[AusNOG] census issues tonight

Matt Perkins matt at spectrum.com.au
Wed Aug 10 12:08:00 EST 2016 

First rule of politics when you find yourself in a hole. Stop digging.

Matt


  On 10/08/2016 12:01 PM, Nathanael Bettridge wrote:
>
> While we wait:
>
> https://istheabscensusonlineyet.com/
>
> *From:*AusNOG [mailto:ausnog-bounces at lists.ausnog.net] *On Behalf Of 
> *Daniel
> *Sent:* Wednesday, 10 August 2016 11:34 AM
> *To:* ausnog at lists.ausnog.net
> *Subject:* Re: [AusNOG] census issues tonight
>
> The relevant minister (Michael McCormack) has released a statement 
> blaming DDoS in combination with a router hardware failure:
>
> “There was a large scale denial of service attempt to the census 
> website and online form. A denial of service is an attempt to block 
> people from accessing a website. Following, and because of this, there 
> was a hardware failure,” he said.
>
> “A router became overloaded. After this, what is known as a false 
> positive occurred. This is essentially a false alarm in some of the 
> system monitoring information. As a result the ABS employed a cautious 
> strategy which was to shut down the online census form to ensure the 
> integrity of the data already submitted was protected.
>
> “I will be clear from the outset, this was not an attack. Nor was it a 
> hack but rather, it was an attempt to frustrate the collection of 
> bureau of statistics census data. ABS census security was not 
> compromised. I repeat, not compromised and no data was lost.”
>
> http://www.theaustralian.com.au/national-affairs/census-2016-website-crashes-under-weight-of-demand/news-story/1febee892e1ab043c0e7682c7a3485a4
>
> (paywalled)
>
> *From:*AusNOG [mailto:ausnog-bounces at lists.ausnog.net] *On Behalf Of 
> *Andy Taylor
> *Sent:* Wednesday, 10 August 2016 10:57 AM
> *To:* 'Nathanael Bettridge' <nathanael at prodigy.com.au 
> <mailto:nathanael at prodigy.com.au>>; 'Robert Hudson' <hudrob at gmail.com 
> <mailto:hudrob at gmail.com>>; 'Michael Keating' <mkeating44 at gmail.com 
> <mailto:mkeating44 at gmail.com>>
> *Cc:* ausnog at lists.ausnog.net <mailto:ausnog at lists.ausnog.net>
> *Subject:* Re: [AusNOG] census issues tonight
>
> I noticed last night before the system crashed completely the 
> following error:
>
>
> “status -1 code 101”
>
> I don’t know much about .jsp, but it appears that this was an issue 
> with the header?
>
> Is it possible that this was a layer 7 attack that was being implemented?
>
> A*status code*of*101*indicates that the server is changing to the 
> protocol it defines in the "Upgrade" header it returns to the client. 
> For example, when requesting a page, a browser might receive a 
> statis*code*of*101*, followed by an "Upgrade" header showing that the 
> server is changing to a different version of HTTP.
>
> Andy Taylor
>
> *Technical Director*
>
> 0424 656 973
>
> ca_logo
>
> www.coastalaudio.com.au <http://www.coastalaudio.com.au/>
>
> *From:*AusNOG [mailto:ausnog-bounces at lists.ausnog.net] *On Behalf Of 
> *Nathanael Bettridge
> *Sent:* Wednesday, 10 August 2016 10:53 AM
> *To:* 'Robert Hudson' <hudrob at gmail.com <mailto:hudrob at gmail.com>>; 
> 'Michael Keating' <mkeating44 at gmail.com <mailto:mkeating44 at gmail.com>>
> *Cc:* 'ausnog at lists.ausnog.net' <ausnog at lists.ausnog.net 
> <mailto:ausnog at lists.ausnog.net>>
> *Subject:* Re: [AusNOG] census issues tonight
>
> The validity of the data is suspect. Users in bad moods submitting 
> info that would otherwise be trustworthy, partially completed surveys, 
> I’m sure thousands of households that will now fall through the gaps, 
> the spreading out of census data over a much longer than normal time 
> frame – as a statistical snapshot the Census is effectively ruined.
>
> *From:*AusNOG [mailto:ausnog-bounces at lists.ausnog.net] *On Behalf Of 
> *Robert Hudson
> *Sent:* Wednesday, 10 August 2016 10:44 AM
> *To:* Michael Keating <mkeating44 at gmail.com <mailto:mkeating44 at gmail.com>>
> *Cc:* ausnog at lists.ausnog.net <mailto:ausnog at lists.ausnog.net>
> *Subject:* Re: [AusNOG] census issues tonight
>
> Why is it safe to say that the stored data is OK? What evidence do we 
> have to support that belief?
>
> On 10 Aug 2016 9:52 AM, "Michael Keating" <mkeating44 at gmail.com 
> <mailto:mkeating44 at gmail.com>> wrote:
>
>     I think the point being made, was that the distrust of the Census
>     has been increased with the failure of the website, and the
