Friday, 28 May 2010

Australian Internet Filtering - what we should be doing

There's so much spin and mis-information about the Internet Filtering debate in Australia, and unfortunately many of those debating the current issues don't understand what is being proposed and why it won't work.

Unfortunately one-size never fits all and even more so when it comes to Internet Filtering. The Internet presents us with many content and law-enforcement challenges, that require different solutions to solve - this is a fact that seems to escape the current Australian Government, with Stephen Conroy and Kevin Rudd wanting to plow ahead with a single, mandatory, ISP-based Internet filter.

What I've identified below are the problems that (some people think) we need to solve, why the currently proposed Conroy solution won't work, and what will work.


Why Conroy’s Solution Won’t Work

What Will Work

Children accidentally finding inappropriate content (porn)

Only the worst-of-the-worst pornography sites will be blocked by the filter

PC-based filtering. Government should pay the ISP $x per month, per client that has it installed – let the ISPs profit from it & it will get rolled out

Children deliberately finding inappropriate content (porn)

See above – under Conroy’s solution, children will still be able to browse porn sites

Voluntary ISP-based filtering that all ISPs must offer to their users. Funded by the Government, parents will be able to opt-in at no cost. Note: A determined, Internet-savy child, will still be able to bypass this, so an education campaign (for parents) is vital as well.

Child pornographers accessing child pornography

Child pornographers don’t visit normal websites to access and share material; they get it from peer-to-peer networks, private networks, or hacked websites. This material will not be able to be found or blocked by the Conroy filter.

Law enforcement. Undercover agents. Raids in the middle of the night. People smashing down doors.

People accessing refused-classification (RC) material

First of all – it isn’t illegal to create or to view RC material, you’ll only get in trouble from distributing it. But this material will only get classified as RC once its submitted to the classification board. The classification board doesn’t have enough reviewers to review the entire, dynamically changing Internet.

But the stuff they review and classify as RC will be blocked.

But bypassing the block will be as easy as buying a $50/year VPN connection to the United States, or visiting an anonymising site before you look at the RC material.

Nothing will work will well. The Conroy filter will be able to block RC material, but then all the provider of that material needs to do is change the content to to and the entire 3-month review cycle with the classification board will start again.

Of course, in the real world, RC material continues to get distributed anyway from friend-friend (i.e. peer-to-peer)

So my 3-step plan for cleaning-up the Internet in Australia is:

1. Net Alert: Continue to provide filtering software for people’s PCs. The Government pays the ISP enough to allow the ISP to make a profit & the ISP will then be incentivized to make people know about it.

2. Government funded ISP filters: ISPs will be required to implement them, but users can opt-in or opt-out to particular content.

3. Law enforcement: We’ll always need the police to bash down bad guy's doors

Friday, 21 May 2010

Auscert 2010 IBM USB Key Malware email message headers

Microsoft Mail Internet Headers Version 2.0
Received: from xxxxx ([xxxxx]) by xxxxx with Microsoft SMTPSVC(6.0.3790.4675);
Fri, 21 May 2010 16:31:28 +1000
Received: from xxxxx ([xxxxx]) by xxxxx with Microsoft SMTPSVC(6.0.3790.4675);
Fri, 21 May 2010 16:31:15 +1000
Received: from xxxxx (xxxxx [xxxxx])
by xxxxx (Postfix) with ESMTP id 9858F2120B2
for ; Fri, 21 May 2010 16:31:32 +1000 (EST)
Received: from ([])
by xxxxx with ESMTP; 21 May 2010 16:31:11 +1000
Received: from ( by
( with Microsoft SMTP Server (TLS) id 14.0.694.0; Fri, 21 May
2010 16:31:04 +1000
Received: from ([fe80::755b:17ce:21aa:a1e7]) by ([fe80::755b:17ce:21aa:a1e7%14]) with mapi; Fri, 21 May
2010 16:31:56 +1000
From: AusCERT
Subject: AusCERT Important Information - Malware on IBM USB
Thread-Topic: AusCERT Important Information - Malware on IBM USB
Thread-Index: Acr4rxjUKocJyYVwR1+gPZTcHpAWOg==
Importance: high
X-Priority: 1
Date: Fri, 21 May 2010 06:30:25 +0000
Accept-Language: en-AU, en-US
Content-Language: en-US
Content-Type: multipart/alternative;
MIME-Version: 1.0
X-OriginalArrivalTime: 21 May 2010 06:31:15.0495 (UTC) FILETIME=[36BF4370:01CAF8AF]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable


Auscert 2010 IBM USB Key Malware letter

Dear AusCERT Delegate

At the AusCERT conference this week, you may have collected a complimentary USB key from the IBM booth. Unfortunately we have discovered that some of these USB keys contained malware and we suspect that all USB keys may be affected.

The malware is detected by the majority of current Anti Virus products [as at 20/05/2010] and been known since 2008.

The malware is known by a number of names and is contained in the setup.exe and autorun.ini files. It is spread when the infected USB device is inserted into a Microsoft Windows workstation or server whereby the setup.exe and autorun.ini files run automatically.

Please do not use the USB key, and we ask that you return it to IBM at Reply Paid 120, PO Box 400, West Pennant Hills 2120.

If you have inserted the USB device into your Microsoft Windows machine, we suggest that you contact your IT administrator for assessment, remediation and removal, or you may want to take the precaution of performing the steps below.

Steps to remove the malware:

1. Turn off System Restore

[StartProgramsAccessoriesSystem toolsSystem Restore]

Turning off System Restore will enable your anti virus software to clean the virus from both your current system and any restore points that may have become infected.

2. Update your antivirus tool with the latest antivirus definitions

[available from your anti virus vendor of choice].

3. Perform a full system scan with your AV tool to confirm the existence of the infection. If malware is detected allow your AV to complete a clean.

4. On completion of this process, complete a second scan using a different anti virus product. Free anti virus products are available from known companies such as AVG, Avira, Panda Software, or Trend Micro.

5. Once a second scan has been performed and it is determined that your workstation is free of any known malware, as a precautionary measure we recommended that you perform a back up of all vital files on your workstation and perform a full re-installation of the operating system. This process will remove the risk of other unknown or undetected malware that may be present on your machine.

If you experience difficulties with the above steps, please contact the IBM Security Operations Team at An IBM technical support person will contact you by phone to assist you.

We regret any inconvenience that may have been caused.

Glenn Wightwick

Chief Technologist

IBM Australia

Recent Geocaching Logs

Stuff I"ve read lately