Aussie PM Office Calls For Government Ban On Gmail, Hotmail

← Back to Stories (view on slashdot.org)

Aussie PM Office Calls For Government Ban On Gmail, Hotmail

Posted by samzenpus on Wednesday March 23, 2011 @07:39PM from the no-gmail-for-you dept.

aesoteric writes "The Australian National Audit Office has called on all Australian government agencies to block free web-based email services like Gmail and Hotmail to mitigate security and information integrity risks. The auditor noted that such public email services 'should be blocked on agency IT systems, as these can provide an easily accessible point of entry for an external attack and subject the agency to the potential for intended or unintended information disclosure.' Not surprisingly, the move is seen by some as an attempt to prevent a WikiLeaks-style disclosure from occurring."

178 comments

Min score:

Reason:

Sort:

Why not just block attachments? by LetterRip · 2011-03-23 19:42 · Score: 1

Why not just block uploading/download attachments from those services. That seems like it would solve the problem for the most part, even if you could hand type or copy/paste sensitive informtiation the time to do so would be prohibative.
1. Re:Why not just block attachments? by Anonymous Coward · 2011-03-23 19:45 · Score: 0
  
  Because its easier to implement a DNS block on gmail.com etc than it is to block a specific function within a web service that you don't control and that could change at any time.
2. Re:Why not just block attachments? by bernywork · 2011-03-23 19:57 · Score: 2
  
  Once this session is in HTTPS how do you determine what's a POST for someone sending text and someone sending data?
  The only way to do it would be in the browser and not anywhere in the rest of the network. Simply from a management perspective, this just isn't possible.
  
  --
  Curiosity was framed; ignorance killed the cat. -- Author unknown
3. Re:Why not just block attachments? by rtfa-troll · 2011-03-23 20:00 · Score: 1
  
  Is it? I think that people know how to do forwarding etc. etc.
  It seems to me that it's actually easier to block all executable content (flash / javascript etc) and then block file upload/download to / from the browser than it would be to find every possible https based mail service (including my own secret one; which is used only by me personally and even that almost never) which is what you would have to do in order for this to make sense.
  
  --
  =~ s,(.*),<sarcasm>$1</sarcasm>,g if any_point_you_wish();
4. Re:Why not just block attachments? by c0lo · 2011-03-23 20:01 · Score: 2
  
  Attachments? Gmail uploads them by HTTP. GMail lets you use HTTPS to access GMail.
  Good luck detecting what is an attachment and when you just "copy/pasted sensitive information in the very body of the email".
  Even when blocking gmail/yahoo, still not addressing leakers using :
  a. a HTTP proxy (e.g. to access gmail).
  b. a private mailserver
  c. a combination of the above (one can arrange for tunneling through HTTP a totally different protocol).
  
  --
  Questions raise, answers kill. Raise questions to stay alive.
5. Re:Why not just block attachments? by deniable · 2011-03-23 20:05 · Score: 1
  
  Easier to just implement the evil bit.
6. Re:Why not just block attachments? by deniable · 2011-03-23 20:10 · Score: 1
  
  That's assuming a browser, a connection and sensitive information on the same machine. If so, you've already lost. This idea is probably to stop the leaks of things that aren't secret but are embarrassing.
7. Re:Why not just block attachments? by mirix · 2011-03-23 20:20 · Score: 1
  
  Gmail forces HTTPS these days. Maybe there is an option to turn it off, but it is default. (it used to be the other way around, not too long ago).
  
  --
  Sent from my PDP-11
8. Re:Why not just block attachments? by shentino · 2011-03-23 20:26 · Score: 0
  
  Considering there's considerable debate on the morality of exposing government corruption the evil bit would probably have an undefined value in this case.
9. Re:Why not just block attachments? by upuv · 2011-03-23 20:42 · Score: 4, Informative
  
  It is 100% possible and it is done ever day.
  The proxy terminates the https request and then creates a new https request going out. So yes you can tell if there is POST event. You can tell if it is a file. You may not be able to read the file as it may have separate encryption.
10. Re:Why not just block attachments? by Dan541 · 2011-03-23 20:53 · Score: 1
  
  I would think this is also to stop people from using their personal email accounts on the taxpayers time.
  
  --
  An SQL query goes to a bar, walks up to a table and asks, "Mind if I join you?"
11. Re:Why not just block attachments? by Nursie · 2011-03-23 21:13 · Score: 1
  
  This relies on the browser trusting the proxy of course, and the proxy being able to fake being any/all websites.
  What sorts of systems can do this at the moment?
  I'm interested, because I can see it's possible to build it into an HTTP or HTTPS proxy, but there would be quite a lot of certificate futzing needed to get it working properly.
12. Re:Why not just block attachments? by icebraining · 2011-03-23 21:28 · Score: 1
  
  So people shouldn't have breaks? I thought you wanted productive employees.
  
  --
  Dilbert RSS feed
13. Re:Why not just block attachments? by CastrTroy · 2011-03-23 21:49 · Score: 1
  
  That's what I thought. There's no reason you couldn't just send the information out on another email service. Or set up a dropbox account, and post the files to that. There's a million different ways to get the data out there. Like you said, once you have confidential documents, a browser, and an internet connection, all bets are off. Unless you are running with a small white-list of sites, and you are really sure of what is on those web sites.
  
  --
  
  Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
14. Re:Why not just block attachments? by bernywork · 2011-03-23 22:01 · Score: 1
  
  OK, fair point.
  I've seen that technology being used as an anti-virus filter, but never seen it to be able to intercept specific streams. Especially pulling everything apart at the application level....
  
  --
  Curiosity was framed; ignorance killed the cat. -- Author unknown
15. Re:Why not just block attachments? by rtb61 · 2011-03-23 22:06 · Score: 2
  
  More accurately the whole concept is that all email leaving or entering government departments adhere to similar principles of snail mail. That it adhere to the standards set forth by each department, with regards to record keeping and content.
  Bit of a miss of private email but then that is the quirk of employer supplied email versus employer supplied snail mail. With snail mail, you wrote in on company time, pilfered a stamp but you used non letter head paper and a blank envelope, nobody really cared didn't cost that much and kept worker morale up and it was clearly non-company correspondence.
  Catch with email is it is very difficult to separate non company email from company email using the company servers and in government because of communications audit responsibilities just using web-based services is not quite enough separation.
  Of course with smart phones and netbooks, there really is no excuse not to use your own stuff and keep your privacy unless of course you are banned from carrying those items into the work place. Then of course companies might have to consider setting themselves up as ISPs to achieve legal separation from the communications they allow their workers as part of the salary package.
  
  --
  Chaos - everything, everywhere, everywhen
16. Re:Why not just block attachments? by Confusador · 2011-03-23 22:14 · Score: 1
  
  I can't completely answer the question, but it's worth noting that the system only works because the same entity has control of both the proxy and the client browser; they can set up their own internal CA if need be. And since the proxy is redirecting everything, trying to bypass it (e.g. running a browser of a usb drive) just means you can't get to anything over ssl.
17. Re:Why not just block attachments? by mwvdlee · 2011-03-23 22:18 · Score: 1
  
  d. a USB stick
  e. a printout
  
  --
  Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
18. Re:Why not just block attachments? by Anonymous Coward · 2011-03-23 22:52 · Score: 0
  
  I don't think think that's the main reason (and I say this as someone that, although not employed by the Australian Government themselves, spends most of their time consulting to them and working on-site with them). No ulterior motives here, they just want to eliminate a couple of potential attack/leak vectors.
  Won't stop employees checking their personal email accounts at all - they'll just do it on their phones/iPads at lunchtime instead. Hell most of them already do this.
  Incidentally, I should point out that webmail services are already blocked inside many Australian Govt. departments. Definitely blocked at Centrelink, Medicare, DVA and several others I've worked with. The system used blocks most webmail sites, including any MS Outlook Web access (which is annoying when you are working for an external company there and you can't check your corporate mailbox any other way!)
19. Re:Why not just block attachments? by Pieroxy · 2011-03-23 22:52 · Score: 1
  
  IIRC, the POST keyword in the http request is encrypted as well. EVERYTHING is encrypted. How can you tell if it's a file? I mean, everything is a stream of bits. Encrypted in https how can you tell the difference?
  
  --
  Write boring code, not shiny code!
20. Re:Why not just block attachments? by Dan541 · 2011-03-23 22:56 · Score: 1
  
  Nice strawman. I never said anything about denying people breaks.
  
  --
  An SQL query goes to a bar, walks up to a table and asks, "Mind if I join you?"
21. Re:Why not just block attachments? by dwarfsoft · 2011-03-23 23:09 · Score: 3, Interesting
  
  Personally I think the first thing that they should do prior to disabling gmail or hotmail is disable USB keys from working on the computers in the network... I'm surprised at how many places haven't locked this down... What's the point of locking down the services if they can just copy whatever information and then email it from home?
  Or maybe they should look closer at how they are operating first and try to mitigate the risk by running a clean house and educating staff of the finer points of netiquette "no Jill, we do not open executable attachments from outside, even if you think it might have been from Jack". Better still, disable users from running untrusted executables! So many things they could start with, why bother with webmail?
  
  --
  Cheers, Chris
22. Re:Why not just block attachments? by upuv · 2011-03-23 23:38 · Score: 1
  
  You got it in 1. :)
  A large enterprise like the government can most definitely have this level of control over the proxy, internal CA and client standard operating environment.
  This is actually rather trivial to setup. I can assure you it is used in practice.
  Oh you can use your own browser. You just have to add the CA cert and make sure you use the proxy.pac file that a standard install would use. Some of the weirdo auth mechanism that some enterprises use can get in the way however.
23. Re:Why not just block attachments? by icebraining · 2011-03-23 23:39 · Score: 1
  
  So people should have breaks, but be blocked from using personal email accounts during them, why?
  
