Forwarded from: Grant Bayley <gbayleyat_private> On Wed, 5 Sep 2001, InfoSec News wrote: > http://www.smh.com.au/news/0109/05/national/national7.html > > By Geesche Jacobsen > September 5, 2001 [snip] > But Mr Kelly said his son was merely trying to protect his computer > from hacking. [snip] > There was little information to show if any of the other programs > had been used, it said. > > Mr Kelly admitted yesterday that one of his sons had accessed the > computer and loaded the software on July 20 from 9.33pm until > 11.32pm, when the LANguard software was apparently being run on > more than 250 computers in Parliament. > > The report said the software could be used "aggressively" and > appeared to have been used to scan various Internet addressees on > the computer networks. It could also be used to identify security > weaknesses, including weak passwords. > > But Mr Kelly said the software was used - without his knowledge or > authorisation - because his son suspected the computer was > insecure. "The purpose was to check the security of the system to > make sure my computer was hackerproof," he said. Note to Australian Commonwealth Attorney-General Daryl Williams: This is a perfect example of the dual-use technology that a number of submissions referred to in a recent Senate Inquiry. It is this "dual use" technology you wish to outlaw in the "Cybercrime Bill, 2001" (478.3, specifically). System administrators routinely rely on such technologies day-to-day to probe their own networks for vulnerabilities. Children of Members of Parliament apparently used the same technology to confirm the poorly designed network topology and file sharing policies on the NSW Parliamentary network (see above). And persons with criminal intent might also use the same technologies in the commission of a crime. But of course, the intent of the person must be proven before they are charged with an offence under 478.3. Or must it? If the Explanatory Memoranda circulated by Justice Minister Ellison is anything to go by (these are typically used by Courts as an aid to interpretation), it might not: "There will be many occasions where that intention will be evident from the content of the data." For this reason and a long list of others that the Senate Inquiry heard (and chose to ignore), the Cybercrime Bill 2001 is overbroad, misguided, and largely ignores the benefits of a preventative approach to computer security incidents in Australia. At present, no such preventative strategy exists. Grant Bayley ------------------------------------------------------- Grant Bayley gbayleyat_private -Admin @ AusMac Archive, Wiretapped.net, 2600 Australia www.ausmac.net www.wiretapped.net www.2600.org.au ------------------------------------------------------- - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu Sep 06 2001 - 01:18:57 PDT