I have been laughing over the last few days as the New Zealand Transport Authority has become more red faced over the massive security hole in their toll road payment system.

On January 25 the Silverdale to Puhoi motorway extension will open, however to drive on it you will need to pay tolls, and for the last two months or so the NZTA have been advertising the www.tollroad.govt.nz website heavily so regulary uses of the new road can set up accounts.

On Monday a computer user realised that the website was not encrypting credit card information which means that anyone who knows anything about packet snifting or the like could intercept peoples credit card details as they used the website.

Now first and foremost this should never happen. Not on any ecommerce site, let alone a government website. Ecommerce programing 101 would surely teach you that first you must always encrypt data through using SSL and HTTPS not plain HTTP.

But what was more funny is that the red faced NZTA denied that there was anything wrong with the site! Refusing to take it offline or stop processing accounts.

That was until today when with egg on their face they took down the site for maintenance and admitted they stuffed up. Time to get new programmers one thinks.

Read more here:

http://www.nzherald.co.nz/connect/news/article.cfm?c_id=1501833&objectid=10550614

and

http://www.nzherald.co.nz/nz/news/article.cfm?c_id=1&objectid=10550744

Tags: Computers, Internet, NZTA, Programming, Roads, Security

This entry was posted on Wednesday, January 7th, 2009 at 6:59 pm and is filed under Computers, New Zealand, News & Current Events. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.