  --
  Dilbert RSS feed
24. Re:Why not just block attachments? by asdf7890 · 2011-03-23 23:47 · Score: 1
  
  It is certainly done in certain companies. I'll not mention the company name (though it is no secret really) but I have a friend who works for a defence contractor who work on MoD projects, and they do this to monitor outgoing HTTPS connections. No machine that touches their network does so without running one of their locked-down OS builds, and all their builds include the certificate for their internal CA in the trusted list for the OS and any extra browsers. Once your CA cert is trusted by all your client browsers, automating the generation of "valid" certificates is not difficult. To reduce the speed impact of this their proxy maintains a cache of certificates rather than generating new ones for each request. No doubt other businesses in that and other sensitive arenas do the same thing.
25. Re:Why not just block attachments? by poetmatt · 2011-03-24 00:11 · Score: 1
  
  no, please let this be. This cracks me up. This is like closing a pinhole leak in a door but leaving the door open. The site suggests filtering of inbound and outbound emails, even though anyone leaking things who knows what they are doing will get around that incredibly easy.
  Steganography, easily done without using steganography. Rename a file to a different file type, and send it to someone. Done.
26. Re:Why not just block attachments? by Dan541 · 2011-03-24 00:12 · Score: 1
  
  No they shouldn't at all be blocked from using their own email. I send and receive emails all the time when on break, however I use my own equipment for that.
  Why should your employer allow you to use their system for anything other than the work they pay you for?
  
  --
  An SQL query goes to a bar, walks up to a table and asks, "Mind if I join you?"
27. Re:Why not just block attachments? by tehcyder · 2011-03-24 00:26 · Score: 1
  
  Why should your employer allow you to use their system for anything other than the work they pay you for?
  Because they are paying you to be in the office, not renting your fucking brain and soul for every second you're there.
  
  --
  To have a right to do a thing is not at all the same as to be right in doing it
28. Re:Why not just block attachments? by Anonymous Coward · 2011-03-24 00:32 · Score: 0
  
  I would think this is also to stop people from using their personal email accounts on the taxpayers time.
  Yeah they can read the paper, daydream or gossip at the water cooler instead. Good thinking.
  People like you are part of the problem.
29. Re:Why not just block attachments? by Dan541 · 2011-03-24 00:35 · Score: 1
  
  No they are paying you to do a job. What they are not paying you for is to use their equipment for your own personal activities. If you want to check personal email do it from your own system or not at all. Next you'll be wanting to borrow a company vehicle to help you move house.
  
  --
  An SQL query goes to a bar, walks up to a table and asks, "Mind if I join you?"
30. Re:Why not just block attachments? by Anonymous Coward · 2011-03-24 00:48 · Score: 0
  
  How about the old-fashioned way of uuencoding binary data and sending it as plain text? The header can be placed elsewhere in the message for good measure. Then it's not officially an "attachment" but still can be reconstructed into files.
31. Re:Why not just block attachments? by sorak · 2011-03-24 01:01 · Score: 4, Insightful
  
  This is why nerds will never rule the world. We see an article about Governments blocking mail services with the intention of silencing would-be whistle-blowers, and the first thread is about "wouldn't this be a better way to accomplish that?" :)
32. Re:Why not just block attachments? by BitZtream · 2011-03-24 01:20 · Score: 1
  
  Any Windows machine on a domain can be tricked instantly.
  Windows on a domain with enterprise certificate services installed trusts the domain certificate authority by default. The admins can then issue certs from that authority for any domain they like, which will be fully validated to anything using the Windows certificate store ... meaning Internet Explorer by default, firefox doesn't, which is freaking annoying and I don't remember what chrome does. Either way, you just simply only allow IE to be used/installed and that problem is solved as well.
  I do it all the time internally for testing purposes actually, though we don't force the use of a proxy and we don't hide the fact that our proxy does this from our users, but if they use hotmail, gmail or yahoo (and a handful of other sites) via our proxy I can easily view their traffic.
  It takes longer to run openssl to generate the certificate than it does for me to make windows accept it as valid because the machines are in a domain which is EXPLICITLY trusted above all else.
  Theres a reason people like the built in management support in Microsoft products.
  
  --
  Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
33. Re:Why not just block attachments? by Anonymous Coward · 2011-03-24 01:20 · Score: 0
  
  Terminate the SSL tunnel at the proxy, inspect to your little heart's content, and re-encrypt with an internal cert that's pushed out to desktops.
34. Re:Why not just block attachments? by hesaigo999ca · 2011-03-24 01:22 · Score: 1
  
  Exactly, shows how little the PM knows about computers and what he is suggesting is going to affect such a broad spectrum of things, although here at work, we block gmail and hotmail, but this is only to avoid too much time spent on those sites, not for blocking uploading and downloading, as we still need to be able to do that for our daily activities.
35. Re:Why not just block attachments? by BitZtream · 2011-03-24 01:25 · Score: 1
  
  Physical theft scares most people more than electronic since you can easily be caught holding the evidence. A USB stick is relatively easy to conceal ... unless they do searches in and out.
  A print out? Anything of a size to be worth while is going to be big enough to be obvious that you're taking it out of the building.
  In the end however, its mostly the mental component that makes people do an electronic transfer rather than sneaker net. Since they can't see the data flowing out, they have less fear of doing so compared to carrying out a ream of paper. They don't realize how its in fact easier to catch them electronically than physically.
  All of this happens in low security places though, any high security location isn't going to let you take ANYTHING in or out that they haven't seen/inspected.
  
  --
  Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
36. Re:Why not just block attachments? by BitZtream · 2011-03-24 01:27 · Score: 1
  
  I don't know what software you use for virus scanning and such, but nothing they would use to filter files is going to give a flying fuck what the extension is. Content scanners realized in the 90s that file extensions don't mean jack shit.
  
  --
  Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
37. Re:Why not just block attachments? by Tanktalus · 2011-03-24 01:37 · Score: 1
  
  Well, yes and no. One of the first steps in figuring out a fool-proof way to work around damage is to figure out what the damage is, or might be.
  Gmail over Tor might work... assuming you can find any Tor peers that aren't yet blocked.
38. Re:Why not just block attachments? by jon3k · 2011-03-24 02:05 · Score: 1
  
  That's called SSL termination, and as far as I know is only done for reverse proxies, not forward proxies. If you're aware of a forward web proxy with this feature I would definitely be interested. I don't believe our current vendor (WebSense) does this, at least on the version we have in place (7.1).
39. Re:Why not just block attachments? by jon3k · 2011-03-24 02:07 · Score: 1
  
  If the web proxy terminates the tunnel, decrypts the traffic, looks at it, and then recreates a new https connection to the actual destination. That's the argument anyway. As I posted above, I don't know of any forward proxies doing SSL termination, but technically I think it would be possible, so I wouldn't be surprised if there was web proxy software that did it.
40. Re:Why not just block attachments? by jon3k · 2011-03-24 02:10 · Score: 1
  
  Depends on the environment, but both of those can be stopped relatively easy assuming you have control over the endpoint. Something as simple as the Microsoft Group Policy to disable USB mass storage devices and not having any printers, or restricting access to the printer network/VLAN from systems that contain sensitive information.
41. Re:Why not just block attachments? by Anonymous Coward · 2011-03-24 02:13 · Score: 0
  
  This doesn't make sense. How can the proxy read the encrypted HTTPS traffic? The only thing the proxy knows when you initiate the request is the server you are trying to contact; it doesn't have anything else in the HTTP request (like the line that says whether it's a POST or GET) because that is only sent once you initiate the SSL handshaking and are sending everything encrypted.
  Am I missing something?
42. Re:Why not just block attachments? by Raul+Acevedo · 2011-03-24 02:26 · Score: 1
  
  Interesting. So this turns their proxy into a Man-In-The-Middle-Attack by faking the SSL certificate of the server you are trying to connect?
  
  --
  In a real emergency, we would have all fled in terror, and you would not have been notified.
43. Re:Why not just block attachments? by Raul+Acevedo · 2011-03-24 02:39 · Score: 1
  
  How does it decrypt the traffic? It can't; only the parties in the SSL handshaking can do that, and that is the user's browser and the end server with its certificate.
  Other posts on this thread detail how this is possible: You work for company X and go to https://bank.com./ Company X creates a Certificate Authority SSL certificate and installs it on all browsers. When you go to https://bank.com/ the proxy intercepts and pretends to be bank.com by generating a new server certificate for bank.com and talking to your browser as if it were bank.com. Since your browser trusts Company X's CA cert, it also trusts the fake cert created by the CA cert.
  This is only possible if you are forced to use a browser with that CA cert installed, and the company has a proxy or other software/hardware that can essentially do a Man In The Middle attack.
  
  --
  In a real emergency, we would have all fled in terror, and you would not have been notified.
44. Re:Why not just block attachments? by asdf7890 · 2011-03-24 03:11 · Score: 1
  
  Exactly. Though it isn't really a MitM "attack" in their case as the behaviour of the proxy is well publicised internally so all staff should know about it.
  
