Australian state government ministers have accused journalists of hacking in order to get the low-down on transport plans in New South Wales. The Sydney Morning Herald has mounted a convincing defence against the seemingly tech-illiterate allegations that journalists at the paper attempted to access a restricted website 3,727 …
Explains a lot
Australian politicians' grip of the internet seems nicely summed up by this.
Oh, I can't wait to follow the progress on this case. Can I assume el reg will be there to report the details as they come to hand?
Saw it happen with an entire new website because some numpty decided to put it live under the page "newindex.html". Somewhere in all those pages at least one page had a duplicate name with the old system and links on their pointed to other pages in the new system, including of course "newindex.html". People were accidentally finding their way into the new website a week before the official launch becuase the web designers were idiots. In that case however nobody was stupid enough to call the police. They just bollocked the web designers.
It's surprising how many "web designers" still develop sites on the live server.
Can I suggest:
1) Develop the site on a local system ("hosts" is your friend here)
2) Test it
3) gzip the whole tree
4) FTP to server
5) Wait for zero hour (pick a quiet time - say 03:00)
6) Backup the old site
7) Zap the old site
8) Expand the gzip
9) Test it again and if you get problems then restore the old site from backup, rinse and repeat.
Then all you have to do is pacify everyone who tried to access the site at 03:01...
doing the swap at 3am only works if your site serves one timezone.
We used to move new releases (significant upgrades not just a page here and there) to identical boxes (we did pick a historically low traffic time and usually take a couple of boxes out of the load balancer, upgrade them and then call then "new") and point the load balancer at them, then reconfigure the old boxes with new content and add them back into the load balancer
Downtime: zero, risk of early release: zero
"It's surprising how many "web designers" still develop sites on the live server."
There's now't technically wrong with doing that, of course, provinding you've got a few braincells to rub together. It's because they used obscurity as security and left the development site unrestricted that they got caught with their knickers down.
There are several different ways you could fairly reliably lock down a site in development that's lurking on a live server. IP restriction and/or user authentication to name but two.
A well protected development site on a live server is no different to an admin control panel or similar - even if 'they' realise *something* is there, they have no way to get into it or see what it is.
1) Use a virtual server connected to the internet
2) Develop your site on a new virtual machine connected to the local net
3) When done, copy your new server image to the internet facing virtual host.
4) At zero hour <clickety clickety click> shutdown and disconnect the virtual interface on the old site and <clickety clickety click> connect up the new one.
Fail for all the web devs who continue to do things the stupid way.
Why am i not surprised?
Considering that the politicians in the New South Wales parliament (on both sides of the political divide) have less competence then a chimpanzee trying to play a Stradivarius (actually thats probably an insult to the chimpanzee - he at least might hit the right notes by accident once or twice) this does not surprise me in the slightest.
Bunch of illiterate, incompetent, corrupt imbeciles. Is there any chance we can sack them all and start over again?
What else could you expect...?
...from the state that gave Australia's history the Rum Corps and the Rum Rebellion?
hackers on steroids
These aren't your dad's hacks, this is the internet hate machine.
It's certainly at the level of l33t haxxoring
that your average /b/tard is in fact capable of
Accusations of hacking?
Was the server located in the US? If so, he could extradite the reporter without evidence and talk up how serious his actions are in the hope of getting a conviction in a more favorable, more Aussie hating, jurisdiction.
Or extradite him to the UK, BT managed to get a conviction when they stupidly published peoples credit card details in an open web folder. They fooled people into thinking ".." is a hack! Again, they are less likely to be sympathetic to a foreigner, have a belief in presumption of guilt, and are easily fooled by technical matters.
The possibilities in evidence free jurisdiction shopping are endless these days!
"...more Aussie hating...jurisdiction."?
I think they'll have to go a very long way indeed to find anyone that hates the Aussie's more than their own government at the minute.
Do they not have elections down there?
Yes, but they don't use them properly
Only seven changes of government since 1945. Christ, they kept John Howard in for 11 years and he's a certified retard.
Where's the Governor General...
... when you really need him?
odder and odder
Might I propose a new Register designation for Australia, namely "Outbackistan"?
I Sympathise With Aus Gov
I always draft out my secret plans by writing them on my garden fence, but the damn neighbours often read them. (Their dog pees on them as well but that's a separate issue.)
obscurity != security
Publishing confidential information on an internet-accessible web page with no access protection, and trusting to obscurity to keep it secure, is akin to posting confidential information on a bulletin board on a tree in a forest somewhere. If someone looks for it and finds it, you have no-one but yourself to blame...
..the Australian government striving to follow in the footsteps of that country across the Pacific and to the north? lovely. how long before these amazing ministers condemn the reading of story books as the satanic attempts to pick the locked vaults that are writers' minds of secure data? what a bunch of dorks.
if only these ministers would not wow us with their abilities as earning Darwin Awards...
no coat. mine's the horrid fleece flecked with cornflakes.
Security by obscurity at its finest. Either the people developing the web site slipped up when preparing the site, or the government department forgot to tell them the contents were embargoed.
Maybe somebody should tell the NSW government that you should not put anything on the web that you wouldn't put on a public noticeboard, or anything in an email you wouldn't write on a postcard.
Don't get me started about all those "private" photograph albums out there.
But the whole basis is wrong
Granted that this is a technical site and so the emphasis is on the poor understanding of certain politicians of IT matters (or of their advisers/civil servants); but if I understand correctly, NSW is a democratically run part of a supposed democracy. That is to say, the MPs and those among them chosen as ministers are accountable to the inhabitants, the people of that state and all actions are paid for and by and are on behalf of those people. So how can transport plans emanating from these MPs not be public? If the journalists are also of the people, the electorate, it is for the MPs to give a proper justification why the information was being kept secret in the first place.
