Re: [AusNOG] Risks to country and business infrastructure

[Chad Kelly]

Hi What I am saying is that in general you have more chance of humans being 
negligent and messing up security then you have of someone smuggling explosives 
into a Datacentre.
While the AWS security breech wasn’t entirely the companies fault it doesn’t 
make them look good when they have Capital one splashed all over their website 
as a case study of how well they are doing.
AWS really should be recommending their larger customers to go through trained 
partners.
Regards Chad.


Chad Kelly
Manager
CPK Web Services
Phone 03 52730246
Web https://www.cpkws.com.au

From: Andras Toth 
Sent: Wednesday, September 11, 2019 10:26 PM
To: Chad Kelly 
Cc: ausnog@lists.ausnog.net; ausnog-requ...@lists.ausnog.net
Subject: Re: [AusNOG] Risks to country and business infrastructure

The person that got access to their system was not an AWS employee when the 
breach happened. The person got access via a misconfigured server/system that 
wasn't Amazon's fault.

See the original court case for details: 
http://regmedia.co.uk/2019/07/29/capital_one_paige_thompson.pdf

This is the same as saying it's Amazon's fault that people make their S3 
buckets public and information gets exposed.

Andras


On Wed, Sep 11, 2019 at 12:26 PM Chad Kelly 
mailto:c...@cpkws.com.au>> wrote:
On 9/11/2019 12:00 PM, 
ausnog-requ...@lists.ausnog.net<mailto:ausnog-requ...@lists.ausnog.net> wrote:

> When someone questions whether this-or-that was predicted, this seems most
> likely to indicate either the plausibility of the threat, or which side of
> a closed door the questioner was on when the discussions were held.

I'd worry less about people placing explosives in servers and more about
making sure that proper checks are in place for the people with access
to information.


AWS is a good example of this, they really need to lift their game.

Stuff like the Capital One incident just shouldn't happen and as a
result of that I am not recommending AWS to any of our customers.

That isn't the only reason, but the fact Capital One are still with AWS
after that incident scares me a little, if I was them I would of dumped
them as a vendor immediately.

Basically Datacentres and network operators need to force all staff to
undergo regular checks particularly when dealing with sensitive info.

I also am aware that the Capital One case isn't Australian, but it is
still a good example of why providers need to keep an eye on who has
access to certain info.


--
Chad Kelly
Manager
CPK Web Services
Phone 03 5273 0246
Web www.cpkws.com.au<http://www.cpkws.com.au>

___
AusNOG mailing list
AusNOG@lists.ausnog.net<mailto:AusNOG@lists.ausnog.net>
http://lists.ausnog.net/mailman/listinfo/ausnog
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Risks to country and business infrastructure

[John Edwards]

The world was much simpler when ISP's could just print Invoices direct to
customer printers on Windows 95 dialup connections..



On Thu, 12 Sep 2019 at 08:20, Matt Palmer  wrote:

> On Wed, Sep 11, 2019 at 10:25:49PM +1000, Andras Toth wrote:
> > This is the same as saying it's Amazon's fault that people make their S3
> > buckets public and information gets exposed.
>
> Misconfigure it once, shame on you.  Misconfigure it 1,000 times, shame on
> the system.
>
> Also, AWS have been doing things to make it harder to blow your foot off in
> the specific case of accidentally-public S3 buckets, which presumably
> wouldn't have happened if there wasn't at least a semi-plausible case to be
> made that it *was*, at least partially, Amazon's fault.
>
> - Matt
>
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Risks to country and business infrastructure

[Matt Palmer]

On Wed, Sep 11, 2019 at 10:25:49PM +1000, Andras Toth wrote:
> This is the same as saying it's Amazon's fault that people make their S3
> buckets public and information gets exposed.

Misconfigure it once, shame on you.  Misconfigure it 1,000 times, shame on
the system.

Also, AWS have been doing things to make it harder to blow your foot off in
the specific case of accidentally-public S3 buckets, which presumably
wouldn't have happened if there wasn't at least a semi-plausible case to be
made that it *was*, at least partially, Amazon's fault.

- Matt

___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Risks to country and business infrastructure

[Andras Toth]

The person that got access to their system was not an AWS employee when the
breach happened. The person got access via a misconfigured server/system
that wasn't Amazon's fault.