  This is why self-signed certificates should not be used outside a testing/development environment: anyone who hacks into a proxy at your ISP, anyone running a public internet access service, or anyone on the same wireless network who manages an arp-spoofing attack in order to setup a transparent proxy, or anyone who manages a DNS poisoning attack, can masquerade as your service as anyone can sign a "self signed" certificate for any domain and there would be no way of telling the difference if they were careful. With a certificate signed with a proper trust chain that leads back to a CA cert your browser trusts you are protected from this, as long as you trust your browser/OS's list of trusted CA certs.
45. Re:Why not just block attachments? by Anonymous Coward · 2011-03-24 03:27 · Score: 0
  
  How does this work?
  Couldn't an advisory set up a proxy, and as long as the CA requests route through their servers, spoof the CA? Even if initial cert requests are encrypted, couldn't a government backed ISP simply force the CA to give them their keys? What prevents SSL from being prone to government surveillance?
46. Re:Why not just block attachments? by poetmatt · 2011-03-24 03:37 · Score: 1
  
  bahahahahaha seriously? Go look around.
  You know what content scanners depend on? Knowing the type of content. You don't even need an extension to mask that.
47. Re:Why not just block attachments? by Pieroxy · 2011-03-24 03:43 · Score: 1
  
  Ah yes, you need the proxy cert in all your browsers. Short of that, it can't work.
  
  --
  Write boring code, not shiny code!
48. Re:Why not just block attachments? by fuzznutz · 2011-03-24 04:02 · Score: 1
  
  I certainly hope you are not in management. Strict authoritarian for no good reason rule tends to alienate your employees. And let's be honest, preventing employees from checking their email is a dick move. Instead of going the extra mile for you, they will be thinking, "How long until I can quit this job?" I check personal email from work. In fact, I have all my accounts forward to a single account. I also bring in my own personal equipment to do my job at times. I have a large piece in there right now. If my employer wanted to be a dick about things, I would have them purchase their own. But since they are reasonable, I am only too happy to lend my things, saving them money.
49. Re:Why not just block attachments? by mariushm · 2011-03-24 04:22 · Score: 1
  
  Surely, it will work because it's impossible for someone to encode stuff in Base64 or even Base36 and just paste in the email about 4-8K of characters at a time.
  Or maybe it's too hard to just create a 1x1 pixel PNG file in paint, run copy smallpicture.png+secretdocument.doc fakepicture.png in command line, and use this picture inline in the email...
50. Re:Why not just block attachments? by Anonymous Coward · 2011-03-24 04:33 · Score: 0
  
  It's available in COTS products. Cheap. It may even be available to home users with a free license of them.
  Disclaimer: I used to be a consumer of the product mentioned. I am no longer.
  Example: Several years ago, I bought a little micro factor pc from a company called Astaro as a UTM appliance. Cost: $1,000 for a small business + ~ 200 per year in license fees. It would handle anti spam, firewall, IDS, IPS, DNS, network antivirus, and content inspection either through a proxy to keep unauthorized users off the internet, or as a transparent proxy.
  When one of the worst flash 0 days came out in flash--I banned the mimetype in the firewall--and had a lot of very pissed off users who I told to stop visiting ebaums at lunch.
  About two years ago, they added SSL content inspection.
  All I had to do was turn it on, and install the certificate on computers in the office. Done. Every SSL connection was seamlessly MITM'd by the firewall, inspected, virus scanned, and had its javascript ran against the signature database.
  For the record--the company in question really undersold us on the hardware. A machine with 2G of RAM and 1 Ghz CPU struggled to handle the spam filtering needs of an office with maybe 15 employees and 40 servers. But if you have *real* hardware and a cluster of these--it's a piece of cake. I am sure companies other than Astaro are easily capable of doing this...as ASL is really nothing special other than a very beautiful webmin UI.
51. Re:Why not just block attachments? by Raul+Acevedo · 2011-03-24 04:35 · Score: 1
  
  Is the software that does this fancy HTTPS interception and fake SSL cert generation typically off-the-shelf, or is it simple enough that companies write it themselves? If off-the-shelf, what this type of software be called?
  
  --
  In a real emergency, we would have all fled in terror, and you would not have been notified.
52. Re:Why not just block attachments? by Kompressor · 2011-03-24 04:37 · Score: 1
  
  And if the browser doesn't accept the proxy's cert, the proxy doesn't accept the browser's traffic. Problem solved, all your bits are belong to us.
  
  --
  kmem russian roulette: Aquillar> dd if=/dev/urandom of=/dev/kmem bs=1 count=1 seek=$RANDOM
53. Re:Why not just block attachments? by Kompressor · 2011-03-24 04:54 · Score: 1
  (Disclaimer: I resell some Barracuda products to my clients)
  As far as I can tell, Barracuda's Web Filter does this. From the section of the help file associated with HTTPS filtering:
  [snip]
  HTTPS Filtering
  You can expand HTTP filtering to include HTTPS filtering. HTTPS traffic can be detected by content category filters and domain filters, as well as by blocking exceptions for all Web traffic, content category filters, and domain filters. This option is disabled by default.
  Limitations for enabling HTTPS traffic filtering:
  
  When HTTPS access is denied, the user will NOT be presented with a block page.
  
  If HTTPS access to a particular domain name is denied, HTTPS access to any subdomain of that same domain will also be denied for the same users.
  
  If filtering is set to Warn, the HTTPS request will be blocked instead.
  
  For URL pattern filters, only the unencrypted portion of the requested HTTPS URL can be checked for a match with the specified pattern.
  
  To enable HTTPS traffic filtering for content categories and domains:
  Set the Enable HTTPS Filtering option to Yes.
  When this option is enabled, filters created using the following mechanisms will block HTTPS traffic:
  
  Content filters (both built-in and custom)
  
  Domain-based filters
  
  URL pattern filters (only the unencrypted portion of the requested URL can be checked)
  
  Blocking exceptions to All Web Traffic or for either of the above types of filters
  
  Note: Immediately after you enable this option, any client machines that had previously established an HTTPS session are communicating with an IP address and will not be blocked. In this situation, the HTTPS Web site IP address remains in the DNS client resolver cache (as well as in the DNS table on the core router or domain controller) until the DNS request time-to-live (TTL) expires. This can take up to a day or two, depending upon how the HTTPS sites configure TTL.
  [/snip]
  I interpret the above to mean that MITM style filtering is an option for the content filters, but (oddly enough) not for the URL pattern filters. You might want to talk to your vendors or suppliers about bringing one in - Barracuda is very good about giving free 30 day trials.
  --
  kmem russian roulette: Aquillar> dd if=/dev/urandom of=/dev/kmem bs=1 count=1 seek=$RANDOM
54. Re:Why not just block attachments? by idontgno · 2011-03-24 05:21 · Score: 1
  
  This is only possible if you are forced to use a browser with that CA cert installed, and the company has a proxy or other software/hardware that can essentially do a Man In The Middle attack.
  And since the subject of TFA is government-internal government-provided IT services and networks, that's not just feasible, it's easy. If you're on the gov.au internal network, you would be using hardware assets provided by the government for performing government duties. These hardware assets would be administratively configured to run government-configured browser software which includes a trusted CA relationship with the gov's own self-signing faux certificate authority. And, of course, you can't run any other browser, because removable media access (perhaps all, perhaps execution privileges) and the right to run un-signed apps are denied in the OS permissions rollout as well.
  Have fun with your enforced man-in-the-middle.
  
  --
  Welcome to the Panopticon. Used to be a prison, now it's your home.
55. Re:Why not just block attachments? by Nursie · 2011-03-24 05:31 · Score: 1
  
  I made one recently, it only took a few hundred lines of python.
56. Re:Why not just block attachments? by Nursie · 2011-03-24 05:34 · Score: 1
  
  Fair enough!
  I figured that was the way it would have to be done, as I've made similar programs (just for SSL/HTTPS) myself, was just wondering if there was some clever way that companies worked around the need to have a new CA cert in every browser.
  Sounds like a very useful tool for the network admin.
57. Re:Why not just block attachments? by Anonymous Coward · 2011-03-24 07:01 · Score: 0
  I've encountered it at a previous workplace on a BlueCoat web proxy. IT support pushed out a new self-signed root CA certificate to all computers on the network. HTTPS connection show a certificate for mail.google.com (as an example) signed by our IT support team. In our configuration, it blocked Google Docs and chat.
  There's a few major downsides.
  
  I don't trust the guys who were in charge of the web proxy with access to my gmail, online banking, amazon etc. accounts.
  It made all web access dependent on the certificate store on the proxy. I couldn't access my home NAS box, as it used a self-signed certificate which I'd installed on my work desktop, but not on the proxy.
  It's a very tempting attack point. Compromise the proxy, and it becomes trivial to spoof a few major players and score possibly hundreds of valid credentials.
  While it did work, I'm not endorsing the software. Quite frankly, it's a buggy piece of shit. If it can't keep up with load, it rejects connections as HTTP 401 instead of 503. That's really annoying, as it causes a deluge of proxy auth dialogs in firefox.
58. Re:Why not just block attachments? by Nefarious+Wheel · 2011-03-24 09:21 · Score: 1
  
  You have to pat them down going in and out of the building, if you're serious. Micro SSD anyone?
  
