Feb 17 2016
from James Henderson (Computerworld New Zealand) on 18 February, 2016 06:39
KiwiRail negligence left a test website open to the public where it was possible to book train and ferry tickets for free, prompting the Labour Party to slam the Government’s “amateur” cyber security defences.
After leaving its test website open to anyone growing on the internet, the error made it possible to make legitimate bookings on ferries and trains with a fake credit card number.
“It is remarkably easy for anyone with good technical knowledge to use the site to make free bookings,” says Clare Curran, Open Government spokesperson, Labour.
“Basically KiwiRail left a hole in its security so big you could drive a train through it.
“What makes matters worse is after I was contacted by a whistleblower I alerted KiwiRail who took 16 days to fix it. It is still unclear if the issues have been fixed.”
Curran says that while National says cyber security is extremely important, that message “clearly isn’t getting through to agencies”.
“The Government has to get into the 21st Century and secure its websites,” Curran adds.
“Amy Adams launched a computer emergency response team (CERT) to great fanfare late last year to help protect the public and businesses online.
“It’s extremely embarrassing that its government agencies need that team more than anyone.”