Aardvark Daily aardvark (ard'-vark) a controversial animal with a long probing nose used for sniffing out the facts and stimulating thought and discussion.

NZ's leading source of Net-Industry news and commentary since 1995
Australasia's "New Economy" News And Commentary Site
Headlines | XML feed | Contact | New Sites | Press Bin | Job Centre | News Search | For Sale
Note: This column represents the opinions of the writer and as such, is not represented as fact
Anti-Hacking Law A Godsend To Hackers? 2 October 2001 Edition
Previous Edition

Million $ Ideas
At last, the contents of Aardvark's "million-dollar ideas" notebook are revealed for all to see!
Click To See
When is a hack not a hack?

The recent court case Garrett vs Telecom showed that poking around in other people's computers without their permission can get you in big trouble.

But what constitutes "permission?"

The reason I'm posing this question is that yesterday I was alerted to what appears to be a major security flaw in the service operated by an NZ ISP.

When I checked -- it sure seems as if the hole is so big you could drive a truck through it. It would be quite possible for unauthorised people to gain access to some very important data.

Need Cutting-Edge Copy?
As NZ's longest-running online commentator, I'm looking for extra syndication opportunities for this daily publication -- or I'm happy to write casual or regular material specifically to order for print or Net-based publications. If you're interested, drop me a line

In accordance with my policy, I attempted to contact the ISP yesterday, but haven't yet received any reply, so I'm not divulging the identity of the company or details of how the intrusion can be performed.

The person who originally alerted me to this hole was clearly concerned that they could find themselves in real hot water if they actually poked around to see what was inside -- but could they?

I did have a look around -- just to try and determine whether there really was a problem.

At no time was I challenged to enter a password and no "skill" (other than being able to type and click a mouse) was required to access the data inside.

No special tools were used -- this stuff is all accessible using a regular web-browser and a straightforward URL.

So, would I be breaking the law to access this stuff?

Could it not be argued that if it wasn't meant to be publicly accessible then it wouldn't be published in a public place (the WWW).

Surely if it was the ISPs intention not to make this material available to anyone who browsed by then they'd at least have added some password protection right?

Readers Say
(updated hourly)
Nothing Yet
Have Your Say

Now let me make it clear -- the data available through this hole appears to include valid credit card details, passwords, and a raft of other stuff that you certainly don't want in the public domain.

As I mentioned -- I've tried to contact the ISP concerned and advised them that they might have a problem. However -- was this the wisest course of action?

At present, the risk associated with being honest and trying to help someone with a security problem is pretty low. I'm not using any of the information I might have come across and I immediately informed the owner.

This is a win-win. The ISP gets to patch up a problem, the people using the service avoid possibly having their credit-card details misappropriated if some malicious Net-user finds the same hole, and everyone's happy.

What happens after the Crimes Amendment Bill is passed though?

Yep.. that's right. I keep my mouth shut tight for fear of being prosecuted as a hacker.

Then some mean little snot (possibly from a foreign country where he's safe from our laws anyway) comes along, finds the same hole and steals a nice wad of credit card numbers and screws the ISP's service up badly.

Now someone tell me again how the CAB is supposed to reduce online crime?

Oh, and would the ISP who received a phone call from me at 5:30pm last night (left on your answering service) please contact me ASAP.

Save The Aardvark Fund
Yes, I have had several donations to the Aardvark fund and I thank those who put their money where their mouse is :-)

If guilt is gnawing away inside you then there's still time to donate.

Just drop by and hand over your loot.


Free News Syndicated From 7amNews.com
Add it to your own site
Net/Tech

MP3/Net-Music


Add Aardvark To Your Own Website!
Got a moment? Want a little extra fresh content for your own website or page?

Just add a couple of lines of JavaScript to your pages and you can get a free summary of Aardvark's daily commentary -- automatically updated each and every week-day.

Aardvark also makes a summary of this daily column available via XML using the RSS format. More details can be found here.

Contact me if you decide to use either of these feeds and have any problems.

Did you tell someone else about Aardvark today? If not then do it now!

