Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Flaws In Aussie Net Filter Exposed

Posted by ScuttleMonkey on from the let-your-government-do-your-thinking-for-you dept.

Faldo writes "There's a three-part interview with a computer security expert on BanThisURL that goes into the flaws in the Aussie net filtering scheme. In addition to SSH tunnels and proxies, more worrying problems like trojaning the boxes to set up man in the middle attacks (which the interviewee has done in his lab), cross site scripting and the Australian blacklist leaking are all discussed. Worrying and relevant, especially since Thailand's blacklist has just been leaked."

31 of 182 comments (clear)

  1. Poor Design by Anonymous Coward · · Score: 5, Insightful

    The concept itself is flawed. Centralized filters will never work, and any filtering system is imperfect. The best we can do is have individuals ascribe a reputation to a particular resource and based on trusting others' ratings we can tailor the firehose to our liking.

    Anything else is just a way for some fearmongers to stay in office and/or make a quick buck.

    1. Re:Poor Design by Hatta · · Score: 4, Insightful

      The concept itself is flawed. Centralized filters will never work

      Anything else is just a way for some fearmongers to stay in office

      Sounds to me like it will work just fine then.

      --
      Give me Classic Slashdot or give me death!
    2. Re:Poor Design by D_Blackthorne · · Score: 3, Insightful
      I disagree; what it mainly will do is give the illusion that Australia's children are being protected from the Big Bad 'Ol Intarwebs -- which is to say that it'll make some busybody politicians look good to their constituency.

      Don't they have anything better to do over there than screw with the internet? Don't they have some crime problems to solve or something?

    3. Re:Poor Design by Starayo · · Score: 3, Insightful

      Exactly - it won't protect children at all, except the very young who shouldn't be using it without supervision anyway. Take any high school student that's been using their school's computers and they'll have a rather better than average knowledge of web-based proxies, which every one of them has been using to get around the DET's blocking of facebook, myspace, various flash games, etc. It's only a small leap from there to using a software-based solution, and I know I'll be distributing a couple of choice ones to the few people I still know in high school. >:3

      Besides, it has an added benefit - if I somehow get caught and charged under whatever law for circumventing the filter, I'm taking someone down with me!

      --
      Ezekiel 23:20
  2. From the article by thewils · · Score: 4, Funny

    I've played with a lot of these boxes and the chances of having no security vulnerabilities at all is extremely low. In our testing we haven't actually found a box that we've been happy with the security of, except for little dedicated and extremely cut down boxes, but nothing of this type.

    Disagree, they could just use a Windows box for this, as long as they keep it up-to-date with patches they'll be fine, right?

    --
    Once I was a four stone apology. Now I am two separate gorillas.
  3. Just like DVD piracy... by hack++slash · · Score: 4, Insightful

    ...it will only serve to piss off those that can't circumvent the firewall (or unskippable anti-piracy adverts in the case of legit DVDs)

    --
    To do something right, you often have to roll up your sleeves and get busy.
  4. It is completely ignorant to think... by NoobHunter · · Score: 5, Insightful

    that things are unhackable.

    "If you code it, it will be hacked!"

    The Titanic was an example of what should be called Cockyisms. (The beliefe that one is better or their product is better than it truly is.) in this case, Unsinkable...and we all know how THAT turned out!

    DVD encryption, DRM and now Net Censorship...the tighter the grip, the faster they will lose control.

    --
    So Jesus, Mohammed and Abraham walk into a Bar....
    1. Re:It is completely ignorant to think... by flyingfsck · · Score: 5, Informative

      There were 3 identical ships built (Titanic, Olympic, Britannic). Only one suffered from bad rivets.

      --
      Excuse me, but please get off my Pennisetum Clandestinum, eh!
    2. Re:It is completely ignorant to think... by computersareevil · · Score: 5, Informative

      The Titanic was an example of what should be called Cockyisms. (The beliefe that one is better or their product is better than it truly is.) in this case, Unsinkable...and we all know how THAT turned out!

      There already is a word: Hubris

    3. Re:It is completely ignorant to think... by Volante3192 · · Score: 5, Insightful

      Also, only one suffered from iceberg collision.

    4. Re:It is completely ignorant to think... by Anonymous Coward · · Score: 5, Funny

      Also, only one suffered from a Celine Dion soundtrack.

