CONTENTS- Digital Economy Workshops under way
- IPv6 – Coming ready or not?
- SQL Injections on the rise
- Privacy reforms – an issue for the IIA?
- Forthcoming IIA Events
1. Digital Economy Workshops under way Following Government commitments to develop Australia’s digital economy including $4.7 billion investment in the National Broadband Network (NBN), and $1 billion in the Digital Education Revolution, a series of workshops with the industry have begun with the view to convening a Digital Economy forum on 10 September in Melbourne.
Why these talkfests?
According to its background paper it sees a need for a “strategic discussion†on how Australian businesses and innovators will build on its initiatives.
Also it wants to consider emerging issues and trends in the digital economy that affect, from its investment in the digital economy. This process will map out activities by all sectors in relation to these issues.
As a prelude to the big forum, it has engaged business and other stakeholders on the future of the digital economy via three workshops which will lead to a high level digital economy forum. The size of the workshops will be between 20 to 25.
The IIA’s six nominees to the workshops were accepted. Those nominees were:
- Mozelle Thompson, Facebook
- Rob Forsyth (Sophos)
- Mary Jane Salier (Verizon)
- Richard Bone (WAIA)
- Domenic Carosa (Chairman IIA)
- David Spence (Unwired)
These workshops will lead to a “directions paper for the digital economy†including an understanding of the role of relevant stakeholders to ensuring that “Australia maximises the benefits from the Australian Government’s digital economy initiativesâ€.
The discussions will complement research being undertaken by the Department of Broadband Communication and the Digital Economy (DBCDE) on the industry performance.
The three workshops covered separate themes, looking towards 2013,
- capabilities,
- confidence; and
- content.
Each workshop will:
- consider likely developments in the digital economy to the year 2013 and beyond under each theme;
- establish an aspiration for where Australia should be in 2013 taking into account the likely developments in the digital economy;
- identify three to five key issues that will impact on achieving that aspiration; and
- map existing and proposed activities of business, Government and other organisations which address these issues and identify any gaps.
Workshops were scheduled for Sydney 12 August; Brisbane, 15 August and Melbourne 22 August. Outcomes of each workshop will be considered by a subsequent forum to be chaired by the Minister for Broadband, Communications and the Digital Economy, Senator Stephen Conroy.
The next edition will report on impressions from these workshops. [back to contents]
2. IPv6 – Coming ready or not?
IPv4 addresses are 32 bits long. Theoretically this allows for 4,294.97 million unique combinations. But when we discount for unusable addresses such as those starting with 0 and 127, there are some 3.7 billion IP addresses available under the current Internet Protocol version 4 (IPv4). They have been in use over the last 25 years.
Based on current trends, we’ll run out of all addresses by the end of 2011 according to the daily IP4 Report
Fortunately a global move is under way to transition to Internet Protocol Version 6 (IPv6), offers an exponentially larger address space as well as other benefits such as improved management, security, quality of service and ease of configuration.
IPv6 was discussed at the recent OECD talks on the Future of the Internet Economy in Seoul earlier this year. Several countries including Japan and Korea have adopted aggressive IPv6 strategies. Locally the Australian Governmet Information Management Office (AGIMO) is leading a strategy for Federal Government agencies move to IPv6.
At the local industry level, the picture is not as clear. DBCDE has asked us to respond to five questions no later than 31 August 2008 –
- What do you believe is the current status of Australian networks’ IPv6 readiness:
- In Australia what are the major obstacles to IPv6 adoption? What are the major drivers?
- What is the general level of IPv6 awareness/planning/readiness among IIA’s membership?
- In Australia, do you believe market forces will facilitate a smooth transition to IPv6 in the in the commercial market place?
- What role do you identify for Government in the deployment of IPv6 in Australia?
A handy form has been included to assist. We have already sent emails to ISP members requesting their input. However if you think its also relevant to your organization please give us your thoughts.
http://tinyurl.com/iia-ipv6
Please complete the form right now. It’s quick and easy.
3. SQL Injections on the riseSQL Injections or SQLi- to cite their fancy acronym – continue to cause grief. It is an attack on a database-driven Web site where the attacker executes unauthorized SQL commands.
It works by exploiting insecure code on a system connected to the Internet. The SQL injection attacks can be used to steal information from a database, trash the database, suss out passwords or force a meta refresh so that the user is sent to another site without their knowledge.
An SQLi attack is profound because it accesses an organization's host computers through the computer that is hosting the database. Often the only solution is to take the website off-line and backup with a previously untainted database.
For members in the developer space, reports that your website has been brought down by SQLi is not good as it implies the website’s database application design was not checked properly for such invalid commands.
SQL injection vulnerabilities are low-hanging fruit. They represent a trade-off, between development deadlines, functional requirements, or even developer indifference.
They are not hard to test for. There is even a free Firefox plug-in . So the onus is on web development teams to identify and patch SQL injection flaws before attackers arrive.
According to security researcher MessageLabs , the number of SQL injection attacks spiked sharply last month, leading to a near doubling of the number of malicious Web sites it identified and blocked each day. This amounts to a record-high threat level, the security researcher said.
In Australia, the attacks still seem to attack otherwise authoritative sites such as local governments and large directory sites.
A common check involves running the Google query:
"script src=http://*/""ngg.js"|"js.js"|"b.js" site:gov.au
At the time of writing this brings up some 600 pages. Many of them are mainly local Government web sites. Broadening the query to .au domain suggests there are some 22,000 comprised pages being hosted locally.
If July was any indication, more SQL injection, cross-site scripting and other familiar attacks could be on the horizon.
The new ingredient that exacerbates these attacks is that have been automated using search engines to query for vulnerable Web pages.
