back to article Aus cyber-safety unit loses punters' info in the post

In an outstanding example of data-loss stupidity, a DVD containing email addresses and encrypted passwords for Australia’s Stay Smart Online Alert service has gone astray in the mail during a handover between contractors. An email sent to subscribers on 6 July and passed on to The Register by a reader states “the Department …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    FAIL

    Stay smart online? You couldn't make this up.

    1. flibbertigibbet
      Devil

      > You couldn't make this up.

      Actually, it gets better. The government contractor that lost the DVD was our very own AusCERT.

      1. Anonymous Coward
        Mushroom

        It was Australia Post that lost the "package".

        Australia post loses lots of stuff....

        The all in brawling that results in trying to get the "lost materials" or improperly serviced packages - properly delivered and accounted for - via their well oiled "go fuck yourself" machine is outstanding as well.

        "Dear paying customer.... Bullshit, bullshit, bullshit, Form 34B, responsibilities lie..., see our terms and conditions, Bullshit, bullshit, bullshit, Not happy, please resubmit written complaint in writing too.... Bullshit, bullshit, bullshit.

        Blah, blah, blah, blah, blah, blah, blah, blah, - Bullshit, bullshit, bullshit, - blah, blah, blah, blah."

        Which is surmised as "One of us fucked up the delivery, didn't get the goods signed for and the delivery signature wasn't sent to you, which is what you had paid for us to do, and because of this, the goods ($$$$$$) sat unaccounted for in a fucking depot for 4 months.... And noooooo we are not going to give you a refund for the services that we did not supply, which is what you actually paid for...."

        Or more concisely put, "Go fuck yourself."

        The convict bullshit artist mindset is alive and well in the colonies.

        Australia Post....

      2. qt101
        Facepalm

        AusCERT should know better! Read expanded info ;-)

        Ikr. ;-/

        I'm pretty sure this is another case of AU Gov cost cutting at it's best!

        Let us Aussies in InfoSec - now bow our heads in shame!

        Especially if the blunder really did come from AusCERT.

        Aussie Online safe practices!? definatley don't pracice what they should be preach'n! o.O

        That DVD was an irrespondible privacy breech, sending it via Australia post.

        Private systems information should have been hand delivered by a systems admin or team member i.e. special delivery and upon receipt; require a signature declaration document for the Data DVD, they could have also choosen to store the Data-Dvd info on a network ready for transfer with details for sFTP/SSL/VPN tunnel transfer to new appointed system owners. At least that would be encrypted and a safe transfer method.

        Note how they state: there's no privacy breaching here!? as the passwords where hashed.

        Many of us in this forum know it doesn't take much to rainbow table/brute those password hashes

        Should that data fall into the wrong hands, or get leaked.

        I'm sure if an interesting name was found on that Database list: like - say 'Senitor Steven Conroy' we'd see that one get special attention to bruteing and leaking; to prove a point that privacy & Infosec should be taken seriously.

        I'm doubly sure if our very own telecommunications minister's accounts got pwn'd they'd soon start making privacy/Infosec etc. High on their agenda for funding a new policy amendmant ;-)

  2. lukewarmdog

    wozzer

    Australia isn't all that big and chances are the contractors are located in the same physical neighbourhood as the government offices. So why would you copy user data to a DVD and put it in the post? You couldn't arrange to meet somewhere for a posh lunch and hand it over? You are a multi-million dollar company but you spent every last penny and couldn't phone a courier? Now it just seems like you were smarter not sigining up.

    I'd say the evolutionary end of the digital native will be the person who didn't sign up for Facebook, doesn't use their real name on Twitter and 100% does NOT sign up for anything called "Stay Smart"..

    1. mark 63 Silver badge
      Joke

      Re: big

      Australia is big. Really big . You may think its a long way down the road to the post office , but thats just peanuts to Australia!

  3. tkioz
    FAIL

    Our tax dollars at work...

    And those links... holy cripes do they not even read their own website?

  4. Anonymous Coward
    Facepalm

    @lukewarmdog

    I like the fact that you think "Australia isn't all that big" I guess its not if you think twice the size of the EU is also small (or about the size of Europe).

  5. Trollslayer
    Flame

    I wish I couldn't beleive this

    But the attitude that 'it doesn't matter' pervades so many places and people get away with it.

  6. Anonymous Coward
    Anonymous Coward

    What was written on the DVD label?

    "Lady Gaga" ?

  7. lukewarmdog
    Childcatcher

    still not big

    Look it's not like the Government buildings are situated on opposite galactic arms or that there's some incredibly dense, incredibly hot thing between the guy who has the data and the guy who wants the data. We're not talking about dog and pony operations here. Someone somewhere made the decision to mail - and promptly lose - all that data when they could have cosied up over drinks and nibbles somewhere posh and handed it over.

    I had a quick look where both contractors are based. I accept that Australia is large but the contractors are actually relatively close together geographically which makes the actual size of Australia a moot point. Google Maps suggests 1700 - 1800 km between Melbourne (Ladoo) and Brisbane (AUSCert). That isn't so impossibly huge to imagine.20 hours if you like driving or 2 if you get a plane, $90 for an economy ticket.

    1. Rob
      Go

      Re: still not big

      Better yet, encrypt it, private cloud it, done. Lazy admins don't even have to let their office chair get remotely chilly.

    2. Anonymous Coward
      Anonymous Coward

      Re: "incredibly dense, incredibly hot thing"

      Ahhh, the Paris Hilton angle.

  8. Bradley Hardleigh-Hadderchance
    Go

    I believe others far more advanced in topics like this have already commented..

    ..So I will just add:

    http://www.youtube.com/watch?v=WRNYqsMIbg0

    The Lunatics (have taken over the Asylum)

    Ah ahhh.

  9. Anonymous Coward
    Anonymous Coward

    HTML email

    It isn't explicitly stated, but I guess that's what the email was.

    I suspect that the advice on the Stay Smart site only says 'Don't click on links in emails', instead of turn HTML read mode off (and send as HTML), because that would break all the 'Pretty Pictures tm'.

    Campaign against HTML emails - tell people who send them - 'I can't read them'

  10. Graham Wilson
    Stop

    Being Australia...

    ...the data's likely to be secure, as the finder would be clueless as to what it was.

This topic is closed for new posts.

Other stories you might like