  --
  Do not mock my vision of impractical footwear
59. Re:Why not just block attachments? by upuv · 2011-03-24 10:03 · Score: 1
  
  The simplest proxy that can do this is probably apache. This won't scale all too well. OR you could spend some money on say a blue coat proxy. Or something of that class.
  The real issue is setting up a CA and making sure the browsers trust it. Getting this change pushed to the desktops can be a pain.
  This fake cert generation you speak of is just a self signed cert. Don't worry about this. The CA you create will give you certs that are signed against it.
60. Re:Why not just block attachments? by Lunzo · 2011-03-24 12:23 · Score: 1
  
  I don't think it's to silence whistle-blowers. If you want to blow the whistle you could buy a cheap usb stick, download everything onto that and send out the info from an internet cafe or someone's unsecured wi-fi. The wikileaks comment wasn't in TFA from what I saw.
  It's as simple as government business should not be done on free webmail accounts due to security risks. Department of Prime Minister and Cabinet were using gmail for work. These people are the staff for the top MPs. Cabinet documents are supposed to be confidential for 30 years (being reduced to 20 over the next 10 years). I'll remind you that some prominent peoples gmail accounts have been hacked recently, e.g. Chinese human rights activists.
61. Re:Why not just block attachments? by wwphx · 2011-03-24 18:47 · Score: 1
  
  This assumes that no one has a CD/DVD burner. But then you also need to disable printing, so I can't take a sheet of paper out, scan it into my multifunction Canon. And also disable my monitor so I can't photograph my screen with my cell phone camera.
  
  Total security is a myth and a mindset, all you can do is work towards it, you'll never fully achieve it short of being Fort Mead.
  
  --
  When you sympathize with stupidity, you start thinking like an idiot.
62. Re:Why not just block attachments? by Pieroxy · 2011-03-25 00:11 · Score: 1
  
  At least, you know someone is (or could be) listening . That's already something valuable.
  
  --
  Write boring code, not shiny code!
Hyperbole much? by Leafheart · 2011-03-23 19:43 · Score: 5, Insightful

Now seriously guys, there are bad titles, and there are pathetic ones. This takes the cake as the prime of the prime on the latter camp. You make it sound like they want to ban it on Australia as a whole, while the truth is much more simple and in fact, valid. They simply urged the agencies to not use those services. The puzzlement should come from why are they using it anyway?
This was an audit performed on the security of Government data and not an exercise on quashing free speech. FFS aesoteric and samzepous, this was so pathetic that it wasn't even funny.

--
--- "When you gotta do something wrong. You gotta do it right. (Fighter)"
1. Re:Hyperbole much? by commlinx · 2011-03-23 19:56 · Score: 1
  
  Agreed and public servants should have better things to do than ping around personal e-mails all day. While with a proper security model the attachment aspect shouldn't matter for security, in practice it will. Also if you know what the Australian public sector is like I'd be concerned about my tax being used to pay for $50K for "counselling" and "support" to someone after being exposed to a naked pair of breasts in the workplace.
2. Re:Hyperbole much? by c0lo · 2011-03-23 20:20 · Score: 1
  
  aesoteric and ..., this was so pathetic that it wasn't even funny.
  aesoteric a user that doesn't post comments, but only stories. And which's web page leads to...itnews.com.au.
  It is bound to lead to a double dose of advertising... with luck, the TFA may fall into "stuff that matters" category but... how muck luck can one have on /. these days?
  
  --
  Questions raise, answers kill. Raise questions to stay alive.
3. Re:Hyperbole much? by Bunzinator · 2011-03-23 20:28 · Score: 1
  
  Government agencies don't use hotmail etc. for official mail, they have the gov.au domain for that. They are talking more about denying public (civil) servants the use of webmail for their private purposes from government systems. A good move, I think.
4. Re:Hyperbole much? by Hognoxious · 2011-03-23 20:51 · Score: 1
  
  Says the guy posting to slashdot from work.
  
  --
  Confucius say, "Find worm in apple - bad. Find half a worm - worse."
5. Re:Hyperbole much? by Anonymous Coward · 2011-03-23 20:58 · Score: 1
  
  They are talking more about denying public (civil) servants the use of webmail for their private purposes from government systems.
  The one I work for already does, I'm pretty sure most of the big ones would anyway. Perhaps this is for the smaller and must less restrictive departments. Most people have smartphones, tablets or netbooks if they wish to access the internet for non work related purposes.
6. Re:Hyperbole much? by aesoteric · 2011-03-23 20:58 · Score: 5, Interesting
  
  I actually agree. The title is inaccurate. It's also not the one that was submitted.
7. Re:Hyperbole much? by statusbar · 2011-03-23 21:09 · Score: 2
  
  It seems that many if not most of the american politicians use gmail/yahoo from their offices to conduct state business on in order to hide from public discovery/freedom of information act... Perhaps the U.S. needs policies like this too!
  
  --
  ipv6 is my vpn
8. Re:Hyperbole much? by Bunzinator · 2011-03-23 21:27 · Score: 1
  
  Incorrect. It's approximately 2030 here at the moment. I left work hours ago. And I'm not employed by the government in any case.
9. Re:Hyperbole much? by Anonymous Coward · 2011-03-23 21:28 · Score: 0
  
  I'm not sure this should've been news in the first place. Seems to me that it's an attempt to blow it out of proportion.
  It just breaks down into a government doing something that....really isn't that big of a deal.
  inb4 "first they came for gmail in the office, but I said nothing"
10. Re:Hyperbole much? by Journe · 2011-03-23 21:31 · Score: 1
  
  I'm not sure this should've been news in the first place. Seems to me that it's an attempt to blow it out of proportion.
  It just breaks down into a government doing something that....really isn't that big of a deal.
  inb4 "first they came for gmail in the office, but I said nothing"
  Bah, posting again to attribute this comment to me. Forgot I'd cleared all my login cookies and such when I upgraded to FF4.
11. Re:Hyperbole much? by Anonymous Coward · 2011-03-23 21:41 · Score: 1
  
  Incorrect. It's approximately 2030 here at the moment. I left work hours ago. And I'm not employed by the government in any case.
  So you are a spy?
12. Re:Hyperbole much? by bloodhawk · 2011-03-23 21:53 · Score: 1
  
  What's more the majority of Australian government sites already block hotmail and gmail as well as most other ISP and internet mail providers and have done so for a long time.
13. Re:Hyperbole much? by Anonymous Coward · 2011-03-23 22:39 · Score: 1
  
  Indeed. My favourite story of these providers involves a woman who was let go from a software firm in Ireland. The company kept getting e-mails dumped back on them and when they looked at what was happening was that she was sending company information to herself which was greater than the 19MB (Real world) limit of the provider. So the only thing standing between them and their data being stolen was an employee not knowing what the attachment limit was. I guess we can see why she was let go.
14. Re:Hyperbole much? by Cimexus · 2011-03-23 22:54 · Score: 4, Informative
  
  I've worked in quite a few Australian Govt. Departments (Commonwealth and State). In at least three-quarters of them, webmail such as Gmail and Yahoo and Hotmail were ~already blocked~. So this recommendation I suppose is just to pull the few departments that haven't already blocked them, into line.
15. Re:Hyperbole much? by Anonymous Coward · 2011-03-23 23:30 · Score: 0
  
  Incorrect. It's approximately 2030 here at the moment. I left work hours ago. And I'm not employed by the government in any case.
  So you are a spy?
  More importantly, we now have evidence that the Higgs singlet exists and can be used to transmit information from 19 years in the future.
16. Re:Hyperbole much? by crow_t_robot · 2011-03-24 00:26 · Score: 1
  
  It is the same in US Gov already. Most (if not all) US government agencies block all of these sites. Some people I know ( >.> ) just use an SSH proxy with SOCKS support to use their home computers to access their gmail-based webmail accounts.
17. Re:Hyperbole much? by TheVelvetFlamebait · 2011-03-24 00:52 · Score: 1
  
  How about a new hyperbole? Slashdot editors are trying to control what we see and think. I was getting bored with the usual terrorist and government boogeymen anyway.
  
  --
  You know, there is a difference between trolling and pointing out the flaws in your reasoning. Just saying.
18. Re:Hyperbole much? by macaddict · 2011-03-24 01:23 · Score: 1
  
  Hey, now. How are we supposed to get our daily dose of Nerd Rage if people like you keep using common sense and critical thinking? You're supposed to froth at the mouth about Australia's evil government censorship, not actually read the article!
19. Re:Hyperbole much? by baegucb · 2011-03-24 01:31 · Score: 1
  
  ummm...you read TFA? You must be new here ;)
20. Re:Hyperbole much? by metlin · 2011-03-24 02:35 · Score: 1
  
  This is true in the US, as well.
  When I was at Los Alamos, you could not access public email sites -- although, you could (back then) access social media sites (Orkut, MySpace etc). Plus, they had blocked off access to all USB ports as well (that was around the time when they had the whole hard-drive missing and found thing going on).
21. Re:Hyperbole much? by jdgeorge · 2011-03-24 02:49 · Score: 1
  
  Dude, I know you oldtimers had the decency not to read the article, but please don't worry. Most of us newcomers didn't read it either. Besides, there's no specific evidence that the GP actually read the article, only that he or she followed the link. And checked the profile of the other user.
  Wait, seriously? Slashdot has a user profile section? Whoah, look... all my old comments are there.... ;-)
22. Re:Hyperbole much? by Anonymous Coward · 2011-03-24 04:22 · Score: 0
  
  Don't forget that all of these systems are thoroughly backdoor'd by the US government, so the US could easily use it for political and economic/industrial espionage. If wikileaks has proven anything, it is that the USA is *always* trying to undermine other countries and their economies for its own benefit. It's good to see some countries are wising up to this.
23. Re:Hyperbole much? by pz · 2011-03-24 06:15 · Score: 1
  
  Agreed.
  In the US, where governmental records are required by law to be kept, using a non-governmental privately-owned system for email that is (a) insecure, and (b) likely not compliant with the necessary auditing and archiving requirements, (c) likely not subject to FOIA, when the email is for official business is against the law in many states in addition to being just outright stupid. As in ex-Gov. Palin stupid, remember?
  There is no reason for the government employees to be using GMail or Hotmail for their jobs.
  
