[AusNOG] Hacked site reports boy to police | theage.com.au

Geordie Guy elomis at gmail.com
Thu Jan 9 09:45:46 EST 2014


Law enforcement is entirely caught up with Australian community acceptable
standards.  E grade website and network operators produce website which are
subject to SQL injection attacks that literally a 15 year old can pull off,
and in embarrassment they sick the police on any 15 year olds who think
they are helping.  While this goes on, network operators hand over
information required to mount the case against him without scrutinizing a
warrant.

If we want actual Australian community standards applied to the networks
and systems of this country, the NOGgers and the SAGE-AUers need to turn
around and say "No, I will not comply with an S313 request for metadata
unless you provide a warrant." and "It is unethical of you as the web team
to require me to package up information about us getting pwned so you can
provide it to the APF to investigate the online equivalent of us leaving
every window and door open with neon signs saying "credit card details in
here"".

Our community standards aren't some aspirational idea from a handful of
network operators about how things should work, they are the result of how
they do work, as a result of how we behave.  This guy is going to get
rolled and people like us are going to help.

We can stop it if we want, but it involves a combination of standing by the
quality of our work and pushing back on requests for assistance in
victimising people that make us look bad.


On Thu, Jan 9, 2014 at 6:01 AM, thelionroars <thelionroars1337 at gmail.com>wrote:

>
> On 8 January 2014 23:30, Patrick Webster <patrick at aushack.com> wrote:
>
>> It is time law enforcement caught up with the Australian community
>> acceptable standards.
>>
>
> Agreed. Actually, maybe the Federal Government should be looking at
> legislating to ensure protection of people who try to inform organisations
> of these vulnerabilities. They should consider legislating mandatory
> disclosure of information security breaches while they are it.
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140109/cf3eb181/attachment.html>


More information about the AusNOG mailing list