[LINK] Super fund security breach lands good Samaritan inhotwater

Tom Koltai tomk at unwired.com.au
Wed Oct 19 17:11:40 AEDT 2011

> -----Original Message-----
> From: link-bounces at mailman.anu.edu.au 
> [mailto:link-bounces at mailman.anu.edu.au] On Behalf Of Darren Pauli
> Sent: Wednesday, 19 October 2011 1:12 PM
> To: privacy at lists.efa.org.au; link at anu.edu.au
> Subject: Re: [LINK] Super fund security breach lands good 
> Samaritan inhotwater
> Infosec people tell me legal threats for unauthorised vuln 
> disclosures are on the rise, though they can't name names 
> because of NDAs. They reckon some of the businesses had paid 
> researchers bug bounties but not before first the legal threat.
> Here's the letter sent from First State to Webster. 


I enjoyed that.
The Minter Letter is a sad indictment on how little Lawyers understand
the reality of computers.

Here is the undertaking from the above letter...

I, Patrick Webster, give the following undertakings:
(a) I will destroy and delete all data and records (whether on my
computer or otherwise) to
which I have gained unauthorised access;
(b) if I am again granted online access to the Member Section of the
Fund's website, I will
not access any further data or records other than information relating
to my account in
accordance with the terms and conditions upon which I have been granted
access; and
(c) at the request of the Trustee, allow the Trustee's IT personnel to
examine my computer
during business hours to verify that all data and records to which I
have gained
unauthorised access on my computer have been destroyed or deleted.

Signed: ...................................................
Dated: ....................................................

The insistence on examination is over the top, unnecessary and totally
useless.(As if any Geek would only have one computer and can you say USB
stick, NFS or Cloud/Dropbox ?)

And people like the writer of that clause are currently providing
oversight to our largest corporations (Telstra), drafting million dollar
contractual agreements, authoring draft legislation and convincing
judges that they are the wronged party...

I think we should mandate that all who would serve the law in any
capacity pertaining to computers or Telecommunications, must complete a
BSC before attempting to redefine the laws of physics (to suit his
honours understanding of the difference between RAM/SSD/HDU.)


More information about the Link mailing list