Security Flaws In Aussie Net Filter Exposed

Faldo writes "There's a three-part interview with a computer security expert on BanThisURL that goes into the flaws in the Aussie net filtering scheme. In addition to SSH tunnels and proxies, more worrying problems like trojaning the boxes to set up man in the middle attacks (which the interviewee has done in his lab), cross site scripting and the Australian blacklist leaking are all discussed. Worrying and relevant, especially since Thailand's blacklist has just been leaked."

Poor Design

[Anonymous Coward]

The concept itself is flawed. Centralized filters will never work, and any filtering system is imperfect. The best we can do is have individuals ascribe a reputation to a particular resource and based on trusting others' ratings we can tailor the firehose to our liking.

Anything else is just a way for some fearmongers to stay in office and/or make a quick buck.

Just like DVD piracy...

[hack slash]

...it will only serve to piss off those that can't circumvent the firewall (or unskippable anti-piracy adverts in the case of legit DVDs)

It is completely ignorant to think...

[NoobHunter]

that things are unhackable.

"If you code it, it will be hacked!"

The Titanic was an example of what should be called Cockyisms. (The beliefe that one is better or their product is better than it truly is.) in this case, Unsinkable...and we all know how THAT turned out!

DVD encryption, DRM and now Net Censorship...the tighter the grip, the faster they will lose control.

Re:Poor Design

[Hatta]

The concept itself is flawed. Centralized filters will never work

Anything else is just a way for some fearmongers to stay in office

Sounds to me like it will work just fine then.

Re:From the article

[Anonymous Coward]

As long as Microsoft can keep up-to-date with their current security holes, then yes. However, with it taking them weeks to release patches for some of the biggest holes (recent IE flaw) that plan gets shot to shit fast. Even with all the latest patches, any system, be it Windows, your favorite linux distro or OS X, there's always holes waiting to be found and exploited. It's not how well the user is at running system updates, but how well the OS developers respond to critical security flaws.

Re:It is completely ignorant to think...

[Volante3192]

Also, only one suffered from iceberg collision.

Re:Depends on the bechmark

[mcgrew]

If stopping 100% of the users from getting indie music is the goal, then it fails. However, if stopping or impeding 50% of indie music perhaps it could be labeled a success? Becaue that's what this is about - stopping the use of a legal and legitimate product to destroy an industry's independant competetion.

The industry isn't afraid of Fergie being downloaded, it's afraid of The Station being downloaded.

why would the list have to "leak"?

[Punto]

doesn't the govenment publish the blacklist? this isn't like other countries where they just pretend like there is no filtering going on at all.

Re:Depends on the bechmark

[danpat]

While projects like this might hit their modest targets initially, they're totally doomed in the long term.

If 1% of users can get around it with highly technical trickery, it's not going to be long before one of those 1% packages the workaround up into a nice one-click piece of software that everyone can use. Just look at CSS. It only took one DVD-Jon to figure it out and now CSS is effectively useless.

That's why I think lots of people argue that it's either 100% or don't-bother.

Re:Depends on the bechmark

[Anonymous Coward]

If you set the goal very low, like stopping 50% of bad data, but accept blocking 50% of good data as well, then it's almost impossible to fail. simply deleting 50% of traffic would satisfy that goal, and doesn't even need any filtering at all.

Making a filter that stops more bad traffic than good traffic is very difficult, especially when the amount of good traffic is very large.

Re:Depends on the bechmark

[MightyMartian]

If a proposal is only going to stop a small proportion, stomps all over civil liberties, could potentially break important protocols, can be circumvented by the technically savvy (which tends to include the very people who the proposal alleges it can stop) and introduces dangerous new security flaws, then I'd say the proposal ought to be rejected.

Let's be clear here. All this plan may do, at the very best, is catch the technically challenged pedophiles. That's a best case scenario, and basically undermining an entire country's Internet access to catch this group is rather like a sniper sitting on an overpass randomly shooting at cars because some of those cars may be driven by drug dealers. Yes, it's true, some small number of drug dealers may actually be killed, but if that's your idea of policing, then we might as well declare everyone guilty, take away their computers and call it a day.

The plan is idiotic, it's proponents are at best naive, and international child abuse won't be dented by it.

Re:Depends on the bechmark

[johnsonav]

The industry isn't afraid of Fergie being downloaded, it's afraid of The Station being downloaded.

They should be. But I don't think the industry, that didn't even see P2P coming, has that much collective intelligence or foresight.

I think what they're really afraid of is a generation of potential consumers who give no thought to the copyright status or label affiliation of an album, who don't care if their downloads are legal or not. They're afraid of a culture which doesn't even consider paying for music. They're afraid that their role as musical gatekeepers will become obsolete. They're afraid that their product will have to compete with all others on a level playing field. And they should be.

Re:But What About The Children/Terrorists/Etc.

[immortalpob]

So almost exactly like creating a filter to block bit torrent under the pretense of stopping child porn?

Re:Too late...

[Curtman]

A government that fears guns in the hands of its people... should.

Right, because American gun ownership has obviously done wonders for stopping its government from harassing its citizens. Or maybe you'd just rather keep on thinking it has.

Re:Poor Design

[D_Blackthorne]

I disagree; what it mainly will do is give the illusion that Australia's children are being protected from the Big Bad 'Ol Intarwebs -- which is to say that it'll make some busybody politicians look good to their constituency.

Don't they have anything better to do over there than screw with the internet? Don't they have some crime problems to solve or something?

Re:Poor Design

[Starayo]

Exactly - it won't protect children at all, except the very young who shouldn't be using it without supervision anyway. Take any high school student that's been using their school's computers and they'll have a rather better than average knowledge of web-based proxies, which every one of them has been using to get around the DET's blocking of facebook, myspace, various flash games, etc. It's only a small leap from there to using a software-based solution, and I know I'll be distributing a couple of choice ones to the few people I still know in high school. >:3

Besides, it has an added benefit - if I somehow get caught and charged under whatever law for circumventing the filter, I'm taking someone down with me!

Re:Depends on the bechmark

[TheSeer2]

It won't stop pedophiles at all. It'll stop those seeking child pornography on the internet, but it won't do crap to stop the actual abuse of children.