• Our Vision

    To be the trusted guardian of
    New Zealand's
    Information Assets

  • Our Mission

    To provide IA & Cyber Security support to Agencies & Critical Infrastructure operators in order to secure networks and provide monitoring, analysis & response capability to combat APT

NCSC advisory - OpenSSL Vulnerability

OpenSSL versions 1.0.1 through 1.0.1f contain a flaw  that  allows an attacker to retrieve private memory of an application that uses the vulnerable OpenSSL library. 

The bug commonly known as Heartbleed, allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software.

This potentially compromises the secret keys used to secure internet communication, the names and passwords of the users and the actual content. 

Exploit code for this vulnerability is  publicly available.


The full NCSC advisory is available here

read more

Reporting an Incident

If you are a New Zealand government institution or a Critical National Infrastructure (CNI) organisation and you have encountered or suspect the presence of a cyber threat, please complete and return an Incident Reporting Form. If required, you can speak with us directly on (04) 498-7654. All incident reports provided to the NCSC are treated in the strictest of confidence.

Some Interesting Stats

In its second year of operation, the NCSC saw an increase in the number of cyber security incidents reported, from a total of 90 in 2011, to a total of 134 in 2012. The bulk (60%) of the incidents reported to NCSC in 2012 originated from an overseas source.

The 2012 Sophos report states that approximately 30,000 new malicious URLs were found each day during the second half of 2011- an increase of 50% over the first half of the year.

In a research experiment, the Sophos Australia office purchased 50 USB flash drives from a lost property auction. A massive 66% of the drives were infected by malware.