, why did someone in the National Party, probably quite senior, feel that it was a good idea to pass the details about how to such a juvenile narcissist. That doesn’t seem to be a particularly wise thing to do, and even it was not criminally negligent then you could certainly make a case that it directly violated several aspects of the privacy laws.

    • lprent 10.4

      And besides your statement is that of a technical idiot, how exactly do you get the PAN from the mag stripe on the card into a payment made on the internet?

      • Lanthanide 10.4.1

        He’s clearly just name-dropping things like “PAN” in order to sound like he knows what he’s talking about.

        • rouppe 10.4.1.1

          Actually, that is only part of the information on the mag stripe. The PAN is the primary account number – the number embossed on the front of the card and usually entered in an online transaction.

          It took me less than 2 minutes to come up with that.

          So since you failed in your attempt to divert the question, what is so bad about leaking details about donors to the Labour organisation, when it was OK for WikiLeaks to leak details about different organisations

          • lprent 10.4.1.1.1

            Interesting. I have only come across it in the context of the magnetic strip or smart cards at the programming level.

            But in any case it is still the wrong format if you look at it as a human or as a machine. The payment system is such that Labour’s website never sees the payment details like credit card numbers or CVV’s.

  11. djg 11

    Rob, has the Labour party made the same statement,

    “There are no credit card details in the cached data. Credit card details were never stored on the Labour site.”

    if not will they do so ? I note the letter above from Flo2cash but that only refers to there own site and process.

    It would be a very compelling statement from the President.

    [lprent: It was in the press statement several days ago. Look it up.

    In the meantime I have trashed most of the flame thread that arose from this troll comment as being of zero interest to anyone. djg, you are now on troll watch. CV – constrain yourself or I will do it for you. ]

    • Colonial Viper 11.1

      Hey djg, why don’t you charge for your valuable advice? A-hole.

      [lprent: Don’t feed the trolls. ]

    • djg 11.2

      But I see Colonial Viper’s first abuse remains. That’s nice work.

  12. randal 12

    what the hell uis going on.
    these people have comitted a crime but you are carrying on as if it is just some interweb jape.
    are these crums above the law?
    get the cops on them right away and dont let up.

  13. infused 13

    “Having demonstrated complete technical incompetence”

    Yeah, still claiming it was a security hole eh? yawn

    • Colonial Viper 13.1

      It was an unsecured webserver where confidential information not intended for public access was stored.

      That confidential information was then accessed by parties who did not have authorisation to do so.

      I’m happy to keep repeating this as long as you’re happy to be obtuse 🙂

      • Gosman 13.1.1

        Was the information in question tagged in anyway as being confidential and not for the general public? If not then you are then you have to presuppose that people have to make a distinction between public data on a publically available website and private data on a publically available website. You see the issue there don’t you?

        • Lanthanide 13.1.1.1

          Anyone that could make sense of the data would know what it was and that it wasn’t *intended* for public consumption. Therefore those who specifically took the data *knew* they were taking something that they shouldn’t have had access to.
           
          As we’ve seen with the looting in Christchurch, there’s quite a difference between someone with autism stealing light fittings out of houses because he has an affinity to them, and someone else stealing a generator that was to be used to power a cell-site.

  14. wawot 14

    I don’t know much about this so could you please clarify:

    Your quote from the whale blog has the following bit edited out…

    “….with that assurance.

    In the MySQL data­base files there were also plain txt strings that con­tained other data­base pass­words along with the user name and pass­words of their credit card provider.

    $db_url = ‘mysqli://labour_admin:N0t3b00kC0r0n3t@localhost/labour_production’;

    which equates to $db_url = ‘mysqli://username:password@localhost/databasename’;

    Their credit card….”

    From the example provided the username is labour_admin and the password is N0t3b00kC0r0n3t, which although it mightn’t be a credit card, is a username and password to something?

    After reading a bit on this blog and some on the other blog I’d tend to be scaremongered if I was a Labour supporter.

