back to article Aussie cops grab journo for reporting Facebook vuln demo

A tech writer attending the AusCERT conference in Queensland says he has been arrested and released by Queensland Police over a story written at the conference. Ben Grubb, a journalist for the Fairfax stable of newspapers, flicked off a short Tweet after his arrest: "I've been arrested by Queensland Police for a story I wrote …

COMMENTS

This topic is closed for new posts.
  1. Cunningly Linguistic
    Joke

    Apparently I'm entitled to a title

    "Its media unit also said the iPad would be returned as soon as possible."

    Just as soon as they've finished Angry Birds...

  2. Christoph
    Black Helicopters

    Don't trust that iPad until it's been wiped and re-installed

    "the iPad would be returned as soon as possible"

    'As soon as possible' would be handing it straight back. How long does it take them to load the thing up with spyware?

    1. John G Imrie

      Not spyware

      It's al-Qaeda porn.

  3. Anonymous Coward
    FAIL

    Aussie Police

    Law unto themselves.

    Why did they seize the device? Why wasnt it given back to him immediately?

    The only plus point, I suppose, is that if had been the Met we would already be hearing tales about how he watched Kiddie Porn, beat his old mother and was actually an illegal immigrant after all....

  4. Anonymous Coward
    Anonymous Coward

    The arrest that wasn't.

    No, sure mate, that was a cautionary detainment, or something. Perhaps as a personal favour to a friend of a friend. The police have some 'splaining to do.

    Including why "as soon as possible" isn't "right bloody yesterday". Maybe they're finding out the hard way that photoshopping takes time. Anyhow.

    Apparently technology brings out the worst in supposedly enlightened democratic nation states and their mooks.

    1. Dave Murray

      Enlightened? No

      No supposedly enlightened democratic nation state was involved - this took place in Australia.

  5. doperative
    Alien

    protect against URL guessing

    > The vulnerability comes through the time-honoured practice of URL guessing .. he combined a Facebook friend ID with a brute-force-guess for the remainder of the URL to the photographs, in a process which Heinrich said meant testing 200,000 numerals and took around seven days ..

    The solution to this would be to generate a onetime hash and dynamically generate the URL path from this. The onetime hash being constructed from a master key generated at registration. The key being some kind of PKI digital signature thingy.

    I'm no expert, but even I can come up with a solution in the time it took to type this. Makes me wonder what they teach these security professionals in techie school. Facebook did ask the question 'how can this be hacked' before putting this feature up, didn't they ?

    1. Anonymous Coward
      Anonymous Coward

      Why so complicated?

      Simply disable hot linking...That way facebook images can only be viewed on facebook and external "attacks" should't be able to happen.

      1. Matt Bradley

        "Simply disable hot linking"

        Umm... HOW exactly? Its pretty trivial to fake a referrer header.

        No. What's needs is for the CND to verify the credentials of the user requesting the image and their rights to do so, by means of the facebook session token, porbably (as suggested above) a random one time session based hash.

        Disabling hotlinking is so trivially easy to bypass; it would be futile.

  6. EJ
    WTF?

    What's up with Australia?

    Seems like I keep hearing tale after tale of an overcontrolling, police state-like stance being taken down under. Next thing you'll tell me is they're adopting the Juche calendar.

    1. Anonymous Coward
      Joke

      Better?

      Shirley police state is one up from the Prison state they were.

      *runs*

    2. Anonymous Coward
      Unhappy

      Yeah, seconded

      I was thinking the same. When I was young stories I heard and people I met made it seem like some "salt of the earth" rough-neck cold-beer drinking no nonsense honest sun-kissed BBQ nation, with butch guys and hot gals, fed up of monarchs and with straight talking politicians. Now? It seems like its populated by right wing, technologically challenged, sexually repressed Daily Mail readers. What changed?

      1. Anonymous Coward
        Troll

        What changed?

        The ten pound poms showed up...

      2. Anonymous Coward
        Troll

        What changed?

        Nothing - the two arent mutually exclusive....

        That and all the decent Aussies fly across the globe to serve beer in pubs and work as physiotherapists. The ones left behind are barking mad.

      3. Reg Blank
        Flame

        Read ABC link provided within.

        The problem with this country is that most people are too busy working/drinking/masturbating/<any other random activity> to engage in civil/social affairs to notice/care that those with agendas are screwing with things. Seriously, we are fat and comfortable (literally and figuratively) and if it doesn't directly effect us we don't get outraged, and if it does effect us, we get impotently outraged.

