[AusNOG] Telecommunications Sector Security Reforms

Burt Mascareigne Burt at stormnetwork.com.au
Wed Sep 20 08:40:41 EST 2017 

This is actually a good point.

We trust in SSL, etc,  PKI in general.

This has always been an arms race, this latest Apache “OptionsBleed” for example.  Seriously, who would have guessed a .htaccess typo can cause a memory leak showing bits and pieces of memory to anyone.

RE: the restaurant analogy, if the supplier gives you food with maggots in it,  is that now your fault in the Govt’s eye? You sold the dish with maggots, here’s a bill.

Same, Apache has a bug, you got hacked because of it.  You get the fine?  Can we forward that fine to Apache? Is it really their fault?  Let’s not even mention Windows.. in general.  Because you use these products.. are you, “shonky”?

I know it is more nuisance than this, I just found Mark’s comment pertinent.



Regards,


Burt Mascareigne
Mobile 0414 450 962   Office (02) 9965 5422
Address Level 19, 1 O’Connell Street, Sydney NSW 2000
Web http://www.stormnetwork.com.au<http://www.stormnetwork.com.au/>


From: AusNOG [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Mark Smith
Sent: Tuesday, 19 September 2017 6:34 PM
To: Paul Wilkins <paulwilkins369 at gmail.com>
Cc: <ausnog at lists.ausnog.net> <ausnog at lists.ausnog.net>
Subject: Re: [AusNOG] Telecommunications Sector Security Reforms



On 19 Sep. 2017 5:36 pm, "Paul Wilkins" <paulwilkins369 at gmail.com<mailto:paulwilkins369 at gmail.com>> wrote:
"you just have to try your best" goes only as far as the provider's internal network and systems. There's no provision for protection of the data plane or services delivered to third parties.


Yes there is, and most of it is around 20 years old c.f. HTTPS/SSL/TLS/IPsec.




Kind regards
Paul Wilkins

On 19 September 2017 at 17:25, Eric Pinkerton <misterpink at gmail.com<mailto:misterpink at gmail.com>> wrote:
>The State/Taxpayer has never once picked up the bill for a network security incident.

The bill for these things is mostly paid for by the blood sweat and tears of those affected. Anyone who had had their identity stolen for example will tell you just how painful and costly it is.

Regardless the language of this law is pretty woolly, you just have to try your best, and if you get caught doing something shonky you well get asked to stop.

It's not much different to a restaurant with poor hygiene standards getting fined for making people sick IMHO.






Sent from my iPhone

> On 19 Sep 2017, at 5:02 pm, Mark Newton <newton at atdot.dotat.org<mailto:newton at atdot.dotat.org>> wrote:
>
> The State/Taxpayer has never once picked up the bill for a network security incident.


_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net<mailto:AusNOG at lists.ausnog.net>
http://lists.ausnog.net/mailman/listinfo/ausnog

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20170919/ad3c9130/attachment.html>

More information about the AusNOG mailing list