Feeds

Oz biz regulator discovers shared servers in EPIC FACEPALM

'Not aware' that one IP can hold more than one Website

Secure remote control for conventional and virtual desktops

The Australian Securities and Investment Commission, which in 2013 accidentally blocked innocent Websites in an attempt to disrupt financial fraud, has told a government inquiry it didn't actually know what it was doing.

In using what are called “Section 313 notices” under the Act to shut down fraud sites, the financial regulator has said it didn't realise that IP addresses weren't a good mechanism because shared servers exist.

Section 313 of the telecommunications act obliges carriers to cooperate with law enforcement agencies to help prevent crimes; in the case of the Internet, that means the ASIC can ask carriers to block their networks against fraudsters. However, technical ignorance on the part of the commission resulted in a high degree of over-blocking.

“Our experience using s313 to block websites indicates that it is a useful measure for disrupting investment frauds and warning Australian investors that the investment being offered are not legitimate. However, our use of s313 has also highlighted the risk that other websites may be inadvertently blocked in the process,” the regulator says in this submission to the parliamentary inquiry into the use of Section 313 notices.

“We were subsequently advised that the IP address hosted approximately 1090 websites, including that of the fraudulent financial services entity and that of the Melbourne Free University.”

How could this take place? Let's stick with the submission:

“Our internal review identified that … the ASIC teams requesting s313 blocks were not aware that a single IP address can host multiple websites”.

It gets better: “We also undertook a review of other s313 requests to ascertain whether other non-fraudulent websites had been blocked. This review alerted us to an IP address that hosted in excess of 250,000 websites. A further review indicated that in excess of 99.6% of these sites contained no substantive content. This blocking request was removed.” ®

Internet Security Threat Report 2014

More from The Register

next story
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
Driving with an Apple Watch could land you with a £100 FINE
Bad news for tech-addicted fanbois behind the wheel
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Radio hams can encrypt, in emergencies, says Ofcom
Consultation promises new spectrum and hints at relaxed licence conditions
Special pleading against mass surveillance won't help anyone
Protecting journalists alone won't protect their sources
Big Content Australia just blew a big hole in its credibility
AHEDA's research on average content prices did not expose methodology, so appears less than rigourous
Vodafone to buy 140 Phones 4u stores from stricken retailer
887 jobs 'preserved' in the process, says administrator PwC
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.