[LINK] Fwd: 'Conroy's filtering plan: security worries'

[Jan Whitaker]

>Liam Tung, 'Conroy's filtering plan: security 
>worries', ZDnet.com.au,  4 August 2008
><http://www.zdnet.com.au/news/communications/soa/BitTorrent-hole-in-ISP-filter-tests/0,130061791,339290888,00.htm>http://www.zdnet.com.au/news/communications/soa/BitTorrent-hole-in-ISP-filter-tests/0,130061791,339290888,00.htm
>
>Communications Minister Stephen Conroy has 
>welcomed "improvements" in ISP filtering 
>technologies, but will a broad-scale roll-out 
>make ISPs a thief's favourite target?
>
>The 
><http://www.zdnet.com.au/news/communications/soa/BitTorrent-hole-in-ISP-filter-tests/0,130061791,339290888,00.htm>great 
>success of the ISP filtering trial  was that 
>current technologies impose far less 
>interference on an ISP's network than similar 
>tests done five years ago. 
><<http://www.zdnet.com.au/news/communications/soa/BitTorrent-hole-in-ISP-filter-tests/0,130061791,339290888,00.htm>http://www.zdnet.com.au/news/communications/soa/BitTorrent-hole-in-ISP-filter-tests/0,130061791,339290888,00.htm>
>
>Improvements like this give the impression that 
>yes, the government has its collective head 
>around the challenge of making the internet a safe place.
>
>But after an interesting chat with Internode's 
>core networks and infrastructure group team 
>leader Mark Newton, I came to the conclusion 
>that any concerns about network degradation are 
>peanuts compared to security worries around what 
>could happen if the technology is implemented ­ 
>in particular to the protocol used to conduct 
>secure Web sessions with your bank or the tax office ­ HTTPS.
>
>Newton raised an interesting idea: for an ISP to 
>filter HTTPS sessions it would have to engage in 
>a 
><http://en.wikipedia.org/wiki/Man_in_the_middle>Man 
>in the Middle attack 
><http://en.wikipedia.org/wiki/Man_in_the_middle>, 
>  where the attacker intercepts and changes 
>information being transmitted between two parties.
>
>One of the key attributes the government was 
>looking for in the tested filtering technologies 
>was the ability to analyse content for smut so 
>that it can accurately filter information rather 
>than just block a bad source. While the filters 
>were unable to analyse content over peer-to-peer 
>networks, all the products were able to analyse 
>Web protocols HTTP and HTTPS. 
><http://www.zdnet.com.au/news/communications/soa/BitTorrent-hole-in-ISP-filter-tests/0,130061791,339290888,00.htm>(See 
>table) 
><http://www.zdnet.com.au/story_media/339290888/ACMA-Enex-ISP-filtering%20test.JPG> 
>
>
>So what happens when granular filtering is 
>applied to your transactions with a bank or the tax man?
>
>Normally HTTPS means that data streams pass 
>unfettered between your computer and the bank's 
>servers, but ISP filtering would see that data 
>unencrypted at the ISP, inspected, re-encrypted 
>and then forwarded on to you and the bank.
>
>Now, I don't use Dodo, Exetel or TPG, but these 
>ISPs don't seem to be able to afford call centre 
>staff, so can we rely on these ISPs to implement 
>whatever technology the government approves?
>
>And if the filtering products run on Windows 
>operating systems, what happens if and when 
>those systems become infected with a trojan or 
>virus that siphon information to cybercrims?
>
>Let's hope we find out a little more about the 
>security and privacy implications in the "live" 
>trials the government plans to run in the coming months.


Melbourne, Victoria, Australia
jwhit at janwhitaker.com
business: http://www.janwhitaker.com
personal: http://www.janwhitaker.com/personal/
blog: http://janwhitaker.com/jansblog/

"No Longer Anonymous, of Berwick"

Writing Lesson #54:
Learn to love revision. Think of it as polishing 
the silver for guests. - JW, May, 2007
_ __________________ _


-- 
No virus found in this outgoing message.
Checked by AVG. 
Version: 7.5.526 / Virus Database: 270.5.12/1596 - Release Date: 6/08/2008 4:55 PM