Feeds

Oz biz regulator discovers shared servers in EPIC FACEPALM

'Not aware' that one IP can hold more than one Website

Top 5 reasons to deploy VMware with Tegile

The Australian Securities and Investment Commission, which in 2013 accidentally blocked innocent Websites in an attempt to disrupt financial fraud, has told a government inquiry it didn't actually know what it was doing.

In using what are called “Section 313 notices” under the Act to shut down fraud sites, the financial regulator has said it didn't realise that IP addresses weren't a good mechanism because shared servers exist.

Section 313 of the telecommunications act obliges carriers to cooperate with law enforcement agencies to help prevent crimes; in the case of the Internet, that means the ASIC can ask carriers to block their networks against fraudsters. However, technical ignorance on the part of the commission resulted in a high degree of over-blocking.

“Our experience using s313 to block websites indicates that it is a useful measure for disrupting investment frauds and warning Australian investors that the investment being offered are not legitimate. However, our use of s313 has also highlighted the risk that other websites may be inadvertently blocked in the process,” the regulator says in this submission to the parliamentary inquiry into the use of Section 313 notices.

“We were subsequently advised that the IP address hosted approximately 1090 websites, including that of the fraudulent financial services entity and that of the Melbourne Free University.”

How could this take place? Let's stick with the submission:

“Our internal review identified that … the ASIC teams requesting s313 blocks were not aware that a single IP address can host multiple websites”.

It gets better: “We also undertook a review of other s313 requests to ascertain whether other non-fraudulent websites had been blocked. This review alerted us to an IP address that hosted in excess of 250,000 websites. A further review indicated that in excess of 99.6% of these sites contained no substantive content. This blocking request was removed.” ®

Beginner's guide to SSL certificates

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Simplify SSL certificate management across the enterprise
Simple steps to take control of SSL across the enterprise, and recommendations for a management platform for full visibility and single-point of control for these Certificates.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.