  --
  
  Put my fist through my alarm clock with its ding-dong death inside my ear. - The Blackjacks.
24. Re:Hyperbole much? by twebb72 · 2011-03-24 06:30 · Score: 1
  
  Host it on premise with security in mind, or suffer the consequences of third party outages/security/breaches. Plain and simple.
  
  Australia needs to start buying its own servers and stop complaining.
25. Re:Hyperbole much? by deniable · 2011-03-24 12:48 · Score: 1
  
  In that case, the worker knows they're crossing the line and will most likely keep things quiet. The main reason for this is that we get people wanting to use webmail for official business because it bypasses silly things like filters, mandatory archiving and the like.
26. Re:Hyperbole much? by Anonymous Coward · 2011-03-25 01:14 · Score: 0
  
  It seems that many if not most of the american politicians use gmail/yahoo from their offices to conduct state business on in order to hide from public discovery/freedom of information act... Perhaps the U.S. needs policies like this too!
  There is a difference between a politician sending emails using a yahoo or gmail account while they're at their house, and allowing government agency workers to access yahoo or gmail from within the Agency network itself.
  I've worked both directly and indirectly with a lot of US government networks, and every last one has in fact completely locked down such options. For example, in the State where I live, they don't even have internet access of any sort via the state network.
Not again. by Anonymous Coward · 2011-03-23 19:53 · Score: 0

The number of ways in which the Australian government can show its total lack of understanding of the Internet continues to boggle the mind.
1. Re:Not again. by Anonymous Coward · 2011-03-23 20:13 · Score: 0
  
  You're an idiot, reread the article.
What where they thinking? by Elimental · 2011-03-23 19:54 · Score: 4, Informative

In the private sector I have been doing this for years, because of security. If a user want to access his Gmail/private mail he can use his mobile not via my network and if management agrees I would place a shared system in areas that is on a separate network for such uses.
1. Re:What where they thinking? by Anonymous Coward · 2011-03-23 22:13 · Score: 0
  
  As an Admin for a Mid tier Aussie Accounting Firm, this is exactly what I do too.
  Block all and any Webmail service I can identify, as the only mail we want going in and out of our network is via our corporate email system. That way we can ensure the integrity and content of all email sent and received for legal reasons.
  I have several Kiosk machines around the office not on our internal network ( so they can do the personal stuff during breaks), and management can monitor the use of them
Waste of Time by benjamindees · 2011-03-23 19:54 · Score: 1

These types of blocks are easy to work around for the determined and extremely annoying for people just trying to do their jobs.

--
"I assumed blithely that there were no elves out there in the darkness"
1. Re:Waste of Time by Celarent+Darii · 2011-03-23 20:11 · Score: 5, Insightful
  
  True, but if someone needs gmail to do their government job, someone is not doing their job correctly.
  
  The real problem with gmail, yahoo, msn or whatever is that it isn't the government's server, and there are lots of requirements for archiving and providing an audit trail for government business that gmail cannot (and shouldn't) provide.
  
  IT is more than just putting up a webpage and sending messages, it is also insuring accountability and security. Free web mail is fine and even preferable for private stuff, but when it comes to government work we demand a certain accountability and security, and rightly so. Perhaps people do private messages at work, but this is damn hard to filter and in general on tax-payers time you have no right to be doing private correspondance on government payroll and equipment.
  
  From the workers point of view it might seem a hassle, but try to look at it from the administrator's point of view. Those blocks are there for a reason, and the audit trail is there for a reason. Remove the audit trail and it would be close to impossible to make any sort of investigation on who stole the last 10,000 $ from the government till, and who influenced who in the last bid, and who approved what by which contacts.
  
  People aren't perfect, company and government policies even less so, but there is often a reason for the policy even if it is implemented wrongly.
  
  Go and hug your IT admin today, you'll find it easier to get your job done :)
2. Re:Waste of Time by deniable · 2011-03-23 20:18 · Score: 4, Informative
  
  A real world example.
3. Re:Waste of Time by colinnwn · 2011-03-24 03:16 · Score: 1
  
  I agree with most of your points, however this one bothers me...
  
  and in general on tax-payers time you have no right to be doing private correspondance on government payroll and equipment
  Aside from the fact governments seem to have a hard time hiring quality people, keeping them motivated, and firing or encouraging them to move on when they get burnt out, one would hope most government employees are professionals. You hire a professional to do a job. That job may take 30 or 40 or 50 hours a week. To a certain extent you can add tasks if you think they are underutilized. A professional should be trusted to do their job well and in a reasonable amount of time (unless there is evidence to the contrary), and use company or government resources to take care of personal matters over the phone or internet to the extent it allows them to stay focused and productive at work. Now hourly and contract (union) workers may have to set guidelines for this to prevent abuse. But even those people should be given access to work communication resources to resolve personal matters to a reasonable extent. Otherwise the work product you get out of these disrespected people will probably be equivalent to the resources you provided them (meaning crap).
4. Re:Waste of Time by Celarent+Darii · 2011-03-24 10:09 · Score: 1
  
  True enough. The only problem is that the tools have to conform to certain standards, such as archival and accountability. That does get in the way of work, no question about it - but just like everything in life it is a cost-benefit analysis and often efficiency has to be sacrificed for the ability to archive and search. Just like programing, you can only pick so many features to implement, and soon the more features you have the worse your program performs. Beauracracy is a lot like the stack heap - you can put as much on the heap as you like, just don't expect it to come off as fast as it went in.
  
  Notice I said "in general" - certainly for some government work there is not the need for so much paperwork and it could be streamlined. Problem is that most people dictating policy usually don't have to implement it, and those who make the laws are usually the last ones to have to obey them.
  
  My only real point is that IT guys are also part of the system, and their draconian policies are usually established by someone else. It's a vicious cycle really, but that won't change until someone fixes human nature.
  
  Hope you have a productive day nonetheless !
"Allow all, block some" firewalls don't work by Luke+has+no+name · 2011-03-23 19:54 · Score: 1

If I want to get a file off a computer with Internet access, it WILL happen.
1. Re:"Allow all, block some" firewalls don't work by Anonymous Coward · 2011-03-23 20:08 · Score: 0
  
  Yeah, but "allow all, block some" can make it decisively harder to get the file off a computer by accident.
2. Re:"Allow all, block some" firewalls don't work by tnn_dk · 2011-03-23 21:21 · Score: 1
  
  Solaris Trusted Extensions is designed to handle users like you :) http://www.sun-rays.org/lib/hardware/sunray/ds/go_DTW_cc.pdf
3. Re:"Allow all, block some" firewalls don't work by Mathinker · 2011-03-23 21:44 · Score: 1
  
  And it, like everything else, is vulnerable to the "analog hole". Yes, I know that at high security installations people are searched upon entry for cameras and audio recording devices, but unfortunately, the advance of technology makes it likely that it will eventually be trivial to conceal such devices from most kinds of search equipment (in general, the smaller something is, the easier it is to conceal it).
4. Re:"Allow all, block some" firewalls don't work by pipedwho · 2011-03-23 23:15 · Score: 2
  
  And it, like everything else, is vulnerable to the "analog hole". Yes, I know that at high security installations people are searched upon entry for cameras and audio recording devices, but unfortunately, the advance of technology makes it likely that it will eventually be trivial to conceal such devices from most kinds of search equipment (in general, the smaller something is, the easier it is to conceal it).
  Ah yes, the good ol' a-hole vulnerability. And a micro-SDcard dipped in vaseline.
5. Re:"Allow all, block some" firewalls don't work by sglewis100 · 2011-03-24 01:46 · Score: 1
  
  If I want to get a file off a computer with Internet access, it WILL happen.
  Perhaps. But if your employee handbook forbids it, the vast majority of file sharing sites and email sites are locked down, your USB port is disabled, and you can't burn CDs or DVDs, your machine is locked down and can't join an unauthorized WiFi network, your Bluetooth is disabled, and there's an application firewall that proxies (and inspects) your SSL packets, a DLP engine scanning your outbound mail through company servers, and 20 other things that can be done... guess what, your IT security team has done their due diligence and taken reasonable precautions. Also, if you are caught moving data, there can be no reasonable claim made that you didn't realize you were violating company policy, and there is a measure of liability on you, at the very least, an actionable offense that will end employment, but with possible legal considerations as well.
  