        Former Labor finance minister Lindsay Tanner was on the ABC recently and talked about the destructive relationship between politicians and the media. Basically, politicians are too afraid to have a creative idea or voice an opinion for fear of being misquoted or taken out of context: http://www.abc.net.au/7.30/content/2011/s3202864.htm

        He is so right he is scary. The tragedy is that he could be talking about any Western democracy. When was the last time that there was a genuine, public debate about an issue that didn't degenerate into silly point scoring encouraged by a gleeful media fanning the flames by careful omission and distortion?

        We now have a culture of the media treating us like the lowest common denominator, basically, wowser halfwits (http://en.wikipedia.org/wiki/Wowser). The reality is that most people don't give a crap about the trivial nonsense blown out of proportion into a major scandal just so the media outlets can fill all those minutes of dead air with cheap, easy journalism by dimwitted hacks who would fail at any other profession. Real journalism that serves the public benefit requires actual research and analysis by people who have brains and competence and whose agenda is such outmoded concepts like journalistic integrity (in other words, the kinds of people who won't work at commercial news media tabloids any more). But this costs more, and media publishers want their 20% margins more than they want their integrity.

        WTF happened to the kinds of journalism that encouraged and supported an inquisitive, engaged population that involved themselves with the issues of governance and society? Did it ever exist? Newspapers are a dying irrelevance (empty, Press Release-rewording shells gutted by falling revenue and staff reductions), television is just micro-sound-bites and staged media "events" (and miracle diet/dodgy tradesmen wankfests), and the much (over?) hyped "new media" is a mish-mash of intermittently powerful (2009 Iranian protests), irrelevant (self-absorbed, egotistical onanism) and subjective, loaded opinion pieces dressed as "news".

        I, for one, am f**king angry about the situation, but I'm too lazy to do anything about it, preferring to leave the problem for someone else to deal with. I wish they would hurry up.

        1. Mark 65

          @Reg Blank

          I don't think you're too lazy, the problem is the structure of the country and the lack of oversight. Take the QLD plod for example. They act as a law unto themselves. There have been countless recent headlines over beatings in custody, deaths in custody, and criminal corruption. Underbelly certainly wasn't all overstated. What gets done about it? Fuck all. They are left to effectively investigate themselves - that'll end well. They are overseen by the State politicians who are their mates that put them in power and who are also a law unto themselves. I'm not quite sure who oversees the State. Then you have the Federal Government that just seems to want to bring in new taxes.

          Until there is proper, unconnected, unbiased oversight of the police and the politicians (don't even mention crime and misconduct commissions) with the power to prosecute nothing will change in this place.

          You could complain vociferously but you'd just get arrested, and then what recourse would you have? I'm not sure that the locals are lazy and disinterested but more resigned to the fact that unless they're prepared to go all out to the point of mass civil disorder fuck all will change around here.

    3. Anonymous Coward
      Grenade

      It's worse than you think

      Everytime I go home, I feel like I have entered a police state. Australia is no longer the country I grew up in. I wince these days when people ask my nationality - a sad thing.

      1. Someone Else Silver badge
        Unhappy

        @It's worse than you think

        Now you know what it's like to be an American!

        As we say around here sometimes: "Welcome to the NFL, kid!"

        (For those of you from out-of-town, NFL = National Football League; this greeting is usually given by an older pro who's just handed some young rookie in the league his ass.)

  7. Ross 7

    Not a hack?

    "The vulnerability comes through the time-honoured practice of URL guessing, often mislabelled as a "hack". In Heinrich's case, the challenge was to guess the URL that the CDN attaches to privacy-protected photos"

    Mis-labelled? It may not be terribly technical, but it's still a hack. Plenty of techniques require large scale educated guesses.

    It does seem rather poor for privacy to be reliant on (not so) hard to guess URLs. Once they're out, they're out. Even relying on a cookie would be better, although obviously there is a cost in CPU cycles with that, which equates to a $ cost that would inevitably reduce the value of Facebook through higher op costs.

    1. Tom 13

      Anybody who hasn't cottoned to the fact that

      Zuckerface is a pompous twit who stumbled upon The Giant's golden goose hasn't been paying attention. I use the service, but it is self-evident that it was not clearly thought through as an ongoing commercial enterprise or with regard to whether or not individual posters might some day recognize the value of the materials they post there.

