[AusNOG] census issues tonight

Matt Perkins matt at spectrum.com.au
Wed Aug 10 10:07:11 EST 2016


This is my point exactly. If you Andy someone that has IT knowledge puts 
invalid information even before the press come out and say it's all been 
hacked. Even before there were no problems. What hope do the rest of the 
public have of putting good information.

The data set is broken.  Start again.

Matt



On 10/08/2016 9:38 AM, Andy Taylor wrote:
> So what we are seeing here is a Census that reassures us that our data is
> "safe"...
> Yet doesn't take adequate steps to properly encrypt it, or protect the
> network...
> Incidentally, I used "not" and "applicable" for name and surname and a
> number for age (without DOB) on my online submission...
> It was lodged at about 1830 with no issues at all - before the network and
> servers become busy after dinner...
> Given that the IT industry is becoming more security-centric every day, why
> was this so poorly mitigated?
> Does anyone know whether a PenTest was actually commissioned, or whether it
> was just load balancing?
> Was a proper black box test commissioned in conjunction with the load
> balancing...?
>
> I have a sneaking suspicion that it was just poor infrastructure planning as
> this map DDoS map from last night shows...
> https://twitter.com/GordyPls/status/763145953415090176/photo/1
> http://www.gizmodo.com.au/2016/08/the-australian-census-website-didnt-just-c
> rash-it-was-hacked/
>
> Matt and Mark have both hit the nail on the head...
>
> Andy Taylor
> Technical Director
>
> 0424 656 973
>
>
>
> www.coastalaudio.com.au
>
>
>
> -----Original Message-----
> From: AusNOG [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Mark
> Andrews
> Sent: Wednesday, 10 August 2016 9:26 AM
> To: Matt Perkins <matt at spectrum.com.au>
> Cc: ausnog at lists.ausnog.net
> Subject: Re: [AusNOG] census issues tonight
>
>
> In message <c7617127-36a9-f5dc-894e-727a6700e016 at spectrum.com.au>, Matt
> Perkins writes:
>> If you ask me the dataset is now terminally compromised. This is
>> essentially market research and peoples ability to answer that sort of
>> stuff truthfully goes to how much the person doing the servery is
>> trusted. With the ABS spouting stuff like Attack from overseas, people
>> are very unlikely to tell the truth on this census.
>>
>> Fellas you blew it.  Cancel the census reschedule for next year and
>> send out paper form's Your collective uselessness just put us back 5
> years.
>> Matt
> A DoS attack does not make the dataset compromised.
>
> Having too small key space does.  1/100000 is not a big space for computers
> to search through.  It's only ~20 bits of security.  A extra 4 digits would
> have raised it to ~30 bits.  A extra 8 digits would have raised it to ~43
> bits.  Entering 5 x 4 digit sequences is not hard.  We do 4 x 4 + 3 for
> every visa / mastercard transaction we do online today.
>
> Mark
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
> -----
> No virus found in this message.
> Checked by AVG - www.avg.com
> Version: 2016.0.7690 / Virus Database: 4633/12782 - Release Date: 08/09/16


-- 
/* Matt Perkins
         Direct 1300 137 379        Spectrum Networks Ptd. Ltd.
         Office 1300 133 299        matt at spectrum.com.au
                                    Level 6, 350 George Street Sydney 2000
         Spectrum Networks is a member of the Communications Alliance & TIO
*/



More information about the AusNOG mailing list