Feeds

Oz biz regulator discovers shared servers in EPIC FACEPALM

'Not aware' that one IP can hold more than one Website

Internet Security Threat Report 2014

The Australian Securities and Investment Commission, which in 2013 accidentally blocked innocent Websites in an attempt to disrupt financial fraud, has told a government inquiry it didn't actually know what it was doing.

In using what are called “Section 313 notices” under the Act to shut down fraud sites, the financial regulator has said it didn't realise that IP addresses weren't a good mechanism because shared servers exist.

Section 313 of the telecommunications act obliges carriers to cooperate with law enforcement agencies to help prevent crimes; in the case of the Internet, that means the ASIC can ask carriers to block their networks against fraudsters. However, technical ignorance on the part of the commission resulted in a high degree of over-blocking.

“Our experience using s313 to block websites indicates that it is a useful measure for disrupting investment frauds and warning Australian investors that the investment being offered are not legitimate. However, our use of s313 has also highlighted the risk that other websites may be inadvertently blocked in the process,” the regulator says in this submission to the parliamentary inquiry into the use of Section 313 notices.

“We were subsequently advised that the IP address hosted approximately 1090 websites, including that of the fraudulent financial services entity and that of the Melbourne Free University.”

How could this take place? Let's stick with the submission:

“Our internal review identified that … the ASIC teams requesting s313 blocks were not aware that a single IP address can host multiple websites”.

It gets better: “We also undertook a review of other s313 requests to ascertain whether other non-fraudulent websites had been blocked. This review alerted us to an IP address that hosted in excess of 250,000 websites. A further review indicated that in excess of 99.6% of these sites contained no substantive content. This blocking request was removed.” ®

Choosing a cloud hosting partner with confidence

Whitepapers

Seattle children’s accelerates Citrix login times by 500% with cross-tier insight
Seattle Children’s is a leading research hospital with a large and growing Citrix XenDesktop deployment. See how they used ExtraHop to accelerate launch times.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.