    5. Re:It is completely ignorant to think... by Anonymous Coward · · Score: 5, Funny

      We _ALL_ suffered from a Celine Dion soundtrack.

    6. Re:It is completely ignorant to think... by Anonymous Coward · · Score: 5, Funny

      But we all benefited from Kate Winslet's bare boobs.

    7. Re:It is completely ignorant to think... by Paradise+Pete · · Score: 5, Funny

      Actually all three sank roughly the same way.

      For sufficiently small values of actually.

  5. Not really news? by Corpuscavernosa · · Score: 4, Interesting

    An amazing story would be "NO SECURITY FLAWS IN AUSSIE NET FILTER WHATSOEVER". I'm just sayin'. There are flaws in everything.

    --
    We figured out a long time ago that it's easier to elect seven judges than to elect 132 legislators.
    1. Re:Not really news? by D+Ninja · · Score: 5, Funny

      There are flaws in everything.

      Obviously you haven't yet heard of Natalie Portman.

      Otherwise, yeah, you're right.

    2. Re:Not really news? by maxume · · Score: 5, Funny

      You are entirely happy with her decision not to sleep with you?

      --
      Nerd rage is the funniest rage.
    3. Re:Not really news? by genner · · Score: 3, Funny

      There are flaws in everything.

      Obviously you haven't yet heard of Natalie Portman.

      Otherwise, yeah, you're right.

      She lacks stone skin and grits. How can you overlook such obvious flaws.

  6. But What About The Children/Terrorists/Etc. by MightyMartian · · Score: 5, Informative

    The Australian government seems to have gone pretty crazy over this thing, and is taking one of the classic paths when meeting resistance; that is to make the plan even bolder and more sweeping. There seems no recognition of the fact that this won't do a damned thing to prevent the production and distribution of child pornography, but will cause no end of problems for legitimate users. But this government clearly feels it's back is against the wall, and rather than simply taking the more sensible path and admitting that filtering is flawed, and in its own way dangerous, and that any attempt to screw with various P2P and secure protocols is going to real harm to legitimate users, is basically saying "We know better than the ISPs and technical experts."

    Politics tends to attract the insanely vain, but these guys are way out to lunch. I have no idea who their technical advisers are, but either these guys are morons or simply being paid to tell the government what it wants to here.

    But as anyone who has dealt with any kind of Internet security can tell you, it's always a game of catch-up. Whether it's viruses, root kits, DRM, firewalls, and so on, there's always someone willing, for good or ill, to crack systems, and believe me, if they actually go through with this nonsense, the desire to crack the filters, and more dangerous and delerious attempts to bust encryption and P2P is simply going to be met with better innovations to overcome them.

    But it does go to show you that the intellectual tyrannies are not simply the product of political tyrannies, but any government so sure in its own righteousness can play the part of the tyrant, simply by repeating the mantra "it's for their own good".

    The Enlightenment has died in Australia, and it's sad that the people aren't marching on Adelaide demanding the government's resignation and Rudd's forced expulsion. Western Civilization has lost its balls. We've fought world wars, sacrificed our young on countless battlefields, beat back the Communists by even the most questionable means, for what? So some religious nut can make decrees as to what law-abiding citizens of a so-called free country can view on the Internet?

    What a sad, fearful, pathetic lot the West has become.

    --
    The world's burning. Moped Jesus spotted on I50. Details at 11.
    1. Re:But What About The Children/Terrorists/Etc. by dgatwood · · Score: 4, Funny

      Politics tends to attract those who want power, and those who want power are seldom in the best interests of those who are being led. Therefore, an ideal political structure would include a benevolent dictator randomly chosen from the population, who would be deposed if another group of a dozen randomly chosen people decide to throw him/her out. It would then have a mock electoral process to elect fake leaders. The resulting political body's sole purpose for existence would be bringing politicians out of the woodwork and keeping them isolated from polite society.

      I hereby nominate CmdrTaco as the first benevolent dictator. All in favor, say aye!

      --

      Check out my sci-fi/humor trilogy at PatriotsBooks.