  I don't know why people assume security should be 100% effective (it can't be) or don't bother doing it at all. Somewhere in between that, hopefully much nearer to 100% effective than 0% effective is reality.
6. Re:"Allow all, block some" firewalls don't work by Anonymous Coward · 2011-03-24 02:37 · Score: 0
  
  if you are caught moving data, there can be no reasonable claim made that you didn't realize you were violating company policy
  I agree with this. I work at a bank that will kick your ass out the door and press charges if you are caught moving private data outside the company. They MITM google, but not some other email providers. I could theoretically SSH into my home server (or do a reverse SSH into my desktop) to get whatever I wanted.
  But I have ethics and want a job. And freedom.
Counterproductive by Anonymous Coward · 2011-03-23 20:03 · Score: 1

I have to block webmail services and all it means is that when I want to investigate data leakage, I have no idea where to start.
We permitted personal mail access in the past, and that made it much easier to hold people to account, as the poor sweet dears always imagined they were being dead subtle uploading the stolen files to a draft on gmail or wherever. Now, there are a million places in their browsing histories I have to check to see if they have an upload or post capability.
The Aussies are deluding themselves if they imagine this'll stop civil servants making off with secrets...
Beat around the.. by xnpu · 2011-03-23 20:05 · Score: 1

Obviously they can't come out and say directly that Google doesn't protect your from CIA BS, nor from the CIA's Wikileaks media outlet. They would be considered conspiracy nuts (as you consider me after reading this).
It's to keep the malware out by Anonymous Coward · 2011-03-23 20:07 · Score: 1

Australian Government employee here. (Posting as AC, of course.)
Our agency allows Hotmail, Gmail, etc. Just not from your desktop; you have to go through a special DMZ machine, and if you've received messages that you need for business, forward it to your official account.. The given reason is a lot more mundane than Wikileaks: to keep malware, viruses, etc. out. (Although the use of these DMZ machines are, no doubt, monitored for leaks of unauthorised stuff too.)
The "official" agency e-mail servers are highly filtered for malware. Presumably Hotmail, Gmail, etc. are just as good at filtering... but by policy, we can't (and shouldn't) rely on something out of our control like that.
1. Re:It's to keep the malware out by deniable · 2011-03-23 20:15 · Score: 2
  
  The main reason we're given is record keeping acts. How do you archive work documents being sent through gmail, hotmail and so on? We're now getting requests to distribute official documents through Dropbox. Once we peeled the records manager off the ceiling, we said no.
Very Short Blacklists by Tei · 2011-03-23 20:10 · Score: 1

There are literally more than 290.000.000 of ways to upload data to the internet. Blocking 2 gets you a list of 289.999.999 ways. On top of that, people can use his phones, usb drives, etc.
Proper safety stuff is *nothing* like that.
Anyway could be a first step in a "defense in deep" protection, to achieve a 2% or 5% more protection.

--
-Woof woof woof!
1. Re:Very Short Blacklists by Anonymous Coward · 2011-03-23 20:21 · Score: 0
  
  actually its 289,999,998...
  jus sayin
2. Re:Very Short Blacklists by Psychotria · 2011-03-23 20:34 · Score: 1
  
  Actually, it's 289999998.... best to leave out the commas and decimal points entirely when speaking to a global audience.
  Just sayin'
3. Re:Very Short Blacklists by Hognoxious · 2011-03-23 20:58 · Score: 1
  
  Actually, it's 289 999 998
  If you're going to be a pedantic prick at least try to be correct. ISO 31-0
  
  --
  Confucius say, "Find worm in apple - bad. Find half a worm - worse."
4. Re:Very Short Blacklists by Tigger's+Pet · 2011-03-23 21:38 · Score: 1
  
  Actually, you're all working on the wrong basis. The original poster of this thread said that there were "more than 290.000.000" More than, means 290 000 001 or greater. Therefore, removing two of them leaves you with 289 999 999 or greater - not 289 999 998.
  It's always good when an AC comes on and uses the old "just saying" - knowing full well that if he posted on his account he'd be hit with a "Score: -1, Idiot"
5. Re:Very Short Blacklists by Cimexus · 2011-03-23 22:58 · Score: 1
  
  No way ... reading long numbers without thousands separators (whether dots or commas or spaces) is hard :(
6. Re:Very Short Blacklists by Anonymous Coward · 2011-03-23 23:58 · Score: 0
  
  Wow, you suck at math.
  290.000.000 - 2 = 289.999.998
7. Re:Very Short Blacklists by nedlohs · 2011-03-24 00:50 · Score: 1
  
  Wow you suck understanding english words.
it is not unusual for companies to block webmail. by Chrisq · 2011-03-23 20:11 · Score: 2

it is not unusual for companies to block webmail. I don't see why government departments shouldn't do it either. As others have pointed out anyone who is determined will get information out anyway, but it does prevent the "casual" release, either accidental "There's a lot of hassle in the office, I haver heard people say the merger might be off" deliberate but non-malicious "I'll email this document home and I can finish it this evening" or malicious "I'll email this home then if I don't get my pay rise.....".
Why not educate. by Anonymous Coward · 2011-03-23 20:18 · Score: 0

The biggest problem this world has: It is lead by so called intelligent people. I start to RAGE when i see stupidity! Why not EDUCATE instead of blocking, punishing, etc.? EDUCATION is something that you dont see anywhere. They are not teaching you in school how to use a mail, they are teaching useless stuff that most of it you will forget or you dont use it! OH, Why not cut the electricity and you go back to stone age so you can rule your kingdom? (it will be easier if you shoot yourselves.)
Non-IT people making IT decisions. by upuv · 2011-03-23 20:21 · Score: 2

I don't have to mention how much of nothing this solves.
The real issue is non-IT people making IT decisions.
1. Re:Non-IT people making IT decisions. by gravis777 · 2011-03-24 00:02 · Score: 1
  
  Where did you come up with this? Many corporations in the US block external mail sites - in fact, the one I work at does. Its quite simple - to keep proprietary and classified information from inadvertantly leaving the company. Its amazing what people think is information that can be publicly shared. Restricting webmail, and forcing everyone to use the company e-mail, cuts down on the number of leaks. Of course, you can still use your iPhone or Blackberry or Android in the office for personal stuff, the idea is that there is much less chance of someone copy and pasting, or attaching a file, that they aren't supposed to. Its not perfect, but it does have SOME effect.
  Now, if private corporations are doing this, think about how much more sense it would make for a government to make this call. Quite frankly, I am surprised it took them this long to do it.
2. Re:Non-IT people making IT decisions. by Anonymous Coward · 2011-03-24 02:23 · Score: 0
  
  "Many corporations in the US block external mail sites - in fact, the one I work at does. "
  Some perhaps. but there are over 190 countries on the WORLD WIDE web each with their own mail sites, I doubt that even 10% are blocked.
3. Re:Non-IT people making IT decisions. by gravis777 · 2011-03-24 03:57 · Score: 1
  
  "there are over 190 countries on the WORLD WIDE web each with their own mail sites, I doubt that even 10% are blocked."
  Like China? Libia? Iran? Iraq? Egypt? Afghanastain? Russia? North Korea? Vietnam? Venezuela?
4. Re:Non-IT people making IT decisions. by deniable · 2011-03-24 13:02 · Score: 1
  
  I don't have to mention how much of nothing this solves.
  The real issue is non-IT people making IT decisions.
  Like the decision to conduct official business using insecure web services that don't comply with the laws of the land and public sector guidelines. Seen it. Like paying ten times as much for services that could have been hosted internally for no extra cost. Seen that. Like clear violations of record keeping and FOI laws. If I see that, I have to report it.
From the Scene by Anonymous Coward · 2011-03-23 20:22 · Score: 1

Hi, I'm an Australian IT Security Administrator (thankfully not responsible for any of the agencies which recently got audited) but having these websites added to a blacklist doesn't just mean a technical block (which we all know can be bypassed) but it also means a clear IT Security policy decision saying "Accessing this website is against IT Policy". With this policy decision, actions can be taken against workers who attempt to bypass the block as we can say "It was clear in our policy and in it's enforcement that the website was blocked, you have no excuse for accessing said banned services". This is important seeing as at the moment it is not as clear and punitive measures are somewhat limited. Although users tend to be a bit thick, I've found that a large majority of them in cases such as using unofficial web mail services for official purposes can be resolved through user education of the dangers of using said services. Not only that but if IT departments in these agencies actually listen to their users, they'll probably find the reasons on why users favour them over the existing solution (ease of use is usually the answer) which can also be addressed.
Aussie PM? Really? by captain_sweatpants · 2011-03-23 20:37 · Score: 0, Flamebait

It's the Australian Prime Minister.
I assume this was article was submitted by an Australian, and to that person I would say you need to get a little self-respect. FFS even if you don't respect the person, at least respect the office. Would you seriously submit an article about the yanky prezo and expect it to be published? No, you would refer to him as the US President or more likely just the President, or Obama, even if you hated his guts. To do otherwise is to insult the American people. Refering to some random Australian as an aussie, that's acceptable, although for a news site I personally consider it unprofessional. But, refering to the highest office in the land or any other official goverment entity for that matter as being 'aussie' is just insulting.
1. Re:Aussie PM? Really? by Anonymous Coward · 2011-03-23 20:55 · Score: 0
  
  It's the Australian Prime Minister.
  I assume this was article was submitted by an Australian, and to that person I would say you need to get a little self-respect.
  I'm an Aussie, and I'd say you need to settle down, sunshine.
2. Re:Aussie PM? Really? by Anonymous Coward · 2011-03-23 21:01 · Score: 0
  
  It's not insulting, it's a compliment. You do know we "aussies" boo'd the PM during the opening ceremony of the 2000 Sydney Olympics! We simply have not a care for such formalities. But of course we would not refer to your leader as a "Yanky prezo," but customs are different here, so no one cares what you call the PM or any other figure of authority. It's more a compliment than insult really to say "Aussie PM".
3. Re:Aussie PM? Really? by TBBle · 2011-03-23 21:19 · Score: 1
  
  It's worse than that. "Aussie PM Office". What they're actually talking about the "Department of the Prime Minister and Cabinet", the department which holds a sort of higher-level overview position within the Australian Public Service rather than being dedicated to one particular area of government. (Like the Prime Minister herself) Hence the presence within that department of the National Audit Office, which does cross-department audits.
  As for "Aussie PM" itself, that's not about self-respect. It's merely a failure to distinguish between levels of formality in speech and writing for an audience. She's the "Aussie PM" (or colloquially just "the PM") in the same way that the Queen is "Madge". But when you write formally (i.e. not transcribing speech to retain specific effect as I just did, or taking notes for oneself) then they're the "Australian Prime Minister" and "Her Majesty, The Queen" respectively.
  Certainly not written by a Canberran (the actual colloquial spoken form is "PM and C", not "PM Office") and I doubt it was an Australian submission so much as an attempt to emulate the Australian vernacular.
  Then again, I'd have contracted "president" to "pres", not "prezo" myself. So our vernaculars may simply differ. ^_^
  
  --
  Paul "TBBle" Hampson
  Paul.Hampson@Pobox.Com
4. Re:Aussie PM? Really? by Anonymous Coward · 2011-03-23 21:21 · Score: 0
  
  Did I see you on the tellie at the Cronulla riots? You're a boof head mate. Our Prime Minister deserves better that what /. served up, no matter what strip of politics you're from.
5. Re:Aussie PM? Really? by centuren · 2011-03-23 21:26 · Score: 2
  
  It's the Australian Prime Minister.
  I assume this was article was submitted by an Australian, and to that person I would say you need to get a little self-respect.
  It's not insulting, it's a compliment.
  I'm an Aussie, and I bear the term proudly. I am also proud of our long, rich heritage of not having sticks up our collective arses. Now an expat, I often refer to home as "Oz" and fondly tell stories like that of Bob Dwyer having to apologise to the Queen in 1991.
  