>     mainstream media taking the 'hacking' angle. It's safe to say the
>     stored data is ok, but there are millions more submissions to go.
>     If people think it was 'hacked', they won't give a truthful answer
>     for fear of their information being stolen (which we know, it
>     won't). More of a general observation than a technical observation
>     (which I do agree with).
>
>     On Wed, Aug 10, 2016 at 9:26 AM, Mark Andrews <marka at isc.org
>     <mailto:marka at isc.org>> wrote:
>
>
>         In message
>         <c7617127-36a9-f5dc-894e-727a6700e016 at spectrum.com.au
>         <mailto:c7617127-36a9-f5dc-894e-727a6700e016 at spectrum.com.au>>,
>         Matt Perkins writes:
>         > If you ask me the dataset is now terminally compromised. This is
>         > essentially market research and peoples ability to answer
>         that sort of
>         > stuff truthfully goes to how much the person doing the
>         servery is
>         > trusted. With the ABS spouting stuff like Attack from
>         overseas, people
>         > are very unlikely to tell the truth on this census.
>         >
>         > Fellas you blew it.  Cancel the census reschedule for next
>         year and send
>         > out paper form's Your collective uselessness just put us
>         back 5 years.
>         >
>         > Matt
>
>         A DoS attack does not make the dataset compromised.
>
>         Having too small key space does.  1/100000 is not a big space for
>         computers to search through.  It's only ~20 bits of security.  A
>         extra 4 digits would have raised it to ~30 bits.  A extra 8 digits
>         would have raised it to ~43 bits.  Entering 5 x 4 digit sequences
>         is not hard.  We do 4 x 4 + 3 for every visa / mastercard
>         transaction
>         we do online today.
>
>         Mark
>         --
>         Mark Andrews, ISC
>         1 Seymour St., Dundas Valley, NSW 2117, Australia
>         PHONE: +61 2 9871 4742 <tel:%2B61%202%209871%204742>      
>          INTERNET: marka at isc.org <mailto:marka at isc.org>
>
>         _______________________________________________
>         AusNOG mailing list
>         AusNOG at lists.ausnog.net <mailto:AusNOG at lists.ausnog.net>
>         http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
>     _______________________________________________
>     AusNOG mailing list
>     AusNOG at lists.ausnog.net <mailto:AusNOG at lists.ausnog.net>
>     http://lists.ausnog.net/mailman/listinfo/ausnog
>
> ------------------------------------------------------------------------
>
> *Total Control Panel*
>
> 	
>
> Login <https://antispam.avgcloud.net/login?domain=prodigy.com.au>
>
> To: nathanael at prodigy.com.au 
> <https://antispam.avgcloud.net/address-properties?aID=1106235830&domain=prodigy.com.au>
>
> From: ausnog-bounces at lists.ausnog.net 
> <mailto:ausnog-bounces at lists.ausnog.net>
>
> 	
>
> Remove 
> <https://antispam.avgcloud.net/FooterAction?ver=3&un-wl-sender-domain=1&hID=1359707166&domain=prodigy.com.au> 
> lists.ausnog.net from my allow list
>
> /You received this message because the domain lists.ausnog.net is on 
> your allow list./
>
> ------------------------------------------------------------------------
>
> *Total Control Panel*
>
> 	
>
> Login <https://antispam.avgcloud.net/login?domain=prodigy.com.au>
>
> To: nathanael at prodigy.com.au 
> <https://antispam.avgcloud.net/address-properties?aID=1106235830&domain=prodigy.com.au>
>
> From: ausnog-bounces at lists.ausnog.net 
> <mailto:ausnog-bounces at lists.ausnog.net>
>
> 	
>
> Remove 
> <https://antispam.avgcloud.net/FooterAction?ver=3&un-wl-sender-domain=1&hID=1359731776&domain=prodigy.com.au> 
> lists.ausnog.net from my allow list
>
> /You received this message because the domain lists.ausnog.net is on 
> your allow list./
>
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog


-- 
/* Matt Perkins
         Direct 1300 137 379        Spectrum Networks Ptd. Ltd.
         Office 1300 133 299        matt at spectrum.com.au
                                    Level 6, 350 George Street Sydney 2000
         Spectrum Networks is a member of the Communications Alliance & TIO
*/

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20160810/be82178f/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 16869 bytes
Desc: not available
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20160810/be82178f/attachment.png>

More information about the AusNOG mailing list