See the original court case for details:
http://regmedia.co.uk/2019/07/29/capital_one_paige_thompson.pdf

This is the same as saying it's Amazon's fault that people make their S3
buckets public and information gets exposed.

Andras


On Wed, Sep 11, 2019 at 12:26 PM Chad Kelly  wrote:

> On 9/11/2019 12:00 PM, ausnog-requ...@lists.ausnog.net wrote:
>
> > When someone questions whether this-or-that was predicted, this seems
> most
> > likely to indicate either the plausibility of the threat, or which side
> of
> > a closed door the questioner was on when the discussions were held.
>
> I'd worry less about people placing explosives in servers and more about
> making sure that proper checks are in place for the people with access
> to information.
>
>
> AWS is a good example of this, they really need to lift their game.
>
> Stuff like the Capital One incident just shouldn't happen and as a
> result of that I am not recommending AWS to any of our customers.
>
> That isn't the only reason, but the fact Capital One are still with AWS
> after that incident scares me a little, if I was them I would of dumped
> them as a vendor immediately.
>
> Basically Datacentres and network operators need to force all staff to
> undergo regular checks particularly when dealing with sensitive info.
>
> I also am aware that the Capital One case isn't Australian, but it is
> still a good example of why providers need to keep an eye on who has
> access to certain info.
>
>
> --
> Chad Kelly
> Manager
> CPK Web Services
> Phone 03 5273 0246
> Web www.cpkws.com.au
>
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Risks to country and business infrastructure

[Chad Kelly]

On 9/11/2019 12:00 PM, ausnog-requ...@lists.ausnog.net wrote:

> When someone questions whether this-or-that was predicted, this seems most
> likely to indicate either the plausibility of the threat, or which side of
> a closed door the questioner was on when the discussions were held.

I'd worry less about people placing explosives in servers and more about 
making sure that proper checks are in place for the people with access 
to information.


AWS is a good example of this, they really need to lift their game.

Stuff like the Capital One incident just shouldn't happen and as a 
result of that I am not recommending AWS to any of our customers.

That isn't the only reason, but the fact Capital One are still with AWS 
after that incident scares me a little, if I was them I would of dumped 
them as a vendor immediately.

Basically Datacentres and network operators need to force all staff to 
undergo regular checks particularly when dealing with sensitive info.

I also am aware that the Capital One case isn't Australian, but it is 
still a good example of why providers need to keep an eye on who has 
access to certain info.


-- 
Chad Kelly
Manager
CPK Web Services
Phone 03 5273 0246
Web www.cpkws.com.au

___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Risks to country and business infrastructure

[Tim Sheahan]

Let's all bear in mind that we're still operating within the imagination
constraint of human agency. As long as we're imagining, I'd like to see
more people thinking about how the rules might change in the information
security sphere, if someone seems to be approaching the achievement of
human-level artificial general intelligence.

As for the rest, with respect for the potential usefulness of brainstorming
new cases -

I've been wondering when we'll see a stop-thread on this topic.

As others point out, movie plots tend to be encompassed within the planning
sphere of Information Security and its subcategories of availability,
integrity, confidentiality, authentication, accountability.

When someone questions whether this-or-that was predicted, this seems most
likely to indicate either the plausibility of the threat, or which side of
a closed door the questioner was on when the discussions were held.

 - Tim
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Risks to country and business infrastructure

[Chris Macko]

Hi Phil,

Definitely something that should be considered by both TIA942 and the
uptime institute specs. Need to reach out to them. Ways to monitor EMP
development and testing may also be a necessity via several satellites
(and/or other methods) so that active EMP threats are monitored although
now we’re talking high end of national security & sovereignty. We have the
IT geniuses of the country here together, it would be good if we could work
together to start closing off all the risks.

Would the US license their black box  operations if we paid for it and in
return covered off such risks to both of us?

Phil, great suggestions.