Recent Comments

Recent Posts

  • EV road user charges bill passes
    Transport Minister Simeon Brown has welcomed the passing of legislation to move light electric vehicles (EVs) and plug-in hybrid electric vehicles (PHEVs) into the road user charges system from 1 April.  “It was always intended that EVs and PHEVs would be exempt from road user charges until they reached two ...
    BeehiveBy beehive.govt.nz
    1 day ago
  • Bill targets illegal, unregulated fishing in international waters
    New Zealand is strengthening its ability to combat illegal fishing outside its domestic waters and beef up regulation for its own commercial fishers in international waters through a Bill which had its first reading in Parliament today. The Fisheries (International Fishing and Other Matters) Amendment Bill 2023 sets out stronger ...
    BeehiveBy beehive.govt.nz
    1 day ago
  • Reserve Bank appointments
    Economists Carl Hansen and Professor Prasanna Gai have been appointed to the Reserve Bank Monetary Policy Committee, Finance Minister Nicola Willis announced today. The Monetary Policy Committee (MPC) is the independent decision-making body that sets the Official Cash Rate which determines interest rates.  Carl Hansen, the executive director of Capital ...
    BeehiveBy beehive.govt.nz
    1 day ago
  • Stronger protections for apartment owners
    Apartment owners and buyers will soon have greater protections as further changes to the law on unit titles come into effect, Housing Minister Chris Bishop says. “The Unit Titles (Strengthening Body Corporate Governance and Other Matters) Amendment Act had already introduced some changes in December 2022 and May 2023, and ...
    BeehiveBy beehive.govt.nz
    1 day ago
  • Travel focused on traditional partners and Middle East
    Foreign Minister Winston Peters will travel to Egypt and Europe from this weekend.    “This travel will focus on a range of New Zealand’s traditional diplomatic and security partnerships while enabling broad engagement on the urgent situation in Gaza,” Mr Peters says.   Mr Peters will attend the NATO Foreign ...
    BeehiveBy beehive.govt.nz
    1 day ago
  • Keep safe on our roads this Easter
    Transport Minister Simeon Brown is encouraging all road users to stay safe, plan their journeys ahead of time, and be patient with other drivers while travelling around this Easter long weekend. “Road safety is a responsibility we all share, and with increased traffic on our roads expected this Easter we ...
    BeehiveBy beehive.govt.nz
    2 days ago
  • Cost of living support for over 1.4 million Kiwis
    About 1.4 million New Zealanders will receive cost of living relief through increased government assistance from April 1 909,000 pensioners get a boost to Superannuation, including 5000 veterans 371,000 working-age beneficiaries will get higher payments 45,000 students will see an increase in their allowance Over a quarter of New Zealanders ...
    BeehiveBy beehive.govt.nz
    2 days ago
  • Tenancy reviews for social housing restart
    Ensuring social housing is being provided to those with the greatest needs is front of mind as the Government restarts social housing tenancy reviews, Associate Housing Minister Tama Potaka says. “Our relentless focus on building a strong economy is to ensure we can deliver better public services such as social ...
    BeehiveBy beehive.govt.nz
    2 days ago
  • Kermadec Ocean Sanctuary plan halted
    The Kermadec Ocean Sanctuary will not go ahead, with Cabinet deciding to stop work on the proposed reserve and remove the Bill that would have established it from Parliament’s order paper. “The Kermadec Ocean Sanctuary Bill would have created a 620,000 sq km economic no-go zone,” Oceans and Fisheries Minister ...
    BeehiveBy beehive.govt.nz
    2 days ago
  • Cutting all that dam red tape
    Dam safety regulations are being amended so that smaller dams won’t be subject to excessive compliance costs, Minister for Building and Construction Chris Penk says. “The coalition Government is focused on reducing costs and removing unnecessary red tape so we can get the economy back on track.  “Dam safety regulations ...
    BeehiveBy beehive.govt.nz
    2 days ago
  • Drought support extended to parts of North Island
