Agencies advised of Companies Office fault
Subscribe now for $100 (23 issues) and save more than 37% off the cover price!
Get the latest news from Computerworld delivered via email.
Sign up now
All government agencies have been advised of an issue arising from an iGovt connection to the Companies Office.
At this stage, it’s thought to be a technical fault where users at one site wound up in other users’ accounts when they tried to access the web site.
Department of Internal Affairs spokesperson Michael Mead, says all government agencies are being told of the issue by the Government CIO and asked to confirm that the problem does not exist on their systems, or to apply the appropriate fix.
“We have followed up, confirmed the technical fault relates to a single page on the Companies Office website and does not originate with the iGovt logon service. The Companies Office has now fixed the problem,” he says.
“At no time were the details of companies on the Companies Office website at risk.
“The issue was this: information was requested from the Companies Office site by a small number of users all working through a local cache server.
"The issue appears to have been limited to a small pool of users in very specific circumstances. Based on the information logged by the user, we have concluded that under unique circumstances it was possible to view another user’s credentials that had been cached earlier at the user’s local site.
“For this circumstance to arise, the users had to be located at the same site and accessing the same exact ‘type’ of details in the same defined time period, and be on the same proxy server.
“This was possible because the configuration on this one page of the Companies site being accessed did not include an appropriate instruction to prevent the caching offsite of non-static information. This missing single line of code should be routinely included to avoid the problem identified.”
Posted by concerned at 15:48:29 on November 5, 2012
Posted by Realistic at 14:33:28 on November 8, 2012
Posted by Anonymous at 22:56:05 on November 3, 2012
Posted by Anonymous at 14:09:27 on November 2, 2012
Posted by Anonymous at 13:08:09 on November 2, 2012
Posted by Anonymous at 15:06:05 on November 5, 2012
You will struggle to find any IT system build by or for the NZ government that goes even half as far to protect your privacy as the igovt logon service...
Posted by William at 12:53:15 on November 2, 2012
How is THAT protecting my privacy?
Posted by Anonymous at 13:24:04 on November 2, 2012
Posted by William at 13:36:31 on November 2, 2012
Posted by Anonymous at 13:55:14 on November 2, 2012