Feeds

Oz biz regulator discovers shared servers in EPIC FACEPALM

'Not aware' that one IP can hold more than one Website

Choosing a cloud hosting partner with confidence

The Australian Securities and Investment Commission, which in 2013 accidentally blocked innocent Websites in an attempt to disrupt financial fraud, has told a government inquiry it didn't actually know what it was doing.

In using what are called “Section 313 notices” under the Act to shut down fraud sites, the financial regulator has said it didn't realise that IP addresses weren't a good mechanism because shared servers exist.

Section 313 of the telecommunications act obliges carriers to cooperate with law enforcement agencies to help prevent crimes; in the case of the Internet, that means the ASIC can ask carriers to block their networks against fraudsters. However, technical ignorance on the part of the commission resulted in a high degree of over-blocking.

“Our experience using s313 to block websites indicates that it is a useful measure for disrupting investment frauds and warning Australian investors that the investment being offered are not legitimate. However, our use of s313 has also highlighted the risk that other websites may be inadvertently blocked in the process,” the regulator says in this submission to the parliamentary inquiry into the use of Section 313 notices.

“We were subsequently advised that the IP address hosted approximately 1090 websites, including that of the fraudulent financial services entity and that of the Melbourne Free University.”

How could this take place? Let's stick with the submission:

“Our internal review identified that … the ASIC teams requesting s313 blocks were not aware that a single IP address can host multiple websites”.

It gets better: “We also undertook a review of other s313 requests to ascertain whether other non-fraudulent websites had been blocked. This review alerted us to an IP address that hosted in excess of 250,000 websites. A further review indicated that in excess of 99.6% of these sites contained no substantive content. This blocking request was removed.” ®

Intelligent flash storage arrays

More from The Register

next story
WHY did Sunday Mirror stoop to slurping selfies for smut sting?
Tabloid splashes, MP resigns - but there's a BIG copyright issue here
Spies, avert eyes! Tim Berners-Lee demands a UK digital bill of rights
Lobbies tetchy MPs 'to end indiscriminate online surveillance'
How the FLAC do I tell MP3s from lossless audio?
Can you hear the difference? Can anyone?
Google hits back at 'Dear Rupert' over search dominance claims
Choc Factory sniffs: 'We're not pirate-lovers - also, you publish The Sun'
EU to accuse Ireland of giving Apple an overly peachy tax deal – report
Probe expected to say single-digit rate was unlawful
Inequality increasing? BOLLOCKS! You heard me: 'Screw the 1%'
There's morality and then there's economics ...
While you queued for an iPhone 6, Apple's Cook sold shares worth $35m
Right before the stock took a 3.8% dive amid bent and broken mobe drama
prev story

Whitepapers

A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.