    The coalition Government is expanding the medium-scale adverse event classification to parts of the North Island as dry weather conditions persist, Agriculture Minister Todd McClay announced today. “I have made the decision to expand the medium-scale adverse event classification already in place for parts of the South Island to also cover the ...
    BeehiveBy beehive.govt.nz
    2 days ago
  • Passage of major tax bill welcomed
    The passing of legislation giving effect to coalition Government tax commitments has been welcomed by Finance Minister Nicola Willis.  “The Taxation (Annual Rates for 2023–24, Multinational Tax, and Remedial Matters) Bill will help place New Zealand on a more secure economic footing, improve outcomes for New Zealanders, and make our tax system ...
    BeehiveBy beehive.govt.nz
    2 days ago
  • Lifting economy through science, tertiary sectors
    Science, Innovation and Technology Minister Judith Collins and Tertiary Education and Skills Minister Penny Simmonds today announced plans to transform our science and university sectors to boost the economy. Two advisory groups, chaired by Professor Sir Peter Gluckman, will advise the Government on how these sectors can play a greater ...
    BeehiveBy beehive.govt.nz
    2 days ago
  • Government announces Budget priorities
    The Budget will deliver urgently-needed tax relief to hard-working New Zealanders while putting the government’s finances back on a sustainable track, Finance Minister Nicola Willis says.  The Finance Minister made the comments at the release of the Budget Policy Statement setting out the Government’s Budget objectives. “The coalition Government intends ...
    BeehiveBy beehive.govt.nz
    2 days ago
  • Government to consider accommodation solution
    The coalition Government will look at options to address a zoning issue that limits how much financial support Queenstown residents can get for accommodation. Cabinet has agreed on a response to the Petitions Committee, which had recommended the geographic information MSD uses to determine how much accommodation supplement can be ...
    BeehiveBy beehive.govt.nz
    3 days ago
  • Government approves extension to Royal Commission of Inquiry into Abuse in Care
    Cabinet has agreed to a short extension to the final reporting timeframe for the Royal Commission into Abuse in Care from 28 March 2024 to 26 June 2024, Internal Affairs Minister Brooke van Velden says.                                         “The Royal Commission wrote to me on 16 February 2024, requesting that I consider an ...
    BeehiveBy beehive.govt.nz
    3 days ago
  • $18m boost for Kiwis travelling to health treatment
    The coalition Government is delivering an $18 million boost to New Zealanders needing to travel for specialist health treatment, Health Minister Dr Shane Reti says.   “These changes are long overdue – the National Travel Assistance (NTA) scheme saw its last increase to mileage and accommodation rates way back in 2009.  ...
    BeehiveBy beehive.govt.nz
    3 days ago
  • PM’s Prizes for Space to showcase sector’s talent
    The Government is recognising the innovative and rising talent in New Zealand’s growing space sector, with the Prime Minister and Space Minister Judith Collins announcing the new Prime Minister’s Prizes for Space today. “New Zealand has a growing reputation as a high-value partner for space missions and research. I am ...
    BeehiveBy beehive.govt.nz
    3 days ago
  • Concerns conveyed to China over cyber activity
    Foreign Minister Winston Peters has confirmed New Zealand’s concerns about cyber activity have been conveyed directly to the Chinese Government.     “The Prime Minister and Minister Collins have expressed concerns today about malicious cyber activity, attributed to groups sponsored by the Chinese Government, targeting democratic institutions in both New ...
    BeehiveBy beehive.govt.nz
    3 days ago
  • Independent Reviewers appointed for School Property Inquiry
    Independent Reviewers appointed for School Property Inquiry Education Minister Erica Stanford today announced the appointment of three independent reviewers to lead the Ministerial Inquiry into the Ministry of Education’s School Property Function.  The Inquiry will be led by former Minister of Foreign Affairs Murray McCully. “There is a clear need ...
