Mad Aus gov accuses Sydney hacks of hacking Australian state government ministers have accused journalists of hacking in order to get the low-down on transport plans in New South Wales. The Sydney Morning Herald has mounted a convincing defence against the seemingly tech-illiterate allegations that journalists at the paper attempted to access a restricted website 3,727 …
Saw it happen with an entire new website because some numpty decided to put it live under the page "newindex.html". Somewhere in all those pages at least one page had a duplicate name with the old system and links on their pointed to other pages in the new system, including of course "newindex.html". People were accidentally finding their way into the new website a week before the official launch becuase the web designers were idiots. In that case however nobody was stupid enough to call the police. They just bollocked the web designers.
It's surprising how many "web designers" still develop sites on the live server.
Can I suggest:
1) Develop the site on a local system ("hosts" is your friend here)
2) Test it
3) gzip the whole tree
4) FTP to server
5) Wait for zero hour (pick a quiet time - say 03:00)
6) Backup the old site
7) Zap the old site
8) Expand the gzip
9) Test it again and if you get problems then restore the old site from backup, rinse and repeat.
Then all you have to do is pacify everyone who tried to access the site at 03:01...
doing the swap at 3am only works if your site serves one timezone.
We used to move new releases (significant upgrades not just a page here and there) to identical boxes (we did pick a historically low traffic time and usually take a couple of boxes out of the load balancer, upgrade them and then call then "new") and point the load balancer at them, then reconfigure the old boxes with new content and add them back into the load balancer
Downtime: zero, risk of early release: zero
"It's surprising how many "web designers" still develop sites on the live server."
There's now't technically wrong with doing that, of course, provinding you've got a few braincells to rub together. It's because they used obscurity as security and left the development site unrestricted that they got caught with their knickers down.
There are several different ways you could fairly reliably lock down a site in development that's lurking on a live server. IP restriction and/or user authentication to name but two.
A well protected development site on a live server is no different to an admin control panel or similar - even if 'they' realise *something* is there, they have no way to get into it or see what it is.
1) Use a virtual server connected to the internet
2) Develop your site on a new virtual machine connected to the local net
3) When done, copy your new server image to the internet facing virtual host.
4) At zero hour <clickety clickety click> shutdown and disconnect the virtual interface on the old site and <clickety clickety click> connect up the new one.
Fail for all the web devs who continue to do things the stupid way.
Considering that the politicians in the New South Wales parliament (on both sides of the political divide) have less competence then a chimpanzee trying to play a Stradivarius (actually thats probably an insult to the chimpanzee - he at least might hit the right notes by accident once or twice) this does not surprise me in the slightest.
Bunch of illiterate, incompetent, corrupt imbeciles. Is there any chance we can sack them all and start over again?
Was the server located in the US? If so, he could extradite the reporter without evidence and talk up how serious his actions are in the hope of getting a conviction in a more favorable, more Aussie hating, jurisdiction.
Or extradite him to the UK, BT managed to get a conviction when they stupidly published peoples credit card details in an open web folder. They fooled people into thinking ".." is a hack! Again, they are less likely to be sympathetic to a foreigner, have a belief in presumption of guilt, and are easily fooled by technical matters.
The possibilities in evidence free jurisdiction shopping are endless these days!
Publishing confidential information on an internet-accessible web page with no access protection, and trusting to obscurity to keep it secure, is akin to posting confidential information on a bulletin board on a tree in a forest somewhere. If someone looks for it and finds it, you have no-one but yourself to blame...
..the Australian government striving to follow in the footsteps of that country across the Pacific and to the north? lovely. how long before these amazing ministers condemn the reading of story books as the satanic attempts to pick the locked vaults that are writers' minds of secure data? what a bunch of dorks.
if only these ministers would not wow us with their abilities as earning Darwin Awards...
no coat. mine's the horrid fleece flecked with cornflakes.
Security by obscurity at its finest. Either the people developing the web site slipped up when preparing the site, or the government department forgot to tell them the contents were embargoed.