  8. OffBeatMammal

    who owns the CDN

    so, is this a CDN Facebook owns, or are they relying on a 3rd party for heavy lifting?

    most of the mature CDNs have a bunch of security options in place but they all cost extra to deploy. a simple cookie with a time limited hash that gets checked at the edge before content is returned would be a start.

    heck, back in Aus I was using code like this - http://blog.offbeatmammal.com/post/2006/06/30/Using-ASPNET-to-restrict-access-to-images.aspx - to keep folks away from images they weren't allowed to see ,,, ironically it was for Big Brother in Australia ;)

    1. Reg Blank
      Badgers

      Akamai CDN services

      I believe that Facebook's content is hosted by Akamai.

      http://www.akamai.com/

      http://en.wikipedia.org/wiki/Akamai_Technologies

      1. XMAN

        Indeed

        Yes, that's right - they use Akamai.

  9. Anonymous Coward
    WTF?

    Remind me again...?

    What exactly was the point of WWII?

    It really seems like some Jackbooted Brownshirts slipped through the lines and took up residence in several otherwise-Western countries.

  10. FreeTard
    Paris Hilton

    what about disabled or deleted accounts?

    Would the data still be cached somewhere?

    Speaking as a deleted facebook user.

    I left it due to privacy concerns.

  11. Alan Brown Silver badge

    Aussie police....

    ... aren't _quite_ as corrupt as they used to be.

    Queensland and federal cops are notorious for being as bent as they get.

    Victoria and NSW police come in a close second.

  12. Anonymous Coward
    Paris Hilton

    Private Internet Pictures

    "Heinrich accessed privacy-protected photographs of the wife of HackLabs director Chris Gatford."

    What kind of photographs?

  13. Anonymous Coward
    Thumb Up

    I actually read the SMH article

    .. turns out he stole photos of the wife of another hacker - and it was widely known these two guys didn't get along.

    So.. there was more to this. The guy was being a bastard.

    1. borkbork
      WTF?

      so they shot the messenger instead

      I still don't see what Mr Grubb did wrong by reporting on it.

  14. veskebjorn

    More Napoleon than Mad Max

    Almost everything one needs to know about Australia's psyche can be found in two movies: "Napoleon" and the first "Mad Max". Much of Australia's history--since the Brits took the continent from the "aborigines"--is an attempt to justify the theft. The descendants of transported "criminals" and rapacious colonizers have found common ground in promoting a myth, that white Australians are tough, fiercely independent, and completely self-sufficient. In tn Wyoming, the U.S. state that was the center of "the Old West," Australian chest-pounders are regarded as poofters, It comes as no surprise to us Wyoming residents that most Australians have so little regard for individual freedom.

    1. Steven Roper

      Poofters in Wyoming

      Interesting that you use an Australian word to describe us. Mind you, I'm inclined to agree with you - most Australians are poofters that won't fight for their freedoms, even to the point of letting our government tax us for rainwater - something that even impoverished Bolivians wouldn't tolerate.

      To anyone thinking of coming here - don't. Visit China instead. The scenery's better and the government is much more freedom-oriented than here.

  15. bep

    Aussie

    People who only know Australia by reputation need to understand that the British didn't just send convicts to Australia, they also sent guards.

    Modern Australian society can be seen as a continuation of the tensions between a vaguely rebellious populace and a smaller group who seek to control and direct the populace. This isn't really a class thing, all the cops are working class, it's a matter of self-perception as much as anything else. The writer Tom Keneally reckons that colonial societies tend to reflect the culture of the mother country at the time they were first settled and Australia was first settled in the Georgian era, so Australian society if basically Georgian in character. It's an interesting idea, and it seems to fit the known facts.

    1. Reg Blank
      Pirate

      Feel free to not read if too long (see bottom for short version)...

      Tone is always difficult to convey in a written communication, so please take the following comment in the light-hearted and friendly manner it is intended.

      I think this is BS. This is just my opinion, and I still respect yours.

      Such origins are irrelevant to the psyche of modern Australia, and I would argue it has been since the middle of the 20th Century. I don't think it is a coincidence that this change coincides with the beginning of mass migration following WW2. Prior to WW2 there was an unspoken "Stain" (http://preview.tinyurl.com/3cepvzv) regarding Australia's "shameful" origins. With migration from southern/central/eastern Europe post-war, generations of Australians have been born who have no emotional or cultural connection to a convict colonial past and simply don't care about the transportation of British prisoners in the 19th Century beyond the fact they have to learn about it in school, and certainly not to the extent Americans still seem to care about the details of American Independence (just as an example).