According to an IBM Internet Security Systems Protection Alert most exploitation had been focused on ASP (primarily fueled by the Asprox botnet and Chinese sources). But more recent exploitation has turned to attacks specific to ColdFusion and MySQL from sources that appear to be mostly Russian. MySQL powers open source databases such as Joomla!
There is also an important user awareness angle that the IIA is working on. These botnets could not operate so effectively if the owners or users of the PC workstations were aware their systems had been hijacked.
4. Privacy reforms – an issue for the IIA?There has been recent discussion in the press about the recent Australian Law Reform Commission’s review of Privacy Laws, known as ALRC Report 108: For Your Information .
Its three volume 2700 page review offers some 300 recommendations of which its most publicised proposal is to create a statutory cause of action for a serious invasion of privacy .
It has been attacked by the mainstream media as potentially muzzling investigation and the Special Minister of State, John Faulkner, gave a lukewarm response to the proposal, saying a right to sue was "not a priority".
More significant for many members though is the report’s recommendation that small businesses no longer be exempt from the provision of the Privacy Act . Small business is defined as those with an annual turnover of $3 million or less. The main arguments for this move seem to be to harmonise the Privacy Act with those of similar jurisdictions in UK, Canada and NZ.
On the other hand, the inquiry’s report acknowledges that the Australian Government maintains its support for retaining the small business exemption strikes an appropriate balance between the risk of privacy breaches and over regulation of small businesses. “Removal of the exemption would be inconsistent with the Government’s commitment to workplace reform and cutting red tape.â€
Combing through the mammoth report for other issues for IIA members the most relevant concerns Chapter 11 which mainly deals with the Internet .
The IIA has worked closely with the Office of the Privacy Commissioner to ensure that the industry’s concerns are understood and that its members (including smaller and medium enterprise scale) regard privacy with due respect through its code activities, in particular.
Back in August 2001, IIA chief executive, Peter Coroneos issued the first draft Privacy Code for the Net in a proactive way to manage ill-informed privacy regulation.
The ALRC report’s chapter on the Internet comprises two main recommendations:
Recommendation 11–1 The Office of the Privacy Commissioner should develop and publish guidance that relates to generally available publications in an electronic format. This guidance should:
(a) apply whether or not the agency or organisation is required by law to make the personal information publicly available;
(b) set out the factors that agencies and organisations should consider before publishing personal information in an electronic format (for example, whether it is in the public interest to publish on a publicly accessible website personal information about an identified or reasonably identifiable individual); and
(c) clarify the application of the model Unified Privacy Principles to the collection of personal information from generally available publications for inclusion in a record or another generally available publication.
Recommendation 11–2 The Australian Government should ensure that federal legislative instruments establishing public registers containing personal information set out clearly any restrictions on the electronic publication of that information.
These seem benign in that they only recommend guidance and publication to be performed by the Office of the Privacy Commissioner and more broadly the Australian Government.
Elsewhere, the report comes close to making a determination that IP addresses are like mobile telephone numbers and should be treated as personal information for the purposes of the Privacy Act. In chapter 6 of its report at 6.60, it notes...
While stand alone telephone numbers, street addresses and IP addresses may not be personal information for the purposes of the Privacy Act, such information may become personal information in certain circumstances. The ALRC acknowledges that telephone numbers relate to telephones or other communications devices, IP addresses to computers, and street addresses to houses, rather than individuals, but notes that such information may come to be associated with a particular individual as information accretes around the number or address.
This may become clearer with recommendations relevant to this issue.
Recommendation 6–1 The Privacy Act should define ‘personal information’ as ‘information or an opinion, whether true or not, and whether recorded in a material form or not, about an identified or reasonably identifiable individual’ and;
Recommendation 6–2 The Office of the Privacy Commissioner should develop and publish guidance on the meaning of ‘identified or reasonably identifiable’.
This recommendation alone could assist in making it clear to third parties that ISPs are stewards of their customers’ records and personal information. They are not de facto gateways to IP enforcement – without appropriate judicial oversight. This is just our first comb through of this substantial report. Even if all the recommendations do not get up, its background research is indispensible to understatnding local and international privacy regulation trends. Let us know if you'd like more coverage of this report. More importantly what do you think of some of its recommendations? [back to contents]
5. Forthcoming IIA EventsClimate Change and the Internet
Baker & McKenzie and the Internet Industry Association of Australia invite you to a forum on climate change and the implications for the internet.
Purpose: This forum will brief the IT industry on the Commonwealth Green Paper and draw out opportunities and implications for the industry going forward.
Speakers:
* Martijn Wilder - Global Practice Leader, Climate Change Group, Baker & McKenzie explains the policy and issues.
* Anne Petterd - Senior Associate, ITC Group, Baker & McKenzie will discuss the impact on the IT industry in terms of contracting and conduct of business.
* Panel discussion of senior industry experts, including IIA’s Peter Coroneos
When: Tuesday 26 August 2008, 5:15pm for 5:30pm start concluding at 6:30pm followed by drinks and canapés
Where: Baker & McKenzie
Level 27, AMP Centre
50 Bridge Street, Sydney
Cost: This seminar is free of charge
RSVP: Over due but check first with Julia Williams on (02) 8922 5714 or julia.williams@bakernet.com
IIA AGM Gala Dinner – 12th February, 2009
Doltone House, Darling Habour, Sydney
This is the highlight of the internet year, with over 400 key industry attendees, unparalleled networking opportunities and IIA’s trademark edgy commentary and unique entertainment. A MUST in your social calendar, we recommend you diarise it now!
• Expressions of interest for sponsorship are now open contact emelia@iia.net.au
[back to contents]
|