    BeehiveBy beehive.govt.nz
    3 days ago
  • Brynderwyns open for Easter
    State Highway 1 across the Brynderwyns will be open for Easter weekend, with work currently underway to ensure the resilience of this critical route being paused for Easter Weekend to allow holiday makers to travel north, Transport Minister Simeon Brown says. “Today I visited the Brynderwyn Hills construction site, where ...
    BeehiveBy beehive.govt.nz
    4 days ago
  • Speech to the Infrastructure Funding & Financing Conference
    Introduction Good morning to you all, and thanks for having me bright and early today. I am absolutely delighted to be the Minister for Infrastructure alongside the Minister of Housing and Resource Management Reform. I know the Prime Minister sees the three roles as closely connected and he wants me ...
    BeehiveBy beehive.govt.nz
    4 days ago
  • Parliamentary network breached by the PRC
    New Zealand stands with the United Kingdom in its condemnation of People’s Republic of China (PRC) state-backed malicious cyber activity impacting its Electoral Commission and targeting Members of the UK Parliament. “The use of cyber-enabled espionage operations to interfere with democratic institutions and processes anywhere is unacceptable,” Minister Responsible for ...
    BeehiveBy beehive.govt.nz
    4 days ago
  • NZ to provide support for Solomon Islands election
    Foreign Minister Winston Peters and Defence Minister Judith Collins today announced New Zealand will provide logistics support for the upcoming Solomon Islands election. “We’re sending a team of New Zealand Defence Force personnel and two NH90 helicopters to provide logistics support for the election on 17 April, at the request ...
    BeehiveBy beehive.govt.nz
    4 days ago
  • NZ-EU FTA gains Royal Assent for 1 May entry to force
    The European Union Free Trade Agreement Legislation Amendment Bill received Royal Assent today, completing the process for New Zealand’s ratification of its free trade agreement with the European Union.    “I am pleased to announce that today, in a small ceremony at the Beehive, New Zealand notified the European Union ...
    BeehiveBy beehive.govt.nz
    4 days ago
  • COVID-19 inquiry attracts 11,000 submissions
    Public consultation on the terms of reference for the Royal Commission into COVID-19 Lessons has concluded, Internal Affairs Minister Hon Brooke van Velden says.  “I have been advised that there were over 11,000 submissions made through the Royal Commission’s online consultation portal.” Expanding the scope of the Royal Commission of ...
    BeehiveBy beehive.govt.nz
    4 days ago
  • Families to receive up to $75 a week help with ECE fees
    Hardworking families are set to benefit from a new credit to help them meet their early childcare education (ECE) costs, Finance Minister Nicola Willis says. From 1 July, parents and caregivers of young children will be supported to manage the rising cost of living with a partial reimbursement of their ...
    BeehiveBy beehive.govt.nz
    4 days ago
  • Unlocking a sustainable, low-emissions future
    A specialised Independent Technical Advisory Group (ITAG) tasked with preparing and publishing independent non-binding advice on the design of a "green" (sustainable finance) taxonomy rulebook is being established, Climate Change Minister Simon Watts says.  “Comprising experts and market participants, the ITAG's primary goal is to deliver comprehensive recommendations to the ...
    BeehiveBy beehive.govt.nz
    4 days ago
  • Chief of Army thanked for his service
    Defence Minister Judith Collins has thanked the Chief of Army, Major General John Boswell, DSD, for his service as he leaves the Army after 40 years. “I would like to thank Major General Boswell for his contribution to the Army and the wider New Zealand Defence Force, undertaking many different ...
    BeehiveBy beehive.govt.nz
    4 days ago
  • Minister to meet Australian counterparts and Manufacturing Industry Leaders
