Stay smart online? You couldn't make this up.
In an outstanding example of data-loss stupidity, a DVD containing email addresses and encrypted passwords for Australia’s Stay Smart Online Alert service has gone astray in the mail during a handover between contractors. An e-mail sent to subscribers on 6 July and passed on to The Register by a reader states “the Department …
> You couldn't make this up.
Actually, it gets better. The government contractor that lost the DVD was our very own AusCERT.
It was Australia Post that lost the "package".
Australia post loses lots of stuff....
The all in brawling that results in trying to get the "lost materials" or improperly serviced packages - properly delivered and accounted for - via their well oiled "go fuck yourself" machine is outstanding as well.
"Dear paying customer.... Bullshit, bullshit, bullshit, Form 34B, responsibilities lie..., see our terms and conditions, Bullshit, bullshit, bullshit, Not happy, please resubmit written complaint in writing too.... Bullshit, bullshit, bullshit.
Blah, blah, blah, blah, blah, blah, blah, blah, - Bullshit, bullshit, bullshit, - blah, blah, blah, blah."
Which is surmised as "One of us fucked up the delivery, didn't get the goods signed for and the delivery signature wasn't sent to you, which is what you had paid for us to do, and because of this, the goods ($$$$$$) sat unaccounted for in a fucking depot for 4 months.... And noooooo we are not going to give you a refund for the services that we did not supply, which is what you actually paid for...."
Or more concisely put, "Go fuck yourself."
The convict bullshit artist mindset is alive and well in the colonies.
AusCERT should know better! Read expanded info ;-)
I'm pretty sure this is another case of AU Gov cost cutting at it's best!
Let us Aussies in InfoSec - now bow our heads in shame!
Especially if the blunder really did come from AusCERT.
Aussie Online safe practices!? definatley don't pracice what they should be preach'n! o.O
That DVD was an irrespondible privacy breech, sending it via Australia post.
Private systems information should have been hand delivered by a systems admin or team member i.e. special delivery and upon receipt; require a signature declaration document for the Data DVD, they could have also choosen to store the Data-Dvd info on a network ready for transfer with details for sFTP/SSL/VPN tunnel transfer to new appointed system owners. At least that would be encrypted and a safe transfer method.
Note how they state: there's no privacy breaching here!? as the passwords where hashed.
Many of us in this forum know it doesn't take much to rainbow table/brute those password hashes
Should that data fall into the wrong hands, or get leaked.
I'm sure if an interesting name was found on that Database list: like - say 'Senitor Steven Conroy' we'd see that one get special attention to bruteing and leaking; to prove a point that privacy & Infosec should be taken seriously.
I'm doubly sure if our very own telecommunications minister's accounts got pwn'd they'd soon start making privacy/Infosec etc. High on their agenda for funding a new policy amendmant ;-)
Australia isn't all that big and chances are the contractors are located in the same physical neighbourhood as the government offices. So why would you copy user data to a DVD and put it in the post? You couldn't arrange to meet somewhere for a posh lunch and hand it over? You are a multi-million dollar company but you spent every last penny and couldn't phone a courier? Now it just seems like you were smarter not sigining up.
I'd say the evolutionary end of the digital native will be the person who didn't sign up for Facebook, doesn't use their real name on Twitter and 100% does NOT sign up for anything called "Stay Smart"..
Australia is big. Really big . You may think its a long way down the road to the post office , but thats just peanuts to Australia!
Our tax dollars at work...
And those links... holy cripes do they not even read their own website?
I like the fact that you think "Australia isn't all that big" I guess its not if you think twice the size of the EU is also small (or about the size of Europe).
I wish I couldn't beleive this
But the attitude that 'it doesn't matter' pervades so many places and people get away with it.
What was written on the DVD label?
"Lady Gaga" ?
still not big
Look it's not like the Government buildings are situated on opposite galactic arms or that there's some incredibly dense, incredibly hot thing between the guy who has the data and the guy who wants the data. We're not talking about dog and pony operations here. Someone somewhere made the decision to mail - and promptly lose - all that data when they could have cosied up over drinks and nibbles somewhere posh and handed it over.
I had a quick look where both contractors are based. I accept that Australia is large but the contractors are actually relatively close together geographically which makes the actual size of Australia a moot point. Google Maps suggests 1700 - 1800 km between Melbourne (Ladoo) and Brisbane (AUSCert). That isn't so impossibly huge to imagine.20 hours if you like driving or 2 if you get a plane, $90 for an economy ticket.
Re: still not big
Better yet, encrypt it, private cloud it, done. Lazy admins don't even have to let their office chair get remotely chilly.
Re: "incredibly dense, incredibly hot thing"
Ahhh, the Paris Hilton angle.
I believe others far more advanced in topics like this have already commented..
..So I will just add:
The Lunatics (have taken over the Asylum)
It isn't explicitly stated, but I guess that's what the email was.
I suspect that the advice on the Stay Smart site only says 'Don't click on links in emails', instead of turn HTML read mode off (and send as HTML), because that would break all the 'Pretty Pictures tm'.
Campaign against HTML emails - tell people who send them - 'I can't read them'
...the data's likely to be secure, as the finder would be clueless as to what it was.