    2. Re:But What About The Children/Terrorists/Etc. by Drakkenmensch · · Score: 4, Interesting

      This concept is central to the galactic government in the Hitch Hiker's Guide to the Galaxy where the galactic president is chosen to be a figurehead, a distraction whose sole purpose is to wo wthe media with his moronic antics. This explains why Zaphod Beeblebrox was so succesful in the role. The people really in charge knew well that anyone wanting power was always a menace to the people they sought to represent, so anyone manifestin gthe slightest desire to be president was kept away from real power by any means possible. The true leader of the galaxy was in reality a man who had no idea about anything that happened outside his isolated wood cabin, and whose biggest preoccupation was keeping his cat happy. The whole system worked as good (if not better) than anything else the galaxy had ever seen.

    3. Re:But What About The Children/Terrorists/Etc. by Drakkenmensch · · Score: 3, Informative

      Didn't he order the destruction of Earth?

      No, that was the psychiatrist association because they didn't want the meaning of life to become widespread knowledge and thus relieve people of their bread-winning anguish and angst. So they hired the Vogon constructor fleet to blow it up for them, under the pretense of clearing up the path of a hyperspace bypass.

    4. Re:But What About The Children/Terrorists/Etc. by immortalpob · · Score: 3, Insightful

      So almost exactly like creating a filter to block bit torrent under the pretense of stopping child porn?

    5. Re:But What About The Children/Terrorists/Etc. by BlackCobra43 · · Score: 3, Funny

      To block Bit Torrent, you simply have to try to NOT block Bittorrent..and fail.

      --
      I never spellcheck and I freely admit it. Save your karma for more worthwhile "lol erorrs" replies
  7. Re:Depends on the bechmark by mcgrew · · Score: 3, Insightful

    If stopping 100% of the users from getting indie music is the goal, then it fails. However, if stopping or impeding 50% of indie music perhaps it could be labeled a success? Becaue that's what this is about - stopping the use of a legal and legitimate product to destroy an industry's independant competetion.

    The industry isn't afraid of Fergie being downloaded, it's afraid of The Station being downloaded.

    --
    Free Martian Whores!
  8. why would the list have to "leak"? by Punto · · Score: 4, Insightful

    doesn't the govenment publish the blacklist? this isn't like other countries where they just pretend like there is no filtering going on at all.

    --

    --
    Stay tuned for some shock and awe coming right up after this messages!

    1. Re:why would the list have to "leak"? by Qzukk · · Score: 4, Funny

      doesn't the govenment publish the blacklist?

      I searched for it online but every time I tried to view the list, I got a page that said the site had been blocked.

      --
      If I have been able to see further than others, it is because I bought a pair of binoculars.
  9. ipv6 by Tony+Hoyle · · Score: 4, Interesting

    I bet the filter isn't ipv6 capable... I just can't see the lawmakers being that tech savvy.

    That could be just the boost the protocol needs, in Australia at least.

  10. Re:Depends on the bechmark by MightyMartian · · Score: 4, Insightful

    If a proposal is only going to stop a small proportion, stomps all over civil liberties, could potentially break important protocols, can be circumvented by the technically savvy (which tends to include the very people who the proposal alleges it can stop) and introduces dangerous new security flaws, then I'd say the proposal ought to be rejected.

    Let's be clear here. All this plan may do, at the very best, is catch the technically challenged pedophiles. That's a best case scenario, and basically undermining an entire country's Internet access to catch this group is rather like a sniper sitting on an overpass randomly shooting at cars because some of those cars may be driven by drug dealers. Yes, it's true, some small number of drug dealers may actually be killed, but if that's your idea of policing, then we might as well declare everyone guilty, take away their computers and call it a day.

    The plan is idiotic, it's proponents are at best naive, and international child abuse won't be dented by it.

    --
    The world's burning. Moped Jesus spotted on I50. Details at 11.
  11. Re:Depends on the bechmark by johnsonav · · Score: 4, Insightful

    The industry isn't afraid of Fergie being downloaded, it's afraid of The Station being downloaded.

    They should be. But I don't think the industry, that didn't even see P2P coming, has that much collective intelligence or foresight.

    I think what they're really afraid of is a generation of potential consumers who give no thought to the copyright status or label affiliation of an album, who don't care if their downloads are legal or not. They're afraid of a culture which doesn't even consider paying for music. They're afraid that their role as musical gatekeepers will become obsolete. They're afraid that their product will have to compete with all others on a level playing field. And they should be.

    --
    ... and that's when the C.H.U.D.'s came at me.
  12. Comment removed by account_deleted · · Score: 5, Informative

    Comment removed based on user account deletion