Chris

On Wed, 11 Sep 2019 at 7:48 am, Dave Fairbairn 
wrote:

> Wouldn’t it be more realistic for someone to sneak in an EMP inside a
> server case?
>
> Regards
>
> Dave
>
>
>
> *From:* AusNOG  *On Behalf Of *Chris
> Macko
> *Sent:* Tuesday, 10 September 2019 1:15 PM
> *To:* Phillip Grasso 
> *Cc:* Ausnog 
> *Subject:* Re: [AusNOG] Risks to country and business infrastructure
>
>
>
> Hi Phillip
>
>
>
> Thanks for that, from memory I already reached out to them the last time I
> mentioned this issue but I’ll try again.
>
>
>
> Have a good day.
>
>
>
> Chris
>
>
>
> On Tue, 10 Sep 2019 at 10:22 am, Phillip Grasso 
> wrote:
>
> suggest you work with The National Security Hotline (NSH) 1800 123 400. I
> think that might be a better direction for your msg.
>
>
>
> On Fri, 6 Sep 2019 at 20:15, Chris Macko 
> wrote:
>
> Hi Mark,
>
>
>
> You do realise how easy it is to get ammonium nitrate in WA goldfields and
> even easier on Australian Opal fields? Not even requirements for cctv from
> governance bodies for storage locations so completely lack of regard for
> explosives security in that area exposed.
>
>
>
> Matey pull your finger maybe the little pinky and start taking this
> seriously. I’d hate for our stock market to take a crash just because China
> wanted a bit of backlash against us and America and found a gap within our
> technology layer on this front.
>
>
>
> Now wouldn’t that be an easy way to take control of our country? Forget
> about weapons of mass destruction one risk toppling all corporations in one
> foul swoop.
>
>
>
> No words from ASX lads? Or don’t they tune in to tech related network
> operators groups. Beware I’m sure that our Chinese friends are making calls
> right this instant as a result of these troubling factors.
>
>
>
> Christopher-Edward Macko
>
>
>
> On Fri, 6 Sep 2019 at 9:21 am, Mark Newton  wrote:
>
>
> On 5 Sep 2019, at 11:55 PM, Chris Macko  wrote:
> > Examples of this include TIA942 and the Uptime Institute specs requiring
> bullet proof glass yet no one has a procedure to stop 1kg let alone 100kg
> of servers filled with explosives from entering our data centres disguised
> as normal server equipment within fully racks brought in by clients during
> colo moves.
>
> That’s a bit of a movie-plot threat, though.
>
> If an adversary has reached the point where that’s a sensible tack for
> them to take, I’m going to offer that nothing your company does is going to
> be capable of stopping them because your imagination is unlikely to be as
> good as theirs, and we’re well into the realm of heavy law enforcement or
> light military response.
>
> I expect that most of this community’s denizens will find that they’re
> protected from this (supposed) threat by being in multiple locations in any
> case. Unless you’re going to up the movie plot stakes by saying the
> adversary is in all of them at the same time.
>
> (Can I also point out that the threat posed by smuggled explosives is
> indistinguishable from the threat posed by earthquake, flood, or fire, and
> companies with business continuity plans capable of withstanding completely
> predictable natural disasters have no need to invest additional stress into
> dealing with the next Die Hard sequel? You’re either prepared or you
> aren’t; And everyone already knows how to prepare, they just differ in how
> much they want to spend doing it)
>
>   - mark
>
>
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Risks to country and business infrastructure

[Dave Fairbairn]

Wouldn’t it be more realistic for someone to sneak in an EMP inside a server 
case?
Regards
Dave



From: AusNOG  On Behalf Of Chris Macko
Sent: Tuesday, 10 September 2019 1:15 PM
To: Phillip Grasso 
Cc: Ausnog 
Subject: Re: [AusNOG] Risks to country and business infrastructure

Hi Phillip

Thanks for that, from memory I already reached out to them the last time I 
mentioned this issue but I’ll try again.

Have a good day.

Chris

On Tue, 10 Sep 2019 at 10:22 am, Phillip Grasso 
mailto:phillip.gra...@gmail.com>> wrote:
suggest you work with The National Security Hotline (NSH) 1800 123 400. I think 
that might be a better direction for your msg.

On Fri, 6 Sep 2019 at 20:15, Chris Macko 
mailto:chrismackozd...@gmail.com>> wrote:
Hi Mark,

You do realise how easy it is to get ammonium nitrate in WA goldfields and even 
easier on Australian Opal fields? Not even requirements for cctv from 
governance bodies for storage locations so completely lack of regard for 
explosives security in that area exposed.

Matey pull your finger maybe the little pinky and start taking this seriously. 
I’d hate for our stock market to take a crash just because China wanted a bit 
of backlash against us and America and found a gap within our technology layer 
on this front.