There is/are 0 Vacancies Last added 2 July In The Job Centre

There are 14 Domain Names for sale

Latest
Security Alerts
Microsoft tightens software security (CNet - 16/08/2001t)

Code Red Worm A 'Runaway Success' (7amNews - 20/07/2001)

Solaris bug gives hackers free rein (ZDNet - 22/06/2001)

Microsoft Admits Another 'Serious Vunerability' In IIS 7amNews - 19/06/2001)

Latest
Virus Alerts
Tripple-threat Worm Strikes (Aardvark - 19/09/2001)

New worm spreading slowly (CNet - 4/09/2001)

Trojan horse breaks Windows PCs (ZDNet - 24/08/2001)

Bookmark This Page Now!

 

MORE NEWS
NZL Sites
IDG.Net.nz
NZ Netguide
NZ Herald Tech
PC World NZ
Scoop
NZ.Internet.com
NZOOM Technology

AUS Sites
Fairfax IT
Australian IT
AFR Tech
AUS Netguide
NineMSN Tech
APC Magazine

USA Sites
Wired.com
CNet
CNNfn Tech
TechWeb
Yahoo Tech
ZDNet Tech
USA Today Tech
7am.com SciTech

UK Sites
The Register
BBC SciTech

 

The Day's Top News
Open in New Window = open in new window
New Zealand

Open in New Window ECONZ down but not out
One of New Zealand's oldest IT firms has been forced to lay off 17 staff because potential customers are waiting for Telecom and Vodafone to launch their high-speed wireless data services...
IDG

Open in New Window NZ data lock-up
An "international secure data centre" could be set up in New Zealand to cash in on global security fears in the wake of the September 11 terrorist attacks in the United States...
Stuff

Other

Open in New Window FTC Shuts Down Thousands of Deceptive Web Sites
A U.S. court shut down thousands of Web sites after it determined that they diverted Web surfers and held them captive while bombarding them with ads for pornography and gambling, the U.S. government said on Monday...
Yahoo

Open in New Window Cybersquatting among the ruins
Before the second tower collapsed, the domain name land grab was already underway: From wtccollapse.com to nukeafghanistan.net...
Salon

Open in New Window IBM spinoff takes new server approach
As Big Blue's rivalry with Sun heats up at the high end, an IBM start-up begins selling a thin "blade" server with a less radical approach than that of its competitors...
CNet

Open in New Window Economy may make XP seem a frill
With purse strings tightened considerably, the president of the suburban Seattle high-tech company MicroConnex is willing to invest heavily in certain must-haves...
CNN

Open in New Window Another Thing to Fear: ID Theft
The fact that the FBI is struggling to conclusively identify the hijacker terrorists points out how serious the threat of ID theft may be...
Wired

Australia

Open in New Window Official websites easy targets for hackers: report
An audit of 10 Federal Government websites has found most contained serious security holes and were at risk from hackers...
Fairfax

Open in New Window Austar, Telstra seal restructure agreement on TelstraSaturn
Regional pay TV company Austar United Communications today announced it has reached agreement with Telstra relating to a restructure of a shareholders agreement for their joint venture known as TelstraSaturn...
Fairfax

Other

Open in New Window Experts demolish MS anti-Apache FUD
In response to Gartner's recommendation that businesses investigate alternatives to Microsoft's Internet Information Server, the Beast sent its sales staff a crib sheet...
The Register

Open in New Window Record labels 'fight' download plan
American record companies are to meet politicians to urge them to ditch a plan to put all download sites on an equal footing, reports say...
BBC

Open in New Window Nvidia sheds new light on graphics
The graphics chipmaker says the GeForce Titanium family will offer twice the performance for a given price than its previous chips. The chips also match high-end Radeon graphics chip recently introduced by Nvidia rival ATI Technologies...
ZDNet

Open in New Window Superfast Cell Phone Service in Japan
The world's first superfast cell phone service started Monday in Tokyo from top Japanese mobile carrier NTT DoCoMo, although without its biggest promised attractions - the relay of video clips and music downloads...
AP

Open in New Window E-Publishing Takes Double Blow
Contentville.com and Rightsworld.com shut down. Also: AMD's new 1.1 gigahertz microprocessor matches Intel's on speed and price...
Wired


Looking For More News or Information?

Google
Search WWW Search Aardvark
Try the Aardvark News Search page or look here.co.nz

Privacy Policy | Copyright © 2001, Bruce Simpson, free republication rights available on request

jet engine page