[LINK] Filter to cause World Wide Wait

Marghanita da Cruz marghanita at ramin.com.au
Thu Oct 30 15:30:22 EST 2008

Stephen Wilson wrote:
> There's an odd line about breaking open security that I don't understand 
> in this report ...
> Bernard Robertson-Dunn wrote:
>> Filter to cause World Wide Wait
>> Jennifer Dudley-Nicholson
>> October 30, 2008
>> The Australian
>> http://www.australianit.news.com.au/story/0,24897,24575125-15306,00.html
> <snip>
>> Electronic Frontiers Australia board member Colin Jacobs warned the web 
>> filter could also unwittingly make the internet unsafe for financial 
>> transactions by breaking the secure encryption used by banks online.
>> Five of the six web filters tested by the Australian Media and 
>> Communications Authority this year were able to filter websites using 
>> the secure protocol HTTPS, which would leave financial details exposed 
>> to the internet service provider in charge of operating the filter.
>> "If they sit in the middle and get between your web browser and the 
>> bank's server it really breaks open the security and leaves the details 
>> open to attack," he said.
> But the filter cannot break into the HTTPS stream without knowing the 
> session key.  That would require an extra arrangement for keys to be 
> relayed to the filter from the *server*.  Yikes!?  Not even the ISPs 
> would have these keys would they?
> What the ACMA report actually says is that "five of the six products are 
> capable of filtering HTTPS traffic" which to me sounds like they were 
> reading from a product spec, rather than reporting an actual test 
> result.  That is, the ACMA test didn't seem to actually run any filters 
> in a mode where they really filtered HTTPS content.
> Does anyone know of a set-up where filters are getting HTTPS keys from 
> somewhere?  Or is it just a cute theoretical capability in these 
> products' brochures, never actually put into practice?
it is a rumour...which I raised on link and kim responded to....
Marghanita da Cruz
Phone: (+61)0414 869202

More information about the Link mailing list