      Much of this change in attitude I think can be put down to the paradigm shift in how transportation has been viewed. Pre-WW2, transportation was seen as a affront to the respectability of the Australian character, as if the nation was an uptight middle-class housewife embarrassed by the family's black sheep. A more modern attitude is that transportation was a British Establishment attempt to thin the under-classes of Britain by shifting the nation's undesirable elements elsewhere. These were classes of people who were considered irredeemable scum, not fit to be residents of Britain. Thieves, prostitutes and murderers.

      The basic logic error of this policy is exposed by a examination of colonial Australian society. If the view of the British Establishment was correct, then the Australian colonies should have been a Mad Max-like free-for-all of violence, crime and debauchery given the concentrations of criminals and the extreme distances from the influences and suppression of British authority and the small number of soldiers actually in place. That it wasn't exposes the great lie. That the vast majority of transported criminals lived normal, productive lives, including many former-convicts who became massively wealthy pastoralists, shows that the underclasses were more a result of a dysfunctional British society and a manifestly unfair and immoral class system. Once free of that system, in a place of more or less social equality with real opportunities for success, Britain's rejects showed that they could prosper and thrive.

      So having shown that there is no need to feel "shame" for our origins, that the sins of the father should not be visited on the son, I don't see why any of it has any bearing on modern Australia.

      Personally, I take no offence at the "convict" jokes sent our way, just as I hope that Poms don't take offence at being referred as "whinging" or "Poms", and New Zealanders don't take offence by well intentioned comments about "sheep bothering".

      * * * * * * * * * * *

      In response to other's comments, I see no signs that Australia is a "police state" and dismiss most comments as hyperbole. When I walk down an inner city street I don't feel like I'm under constant surveillance or threat (can our British or American friends say the same?) and nor do I feel apprehensive at the sight of approaching police officers and wondering how my innocent backside is going to get reamed by the dark forces of the shadow government.

      The Great Firewall isn't exactly a brilliant idea, is it? It is actually a pointless and ineffective placebo built by technically ignorant political opportunists. Less George Orwell, and more influence pandering (http://www.abc.net.au/religion/articles/2010/08/03/2971958.htm).

      One of two things happened in this story: 1) the Qld police over-reacted based on their ignorance or on misinformation being supplied to them, or 2) there is more to the story than what we are being told. Why would anyone assume corruption? Completely illogical!

      I can not remotely be described as "middle aged" yet, but I have found myself sounding more and more like those old farts beginning epic whinges with "In my day..." or "When I was young..." and following up with an observation about the utter stupidity/selfishness/greed/incompetence/cravenness/prosaicness of individuals, groups and entire strata of society.

      Just last week I was watching the news about the 2011 Federal budget. The news crew interviewed the typical "Aussie family" of two income couple and kids. I inwardly cringed at the triteness of the set up. Then the couple had the unmitigated f**king gall to complain that the federal budget did nothing for them. I went ballistic. This is the exact example of what is wrong with Australia right now. "What is in it for f**king me?" Never mind that there is a global recession, that the 2011 budget is forecast to be au$16 Billion in deficit (yeah it's bad, but minuscule compared to US au$1.5 Trillion and UK au$226 Billion) and spending is to be slashed. Mr & Mrs Middle-class is pissed because they aren't getting their normal quota of "voting incentives" in this budget!

      It's not criminal origins, inaccurate cultural images, police incompetence, or erosion of freedoms. It is a culture of comfortable ease, a view inwards to self, wants instead of needs, a fetish for more and bigger and newer and now, and political parties that enables the pathology.

      TL:DR? I have prematurely vinegary old man balls. They make me shake my head at today's young people (everyone not getting the OAP).

      Pirates! 'Coz we're a nation of freebooters. Arrr!

      1. Anonymous Coward
        Anonymous Coward

        @Vinegar Balls

        "Mr & Mrs Middle-class is pissed because they aren't getting their normal quota of "voting incentives" in this budget!"

        These are the people I always imagine as the target market when I see the front page of the Daily Mail. I suppose Australia has an equivalent and they're reading it.

  16. mhenriday
    Alert

    Where's the China angle ?

    Not a word in either Richard Chirgwin's article or the comments posted hitherto about the Chinese ultimately being responsible for this violation of human rights in a «Western» (pace, geography textbooks !) country! Are the Reg - and its readers - slipping ?...

    Henri

This topic is closed for new posts.

Other stories you might like