    25 March 2024 Minister to meet Australian counterparts and Manufacturing Industry Leaders Small Business, Manufacturing, Commerce and Consumer Affairs Minister Andrew Bayly will travel to Australia for a series of bi-lateral meetings and manufacturing visits. During the visit, Minister Bayly will meet with his Australian counterparts, Senator Tim Ayres, Ed ...
    BeehiveBy beehive.govt.nz
    4 days ago
  • Government commits nearly $3 million for period products in schools
    Government commits almost $3 million for period products in schools The Coalition Government has committed $2.9 million to ensure intermediate and secondary schools continue providing period products to those who need them, Minister of Education Erica Stanford announced today. “This is an issue of dignity and ensuring young women don’t ...
    BeehiveBy beehive.govt.nz
    6 days ago
  • Speech – Making it easier to build.
    Good morning, it’s great to be here.   First, I would like to acknowledge the New Zealand Institute of Building Surveyors and thank you for the opportunity to be here this morning.  I would like to use this opportunity to outline the Government’s ambitious plan and what we hope to ...
    BeehiveBy beehive.govt.nz
    7 days ago
  • Pacific youth to shine from boost to Polyfest
    Minister for Pacific Peoples Dr Shane Reti has announced the Government’s commitment to the Auckland Secondary Schools Māori and Pacific Islands Cultural Festival, more commonly known as Polyfest. “The Ministry for Pacific Peoples is a longtime supporter of Polyfest and, as it celebrates 49 years in 2024, I’m proud to ...
    BeehiveBy beehive.govt.nz
    1 week ago
  • 2024 Ngarimu VC and 28th (Māori) Battalion Memorial Scholarships announced
    ...
    BeehiveBy beehive.govt.nz
    1 week ago
  • Speech to Breast Cancer Foundation – Insights Conference
    Before moving onto the substance of today’s address, I want to recognise the very significant and ongoing contribution the Breast Cancer Foundation makes to support the lives of New Zealand women and their families living with breast cancer. I very much enjoy working with you. I also want to recognise ...
    BeehiveBy beehive.govt.nz
    1 week ago
  • Kiwi research soars to International Space Station
    New Zealand has notched up a first with the launch of University of Canterbury research to the International Space Station, Science, Innovation and Technology and Space Minister Judith Collins says. The hardware, developed by Dr Sarah Kessans, is designed to operate autonomously in orbit, allowing scientists on Earth to study ...
    BeehiveBy beehive.govt.nz
    1 week ago
  • Speech to the New Zealand Planning Institute
    Introduction Thank you for inviting me to speak with you today and I’m sorry I can’t be there in person. Yesterday I started in Wellington for Breakfast TV, spoke to a property conference in Auckland, and finished the day speaking to local government in Christchurch, so it would have been ...
    BeehiveBy beehive.govt.nz
    1 week ago
  • Support for Northland emergency response centre
    The Coalition Government is contributing more than $1 million to support the establishment of an emergency multi-agency coordination centre in Northland. Emergency Management and Recovery Minister Mark Mitchell announced the contribution today during a visit of the Whangārei site where the facility will be constructed.  “Northland has faced a number ...
    BeehiveBy beehive.govt.nz
    1 week ago
  • Celebrating 20 years of Whakaata Māori
    New Zealanders have enjoyed a broader range of voices telling the story of Aotearoa thanks to the creation of Whakaata Māori 20 years ago, says Māori Development Minister Tama Potaka. The minister spoke at a celebration marking the national indigenous media organisation’s 20th anniversary at their studio in Auckland on ...
    BeehiveBy beehive.govt.nz
    1 week ago
  • Some commercial fishery catch limits increased
    Commercial catch limits for some fisheries have been increased following a review showing stocks are healthy and abundant, Ocean and Fisheries Minister Shane Jones says. The changes, along with some other catch limit changes and management settings, begin coming into effect from 1 April 2024. "Regular biannual reviews of fish ...
    BeehiveBy beehive.govt.nz
    1 week ago

Page generated in The Standard by Wordpress at 2024-03-29T10:17:32+00:00