Nice non-paywalled report
into how the National Party (and others) were able to obtain
supposedly-confidential details of today’s Budget announcements.
In summary, a “clone” was made of the Treasury website, containing the
Budget info, that was supposed to be swapped for the current production
site later today. It was not publicly accessible, at least directly.
However, the search function on the public site was inadvertently
sucking up the confidential info from the clone server as well, and
carefully-worded searches would reveal bits of such info as search
context, even if the actual documents being indexed were not accessible
The Police have decided that, even though such leaks are considered a
serious matter, the accesses were “not unlawful”. Which seems a
refreshing change from, say, the UK, where someone was prosecuted and
jailed some years ago just for putting “../” into a URL ...
+1 for common sense.
Dept. of Computer Science
University of Waikato, NZ
+64 (7) 858-5174