Australian Government Loses DVD With Personal Info Of Everyone In Its 'Stay Smart Online' Program
from the stay-smart-online-by-not-giving-your-info-to-the-gov't dept
Slashdot points us to a bit of irony, in which it appears the Australian government ended up exposing the personal info of a bunch of citizens who had signed up for "stay smart online" alerts. Apparently, one way to stay smart online is to not sign up for "stay smart online" alerts from the Australian government. The issue was that a contractor who was running the program, AusCERT, had put all of the info -- including "usernames, email addresses, memorable phrases (used as password reminders) and cryptographically hashed passwords" -- onto a DVD and mailed it to another contractor who was taking over the program. And... it got lost in the mail. At least the passwords were hashed. But, you'd expect to be a bit safer than that when giving your information to the government for a "stay smart online" program...
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: australia, password hash, security
Companies: auscert
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
Re:
Though seriously, it was AusCERT. If it was some random for profit government contractor, I'd expect this level of carelessness. These guys are supposed to be pros.
[ link to this | view in chronology ]
The government.
To be smart. About the internet.
:|
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
If you want to smart and safe online, don't trust the government.
[ link to this | view in chronology ]
Re:
If you want to stay safe anywhere, don't trust the government.
FTFY
[ link to this | view in chronology ]
Re: Re:
FTFY
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Working as intended
Don't give out personal information unless you absolutely have to, and even then do so as little as possible.
A person who would provide anyone with "usernames, email addresses, memorable phrases (used as password reminders) and cryptographically hashed passwords" has already proven that they've failed Online Safety 101. The ones who passed were the people smart enough to not hand over the info.
[ link to this | view in chronology ]
Re: Working as intended
Erm, given that you have an account here, haven't you already handed that information to Techdirt? There's nothing to suggest that the details lost were for anything other than the agency's own service...
[ link to this | view in chronology ]
Re: Re: Working as intended
As far as what was lost, the post doesn't go into details, so you could be right, and it could just be the info to go with that particular service, which would be kinda funny, as a service designed to show people proper online safety botches their own lesson, but not too bad overall.
[ link to this | view in chronology ]
Re: Re: Re: Working as intended
In terms of actual damage, there's probably not a lot of real risk unless the people involved have been using the same passwords for everything, use the same reminder questions for everything and answer any spam email they get as though it's real. Time to find out if they learned anything I suppose...
[ link to this | view in chronology ]
From Their Website...
They forgot to add "Because we won't".
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Try consulting a professional before doing such things...
And Who in the world contain those data in a DVD? It's better to extract those from the net to it's intended destination.
Wait a moment... You guys Hate cloud-networking since it's a good source for those piracy thingies... so you go old school on high capacity PHYSICAL storage medium.
Now, you end up loosing such valuable data that anyone who got them will have a field day hacking those accounts to hell...
Nice job, and sorry for the term, c@\/3|\/|3|\|$...
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Or is it that security contractors don't trust ssh? That would be hella scary.
[ link to this | view in chronology ]