  But, refering to the highest office in the land or any other official goverment entity for that matter as being 'aussie' is just insulting.
  PM or not, she bloody well better be an 'Aussie' first.
  
  No, you would refer to him as the US President or more likely just the President, or Obama, even if you hated his guts. To do otherwise is to insult the American people.
  
  According to large portions of the American people, Obama is a terrorist and G.W. Bush was retarded, so I'm not quite sure what you're trying to convey to that Australian who needs "a little self-respect".
6. Re:Aussie PM? Really? by Anonymous Coward · 2011-03-23 22:09 · Score: 0
  
  I was thinking of going, but I'm half skip half Lebanese so I decided against it for risk of beating myself up.
7. Re:Aussie PM? Really? by Cimexus · 2011-03-23 23:01 · Score: 1
  
  Mod parent up +1 Informative. Would do it myself (I have points) but I already posted on this thread.
8. Re:Aussie PM? Really? by zippthorne · 2011-03-23 23:41 · Score: 1
  
  Most people would've shortened that to "Yank Prez" and it's a perfectly cromulent way for a foreigner to refer to a US president, since we ourselves often refer to the president as "da prez" informally.
  I'm sure Australians rarely refer to the "australian X" in their government though, since it's quicker to just say, "the X" Adding the qualifier when it doesn't really need to be qualified seems a little patronizing.
  
  --
  Can you be Even More Awesome?!
9. Re:Aussie PM? Really? by upuv · 2011-03-23 23:49 · Score: 1
  
  Um as an Aussie we don't feel the "Aussie" is in any way insulting.
  As an X Canadian I also did not feel any shame in being called a Canuck.
  I assume you must be a Yank. Cause if I was a Yank I would be insulted.
10. Re:Aussie PM? Really? by Rennt · 2011-03-24 00:00 · Score: 1
  
  You're way off base there. "PM" is used throughout the former British Commonwealth as semi-official short-hand for Prime Minister, and Aussie is a badge worn with pride. "Aussie PM" in particular is published in newspapers every single day.
  I'm sure the PM herself would be horrified at the suggestion that the term was anything to be ashamed of.
11. Re:Aussie PM? Really? by mjwx · 2011-03-24 01:26 · Score: 1
  
  I assume this was article was submitted by an Australian, and to that person I would say you need to get a little self-respect.
  Not how it works in Oz, politicians are the lowest form of life, lower then ameoba, racists and Fremantle Dockers fans.
  
  We like it this way, they tend not to get delusions of grandeur like pollies in the states.
  
  Would you seriously submit an article about the yanky prezo and expect it to be published?
  Well that's how you get most articles published. How many articles go "Obama $ACTION $VERB $ISSUE"?
  
  This aside, the headline is completely wrong, the PM or her office did not do this, it's the National Audit Office, who's job it is to Audit governmental data has recommended that webmail services should be blocked. Of course they are behind the times as most govt. depts already do this.
  
  Her Ranga-ness, the Honourable Julia Gillard or the Department of the PM and Cabinet had nothing to do with it.
  
  --
  Calling someone a "hater" only means you can not rationally rebut their argument.
12. Re:Aussie PM? Really? by BitZtream · 2011-03-24 01:46 · Score: 1
  
  As an American I can say with the utmost certainly, we tend to get offended and any nickname given by someone other than a close friend, regardless of why it was given, term of endearment or insult.
  I don't really know why, I've been wondering that for the last several years myself. It seems that our struggles with racism seem to focus more on the name calling than the actual bad things that were involved with it. I think it may possibly be because if we focus on the names we can trick ourselves into forgetting the real bad shit we did in the past to other human beings.
  Thats just on theory I have anyway, but we definitely do have some retarded issue with name calling that seems to make any name offensive ... its almost like its just an excuse to move to physical violence. Maybe we have it so good that we have to create conflict where there is none?
  *sigh* I really wish we could do what Rodney King said and just fucking get along with each other.
  
  --
  Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
13. Re:Aussie PM? Really? by TBBle · 2011-03-24 04:12 · Score: 1
  
  Actually, I dropped the ball a little on this one. PM&C has a few "Offices" within in, but the National Audit Office isn't one of them, it's actually an arm of the Parliament under the Auditor General. >_
  
  --
  Paul "TBBle" Hampson
  Paul.Hampson@Pobox.Com
14. Re:Aussie PM? Really? by Anonymous Coward · 2011-03-24 05:32 · Score: 0
  
  Yank my Doodle, It's a dandy!
15. Re:Aussie PM? Really? by deniable · 2011-03-24 13:05 · Score: 1
  
  Yank prez? I thought he was Chief Septic.
Maybe IT people making IT decisions. by dbIII · 2011-03-23 20:43 · Score: 4, Insightful

Remember Sarah Palin and her webmail that somebody got into by just answering some incredibly easy "security" questions? If I was in government IT security I'd be recommending that nothing remotely important was sent to or from hotmail etc.
There's also the archiving problem. An important email sent to or from hotmail may disappear into a black hole never to be seen again within a year so you are out of luck if you want the information in it after that date.
Then there's the "paper trail". We wouldn't have had so much on Poindexter and North selling weapons to terrorists (Hezbolla via Iran after Hezbolla killed all those US Marines) if their emails hadn't been on the backup tapes. That's one reason why places have rules about not using hotmail etc.
Finally, gmail may be stable but if you are a University that has outsourced your students mail to hotmail and a stupid internal Microsoft DNS error prevents them getting email your trouble ticket gets put in a queue for a week before it gets fixed. That's for paying customers. Lost mail and no access for over a week. Now consider how those on free accounts are going to get treated when things go wrong.
It really is quite stupid to rely on it for anything work related if you want to pretend to be any sort of professional organisation.
It's not enough by Artem+S.+Tashkinov · 2011-03-23 21:35 · Score: 1

They should block Tor, SSL websites, applications with encryption too (almost all modern archivers support AES, not to mention TrueCrypt and similar products). And special Aussie Windows version without built-in encryption won't hurt.

Good luck with this mission impossible.
Gmail is secure. by pro151 · 2011-03-23 21:42 · Score: 1

My company (Worldwide) has switched to Google Apps and Gmail and we find it to be a very secure system so far, and the Gmail spam filter is top shelf.
Settle down mate. by LordHaart · 2011-03-23 21:44 · Score: 2

As a proud Aussie myself, I have never met another Australian who feels the term "Aussie" is in any way degrading or rude. Some Americans may feel that way about the term "Yank" but I can say with complete confidence that "Aussie PM" gets used ALL THE TIME in Australia, by people and on TV.
1. Re:Settle down mate. by Anonymous Coward · 2011-03-23 22:38 · Score: 0
  
  As a proud Aussie myself, I have never met another Australian who feels the term "Aussie" is in any way degrading or rude. Some Americans may feel that way about the term "Yank" but I can say with complete confidence that "Aussie PM" gets used ALL THE TIME in Australia, by people and on TV.
  Stone the crowes! Seriously fair crack of the whip mate! Us Aussies are true blue and proud of being called Aussies! On topic though, if they're afraid some kind of leak getting out, don't worry, us Aussie's know what a USB stick is. ^^
2. Re:Settle down mate. by Anonymous Coward · 2011-03-24 00:57 · Score: 0
  
  I don't think the submitter wrote that title.
  As an American who was born in Australia, I don't see either Aussie or Yank as offensive. Americans tend to refer to the President somewhat more formally just because of their culture, in contrast, Australians are less formal. Even barring that, the fact that you have a widely recognized diminutive is a sign that you're important enough to merit widespread media attention. Though most Americans don't keep track of the current Aussie PM (to be honest, I don't), the office itself is widely known and the actions of the officeholder are globally noteworthy.
3. Re:Settle down mate. by Anonymous Coward · 2011-03-24 01:43 · Score: 0
  
