[AusNOG] Stay Smart, is not so Smart

Damien Luke damien.luke at gmail.com
Mon Jul 9 11:33:33 EST 2012


There are reports that the vendor involved is AusCERT as well which makes
my head hurt.

http://www.zdnet.com/oz-govt-loses-stay-smart-online-user-details-via-australia-post-7000000398/

Damien

On Mon, Jul 9, 2012 at 11:24 AM, Jared Hirst <
jared.hirst at serversaustralia.com.au> wrote:

> Why would they send such data via Australia post???
> On Jul 6, 2012 6:07 PM, "Noel Butler" <noel.butler at ausics.net> wrote:
>
>> **
>> Some miscreant spammer might think they've won the lotto if they get
>> this....
>>
>>
>>
>> 6 July 2012
>>
>>
>> Notification of Subscriber Data Loss
>>
>> Dear Subscriber
>>
>> We are writing to notify you that the Department has been advised by a
>> former external contractor that a DVD which included information provided
>> by Stay Smart Online Alert Service subscribers was lost in Australia Posts’
>> system, after being posted on 11 April 2012.
>>
>> The external contractor provided the Alert Service on behalf of the
>> Department of Broadband, Communications and the Digital Economy (‘the
>> Department’) from 2008 until 29 April 2012, when its contract with the
>> Department expired.  As you may be aware, the Stay Smart Online Alert
>> Service is currently being re-developed by the Department in collaboration
>> with two new contractors.
>>
>> As part of the expiry of contract handover process, the original
>> contractor advised that it copied its SSO Alert Service subscriber database
>> onto a DVD and, on 11 April 2012, posted this DVD to the Department using
>> Australia Post’s express post service. Unfortunately, this DVD was never
>> received by the Department. The original contractor has informed the
>> Department that information on the missing DVD included subscribers’:
>> usernames; email addresses; memorable phrases; and passwords which are
>> unreadable (as cryptographic hash).
>>
>> The Department has no reason to believe that this information has been
>> found and misused by any third party and we do not believe that there is a
>> privacy risk.  We are informing subscribers consistent with a ‘best
>> practice’ approach for privacy matters.
>>
>> However, if you have used the same username, memorable phrase and/or
>> password for other websites or services you may wish to consider whether
>> these need to be changed.
>>
>> For information on password security and other tips and advice on how to
>> be safe and secure online, visit Stay Smart Online website (
>> www.staysmartonline.gov.au).
>>
>> Regards
>>
>> Stay Smart Online Team
>>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20120709/f8c690ae/attachment.html>


More information about the AusNOG mailing list