Maybe somebody should tell the NSW government that you should not put anything on the web that you wouldn't put on a public noticeboard, or anything in an email you wouldn't write on a postcard.
Don't get me started about all those "private" photograph albums out there.
Granted that this is a technical site and so the emphasis is on the poor understanding of certain politicians of IT matters (or of their advisers/civil servants); but if I understand correctly, NSW is a democratically run part of a supposed democracy. That is to say, the MPs and those among them chosen as ministers are accountable to the inhabitants, the people of that state and all actions are paid for and by and are on behalf of those people. So how can transport plans emanating from these MPs not be public? If the journalists are also of the people, the electorate, it is for the MPs to give a proper justification why the information was being kept secret in the first place.
Another reason to love Australia. The last thing you want is to have a bunch of literate, competent, but corrupt criminals in charge (like us poor sods). I like the idea of a government that I can distract with a set of car keys (oooh... look at the shiny shiny!).
They put up the little animated gif of the "men at work" road sign and the scrolling text that says "under construction"
Last time the government researched the internet that was the standard for telling people to leave your site. How can they be expected to know that it went out of style almost 2 decades ago.
What a bunch of retards... since when following links is considered a HACK!
if that is a HACK then all interent users are HACKERS from now on.
what a bunch of mentally unstable retards that seem unable to secure directories considered "top-secret"... and how easy is to secure them!
Either OZ.gov has another bunch of cluess IT staff or all of them need considerable training to get up to speed with securing webservices matter that has been stablished more than 20 years ago.
Anyway top-secret docs shouldn't be available on the internent unless IT is managed by retards which seem to be the case for OZ.gov.
If I leave my house door open, it's still illegal for someone to come in and take my photos and publish them. So just because the "door" to the website was open, doesn't make it ok for the journos to wander in and copy the documents.
Still, I do believe in "open government", and can't see what the problem really is.
You can't compare a house, something designed to give a certain person or persons shelter and privacy, with a website, something designed specifically to facilitate the easy dissemination of data to a large audience.
A better analogy would be to imagine you had a car boot sale and you accidentally included something you didn't want to sell (or perhaps something your wife didn't want you to sell). Is someone committing a crime when they purchase that item from you?
There is no law providing for the treatment of web sites as private property. Internet convention hints that if you give something a URL the purpose is for the Resource to be Locatable Universally. In the absence of a very strong indication to the contrary, we can treat this as someone accidentally leaving 1000 copies of their thesis under a sign saying "PLEASE TAKE ONE".
Mine's the one with the new underground metro in the pocket. After all, we know that the portion of the metro that will actually end up being built will fit into a coat pocket.
Worth googling on this matter.
-A company called Bang The Table was commissioned to build a super-secret transport website.
Or at least, it was supposed to be obscured till it's release later on.
-On a tipoff, a reporter casually peruses the website, and prints off pages.
-Long story short, transport minister David Campbell screwed up royally, accused the reporter of hacking the site, and claimed it was in fact a sustained two-day firewall attack on the server, and also claims he was told by BTT that "at no time was the website available to casual viewers".
-Turns out NSW Transport minister David Campbell was just littel bit wrong, and then made to eat his words:
<http://www.smh.com.au/national/im-sorry-ministers-mea-culpa-20100224-p3ls.html>
-Turns out BTT screwed up, and did _exactly_ what their website claims to do:
<http://corporate.bangthetable.com/>
Part of their business statement is: "Bang the table was established because no matter how well designed, current consultation processes inevitably only reach part of a community or stakeholder group. The internet provides an opportunity to give vastly more people access to information and to have their say"
Indeed. They *did* let vastly more people access to that information...
Here we have Bang The Table who can't build websites, and a Transport minister who either lied or believed BTT, instead blaming a reporter for "hacking" a website that was going to be released soon anyway.
Preposterous, clicking on links to bring up pages. Should be a law against it, I say. It's really, really bad!
What's truly bad is that we have these F-wits running the country. Reminds me of the amazing lack of understanding by John Howard who stated when asked about a computer on every student's desk, "Oh, everybody loves computers". Well, duh!
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