  I'm posting as an Aussie coward, and if you want to see how Aussies treat our Prime Ministers, just view the lovely image on this page and read the article (it's the Australian Broadcasting Commission site, featuring the leader of the opposition at a rally).
  http://www.abc.net.au/news/stories/2011/03/24/3172088.htm
  I think that the leader of the opposition being photographed in front of signs calling the Aussie PM (Julia Gillard) a lying bitch makes it clear how much respect is shown for our ministers. We all know they are crooked, corrupt and inept, and so do they (apologies to Douglas Adams, but he did get that part of our culture pretty spot on). Why the US pretends theirs are any different, despite copious evidence, is quite odd! The respect you show these people, just for being elected, is amazing...
  The highest office in the land of Oz is the Governor-General, the representative of the Queen of Australia, btw. She (the G-G is a woman) can fire the PM.
  Also, I work for the Australian Federal govt, and yes, in my office web based mail is blocked. Political sites are blocked. Games sites are blocked. Religious sites are blocked, social sites are blocked. USB drives are disabled in BIOS, along with removable drives. Accessing them or plugging something foreign into the network may get you fired and arrested for computer crime (there is a Federal policeman (aka FBI in USA) in every office). Paranoia rules, and our encryption is done by our military IntSec drones. But that's my office, others vary.
Ampersand by Anonymous Coward · 2011-03-23 21:57 · Score: 0

The comma is not suitable for a list of two items. Instead, use an ampersand.
"Calls for Government ban on Gmail & Hotmail"
London by Anonymous Coward · 2011-03-23 21:58 · Score: 0

It does sound a bit odd to those used to accessing whatever they want at will, but I work in an investment bank in London and it's the same story here. You don't need Gmail to do your job. Learn to split your work and home life up a little so you can actually be a bit more productive rather than breaking your attention span every 10 minutes.
They can still... by Anonymous Coward · 2011-03-23 22:14 · Score: 0

send out confidential data using the in-house email client. Sure, it will be in the logs and maybe your folders/sent but they can't block you from sending it. Even if you leak it, the most they could do is fire/prosecute you but it would still be leak-able.
They can't block email to non-govt-domain IDs since it's obvious that they may be legitimately emailing someone outside of their department or even the government.
If they are gonna be retards about it, why not block out internet access completely? They could still use 'dropbox' type services (2 GB) or sugarsync (5 GB worth of confidential data leaked per account/per day). How hard would it be to leak info even if they block gmail? Heck, if you can access govt/work email from home, just save yourself a massive draft file or email urself and download the attachment at home. There's also sending attachments in chat services, ftp, etc.
Frankly, the only ppl this policy would inconvenience are those not planning to do any leaking.
UK government already does this by Anonymous Coward · 2011-03-23 22:22 · Score: 0

All webmail is blocked by the filtering software.
PM office? by Anonymous Coward · 2011-03-23 22:28 · Score: 0

So pray tell dear American editors making up headlines - Just when did the Audit Department group join the Prime Minister's department? You know how people on /. say RTFA... well as editors you should!
Doesn't GMail block executable attachments? by EmagGeek · 2011-03-23 22:28 · Score: 2

And scan all email for viruses and malware? I've never so much as had a peep from anything I've gotten in GMail in 5 years.
oh lordy by Anonymous Coward · 2011-03-23 22:32 · Score: 0

Everyone knows thats how the big leaks happen. People sitting at their work desks sending email via hotmail and google.
Seriously, they should also ban printing, external peripherals, being a disgruntled employee, ban WiFi, jam cell phone signals, and finally, every day at 5pm wipe their employees memory and store it in a machine until 9am the next morning when it can be reloaded into the employees brain. That way information can be controlled in 50% more effectively.
good point by Miska · 2011-03-23 22:44 · Score: 1

given the state of disrepair of our university email system, many of us - staff included - are considering switching to something like gmail, to 'fix' things. probably quite a few government email systems are in no better shape.

--
-
Already blocked in some UK government bodies by mr+fog · 2011-03-23 22:56 · Score: 1

My wife works for the FSA and cannot access gmail/yahoo there.
I call deflection .. by Anonymous Coward · 2011-03-23 23:04 · Score: 1

the Australian PM is hugely unpopular (think Bush near the end of his reign) ..
And besides what email system IS secure?
1. Re:I call deflection .. by The+Fanta+Menace · 2011-03-23 23:12 · Score: 2
  
  Amusingly, the nutjob opposition leader is even more unpopular.
  
  --
  -- Even if a god did exist, why the fsck should I worship it?
This already happens by Entropic+Alchemist · 2011-03-23 23:08 · Score: 2

I can definitely say, as an Australian Federal Public Service employee that web-based email is completely blocked. It is actually cause for immediate dismissal if you try to access them.

--
Remember the Second Law of Thermodynamics: Let the Lord of Chaos Rule
1. Re:This already happens by Anonymous Coward · 2011-03-24 00:40 · Score: 0
  
  I can definitely say, as an Australian Federal Public Service employee that web-based email is completely blocked. It is actually cause for immediate dismissal if you try to access them.
  Don't you just love being babysat.
Pointless by The+Fanta+Menace · 2011-03-23 23:11 · Score: 2

Blocking webmail services is like whack-a-mole. There's likely to be one somewhere that you'll miss, and when the potential leakers (henceforth known as patriots) find it, you're back to square one.

--
-- Even if a god did exist, why the fsck should I worship it?
1. Re:Pointless by 140Mandak262Jamuna · 2011-03-24 01:28 · Score: 1
  
  First off, let us get the basic definitions right. Their leakers are patriots. Our leakers are traitors.
  
  --
  sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
The Great Down Under is going down fast! by Anonymous Coward · 2011-03-23 23:30 · Score: 0

The actions suggested sound more like those of a TinPotDictator attempting to suppress the dissemination of independent thoughts than anything else.
Democracy! by hyde_esmy · 2011-03-24 01:14 · Score: 1

And they critisize Arab countries for the liberty of expression and the right to use telecomm means!
1. Re:Democracy! by Maclir · 2011-03-24 02:00 · Score: 1
  
  The government isn't telling it's citizens what they can and cannot do. This is just an employer directing it's employees what they are not permitted to do while at work using the employer's equipment and facilities. Just about every employer will do that. So what's your problem?
2. Re:Democracy! by LittleLebowskiUrbanA · 2011-03-24 04:21 · Score: 1
  
  You just don't get it. You don't.
  This is about gov't workers on gov't time using gov't machines. Understand? You can can get back to us when they start using secret police to arrest those using free email services or bombing crowds or oppressing women, being ruled by a "royal family" through a theocracy, or.......never mind. You lose.
  
  --
  This guy is way out there
how to mitigate security risks by Anonymous Coward · 2011-03-24 01:26 · Score: 0

Block the use of Microsoft Windows ..
MS Forefront TMG can inspect HTTPS connections... by cmdrbuzz · 2011-03-24 01:42 · Score: 1

Have a look at Microsoft Forefront Threat Management Gateway (It's the renamed ISA Server)
It has full support for a man-in-the-middle HTTPS filtering module, with a wildcard certificate creation done for you as part of the wizard (the certificate is usually distributed in Active Directory to the clients)
It does however prompt you that there may be legal issues in your company should you enable the HTTPS filtering without notifing your users, and it also will prompt anyone using the client-side component with a balloon message saying that the HTTPS connection is being inspected.
Sit down and have a nice cuppa tea by Maclir · 2011-03-24 01:44 · Score: 1

Have you ever met, in person, an Australian Prime Minister? Back in 1988, I was a guest at the Parliament House Christmas party put on my the Labor Party for Parliament House staff. While I was having a cold beer, up comes an older man, magnificent head of silvery-gray hair, with a glass of orange juice and a big cigar.
"G'day mate, I'm Bob", he said, offering his hand
I shook his hand and replied, "G'day Bob, I'm Ken."
That's how Aussie PM's should interact with other Aussies. I would hope the current Aussie PM would react the same if I said "G'day, Julia, I'm Ken."
Yank by Maclir · 2011-03-24 01:47 · Score: 1

Or even more insulted if you were called a seppo.
Damn Liberals by Anonymous Coward · 2011-03-24 01:51 · Score: 0

If we are able to get Labour into power, all this will stop.
Wait. What?
what is it the government tells us? by Anonymous Coward · 2011-03-24 06:07 · Score: 0

if you don't have anything to hide, australia...
Explanations Please? by ResidentSourcerer · 2011-03-25 02:26 · Score: 1

It's not clear to me how this improves security.
The only thing I can see that it stops is a user casually emailing a document off site. Leaks are more deliberate.
Unless your security policy also blocks most outbound ports, and does deep packet inspection on what it does let out, this appears to be just one sand bag in the stream.
Ways to move digital data offsite.
1. Media: DVD, CD, Memory Stick, portable hard drive. camera used as flash drive, phone used as a flash drive.
2. Standard file protocols ftp, ssh, sftp, http, https. The latter two would be hard to detect -- but the ratio of download to upload would be skewed for a particular host.
3. Sync files to/from my phone.
4. Teamviewer and the like. (Remote desktop protocols with file transfer capability.)
5. Tethered phone.
6. USB wireless + cantenna.
7. Running another OS in a virtual machine to evade locked down desktops.
8. In a windows shop, running 'portable apps'.
9. Embedding data in non-standard transports. E.g. Ping packets.
Stopping all of this is possible, even easy. Doing so in a way that people can still get any work done, and won't spit on IT people as they pass will be a bit more challenging.

--
Third Career: Tree Farmer Second Career: Computer Geek First Career: Teacher, Outdoor Instructor, Photographer.
Re:Hyperbole much? (Not really, no.) by BrianPRabbit · 2011-03-29 01:41 · Score: 1

Not really. The title is just syntactically ambiguous. The OP did not specify whether the "Government Ban" was the ban-by-the-government-upon-the-non-government-sector or the ban-for-use-by-the-government variety. Such ambiguity is the cost of using english instead of, say, lojban.