Perhaps the UK government can send someone down under to educate the Aussie government about best practice in this field, and the optimal way to leave CDs and memory sticks on the train. It saves the hassle of paying someone to design all the web pages.
How many trains do you think there are in Horsetrailer?
You have to be kidding right? Anyone leaving a CD on a train there can just phone up the end of the line about three days later when the train arrives and ask them to find it for them.
Long way to fall asleep for though.
'Bunch of illiterate, incompetent, corrupt imbeciles.'
Another reason to love Australia. The last thing you want is to have a bunch of literate, competent, but corrupt criminals in charge (like us poor sods). I like the idea of a government that I can distract with a set of car keys (oooh... look at the shiny shiny!).
Case for the Defence
Lawyer - Would you explain to the Court how many levels of security and password access were needed to read the information.
Witness - Er, none
Lawyer - I rest my case, M'Lud
They put up the little animated gif of the "men at work" road sign and the scrolling text that says "under construction"
Last time the government researched the internet that was the standard for telling people to leave your site. How can they be expected to know that it went out of style almost 2 decades ago.
Following the recent court case, the "Men at Work" sign has been replaced by a "kookaburra in a gum tree" sign!
@odder and odder
"Outbackistan" hahahaha! Love it!
It's easy to laugh at Australians...
...but the UK government has a surprisingly large amount of stuff available online like this. Even Googling certain file types on certain domains will find a lot, and if Goolge can find it, World+Dog won't be far behind.
is OZ.gov and its IT are retards?
What a bunch of retards... since when following links is considered a HACK!
if that is a HACK then all interent users are HACKERS from now on.
what a bunch of mentally unstable retards that seem unable to secure directories considered "top-secret"... and how easy is to secure them!
Either OZ.gov has another bunch of cluess IT staff or all of them need considerable training to get up to speed with securing webservices matter that has been stablished more than 20 years ago.
Anyway top-secret docs shouldn't be available on the internent unless IT is managed by retards which seem to be the case for OZ.gov.
This sounds similar...
to the time when I was suspended for View Page Source. In a vote for a school dance king the form for voting used student's IDs for the form submitting. So I had all student's names and ID numbers. Not really much I could do with it though...
Can we call this...
Or would that be Buttle?
Morons in power etc!
Security by obscurity etc!
Wouldn't happen on a Mac etc!
Open source etc!
If I leave my house door open, it's still illegal for someone to come in and take my photos and publish them. So just because the "door" to the website was open, doesn't make it ok for the journos to wander in and copy the documents.
Still, I do believe in "open government", and can't see what the problem really is.
You can't compare a house, something designed to give a certain person or persons shelter and privacy, with a website, something designed specifically to facilitate the easy dissemination of data to a large audience.
A better analogy would be to imagine you had a car boot sale and you accidentally included something you didn't want to sell (or perhaps something your wife didn't want you to sell). Is someone committing a crime when they purchase that item from you?
That assumes web sites are private property
There is no law providing for the treatment of web sites as private property. Internet convention hints that if you give something a URL the purpose is for the Resource to be Locatable Universally. In the absence of a very strong indication to the contrary, we can treat this as someone accidentally leaving 1000 copies of their thesis under a sign saying "PLEASE TAKE ONE".
Mine's the one with the new underground metro in the pocket. After all, we know that the portion of the metro that will actually end up being built will fit into a coat pocket.
Sorry, it's worse than that, it's just plain incompetence
Worth googling on this matter.
-A company called Bang The Table was commissioned to build a super-secret transport website.
Or at least, it was supposed to be obscured till it's release later on.
-On a tipoff, a reporter casually peruses the website, and prints off pages.
-Long story short, transport minister David Campbell screwed up royally, accused the reporter of hacking the site, and claimed it was in fact a sustained two-day firewall attack on the server, and also claims he was told by BTT that "at no time was the website available to casual viewers".
-Turns out NSW Transport minister David Campbell was just littel bit wrong, and then made to eat his words:
-Turns out BTT screwed up, and did _exactly_ what their website claims to do:
Part of their business statement is: "Bang the table was established because no matter how well designed, current consultation processes inevitably only reach part of a community or stakeholder group. The internet provides an opportunity to give vastly more people access to information and to have their say"
Indeed. They *did* let vastly more people access to that information...
Here we have Bang The Table who can't build websites, and a Transport minister who either lied or believed BTT, instead blaming a reporter for "hacking" a website that was going to be released soon anyway.
We breed our politicians smart down here in Australia. Then we somehow manage to elect them, I'm so ashamed.
But spin is all the NSW government is good at
If they've lost the ability to do that then things really are bad. Time for NSW to be abolished, I say. Send in the troops and run it from Canberra.
Out of the frying pan...
...and into the fire!
And the Minister for IT (Idiot Tech-Know-Nothings)...
Preposterous, clicking on links to bring up pages. Should be a law against it, I say. It's really, really bad!
What's truly bad is that we have these F-wits running the country. Reminds me of the amazing lack of understanding by John Howard who stated when asked about a computer on every student's desk, "Oh, everybody loves computers". Well, duh!
- Leaked screenshots show next Windows kernel to be a perfect 10
- Amazon warming up 'cheapo web video' cannon to SINK Netflix
- Something for the Weekend, Sir? I need a password to BRAKE? What? No! STOP! Aaaargh!
- Episode 13 BOFH: WHERE did this 'fax-enabled' printer UPGRADE come from?
- Product round-up Coming clean: Ten cordless vacuum cleaners