[LINK] Hacked filter reveals blacklist in 30 seconds

[Bernard Robertson-Dunn]

Hacked filter reveals blacklist in 30 seconds
By Brett Winterford
24 March 2009 03:56PM
http://www.itnews.com.au/News/99467,hacked-filter-reveals-blacklist-in-30-seconds.aspx

A 30-second hack of a NetAlert-approved family-friendly filter exposes a 
list of websites banned in Australia.

The vulnerability, leaked to iTnews over the weekend and verified by IT 
security consultants, is due to a flaw in the Integard internet 
filtering software developed by Brisbane's Race River Corporation.

A source claimed to iTnews that Integard can be reverse-engineered with 
a hex editor to reveal material the software is designed to keep secret.

iTnews asked three IT security specialists for their opinions.

They all refused to go on the record but they said the list of banned 
URLs is exposed in a process that takes about 30 seconds.

"Put it this way: it took longer to download Integard than to hack it," 
said a senior security researcher speaking on condition of anonymity.

iTnews has been asking Integard managing director John Hedges for 
comment since yesterday.

ISP's and content hosts in Australia are required by law to remove 
locally-hosted websites deemed by the Australian Communications and 
Media Authority to be illegal under Australian law.

Sites deemed illegal that are hosted overseas are added to a blacklist 
ACMA sends as regular updates to the manufacturers of client-based 
internet filters. 
<http://www.itnews.com.au/News/91359,netalert-filters-not-given-a-chance-webroot.aspx> 
These sites would potentially be blocked under the network-level 
mandatory ISP filtering scheme currently on trial. 
<http://www.itnews.com.au/News/97629,revealed-isps-detail-their-aussie-net-filter-trials.aspx>

-- 
 
Regards
brd

Bernard Robertson-Dunn
Canberra Australia
brd at iimetro.com.au