Now wouldn’t that be an easy way to take control of our country? Forget about 
weapons of mass destruction one risk toppling all corporations in one foul 
swoop.

No words from ASX lads? Or don’t they tune in to tech related network operators 
groups. Beware I’m sure that our Chinese friends are making calls right this 
instant as a result of these troubling factors.

Christopher-Edward Macko

On Fri, 6 Sep 2019 at 9:21 am, Mark Newton 
mailto:new...@atdot.dotat.org>> wrote:

On 5 Sep 2019, at 11:55 PM, Chris Macko 
mailto:chrismackozd...@gmail.com>> wrote:
> Examples of this include TIA942 and the Uptime Institute specs requiring 
> bullet proof glass yet no one has a procedure to stop 1kg let alone 100kg of 
> servers filled with explosives from entering our data centres disguised as 
> normal server equipment within fully racks brought in by clients during colo 
> moves.

That’s a bit of a movie-plot threat, though.

If an adversary has reached the point where that’s a sensible tack for them to 
take, I’m going to offer that nothing your company does is going to be capable 
of stopping them because your imagination is unlikely to be as good as theirs, 
and we’re well into the realm of heavy law enforcement or light military 
response.

I expect that most of this community’s denizens will find that they’re 
protected from this (supposed) threat by being in multiple locations in any 
case. Unless you’re going to up the movie plot stakes by saying the adversary 
is in all of them at the same time.

(Can I also point out that the threat posed by smuggled explosives is 
indistinguishable from the threat posed by earthquake, flood, or fire, and 
companies with business continuity plans capable of withstanding completely 
predictable natural disasters have no need to invest additional stress into 
dealing with the next Die Hard sequel? You’re either prepared or you aren’t; 
And everyone already knows how to prepare, they just differ in how much they 
want to spend doing it)

  - mark


___
AusNOG mailing list
AusNOG@lists.ausnog.net<mailto:AusNOG@lists.ausnog.net>
http://lists.ausnog.net/mailman/listinfo/ausnog
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Risks to country and business infrastructure

[Chris Macko]

Hi Phillip

Thanks for that, from memory I already reached out to them the last time I
mentioned this issue but I’ll try again.

Have a good day.

Chris

On Tue, 10 Sep 2019 at 10:22 am, Phillip Grasso 
wrote:

> suggest you work with The National Security Hotline (NSH) 1800 123 400. I
> think that might be a better direction for your msg.
>
> On Fri, 6 Sep 2019 at 20:15, Chris Macko 
> wrote:
>
>> Hi Mark,
>>
>> You do realise how easy it is to get ammonium nitrate in WA goldfields
>> and even easier on Australian Opal fields? Not even requirements for cctv
>> from governance bodies for storage locations so completely lack of regard
>> for explosives security in that area exposed.
>>
>> Matey pull your finger maybe the little pinky and start taking this
>> seriously. I’d hate for our stock market to take a crash just because China
>> wanted a bit of backlash against us and America and found a gap within our
>> technology layer on this front.
>>
>> Now wouldn’t that be an easy way to take control of our country? Forget
>> about weapons of mass destruction one risk toppling all corporations in one
>> foul swoop.
>>
>> No words from ASX lads? Or don’t they tune in to tech related network
>> operators groups. Beware I’m sure that our Chinese friends are making calls
>> right this instant as a result of these troubling factors.
>>
>> Christopher-Edward Macko
>>
>> On Fri, 6 Sep 2019 at 9:21 am, Mark Newton 
>> wrote:
>>
>>>
>>> On 5 Sep 2019, at 11:55 PM, Chris Macko 
>>> wrote:
>>> > Examples of this include TIA942 and the Uptime Institute specs
>>> requiring bullet proof glass yet no one has a procedure to stop 1kg let
>>> alone 100kg of servers filled with explosives from entering our data
>>> centres disguised as normal server equipment within fully racks brought in
>>> by clients during colo moves.
>>>
>>> That’s a bit of a movie-plot threat, though.
>>>
>>> If an adversary has reached the point where that’s a sensible tack for
>>> them to take, I’m going to offer that nothing your company does is going to
>>> be capable of stopping them because your imagination is unlikely to be as
>>> good as theirs, and we’re well into the realm of heavy law enforcement or
>>> light military response.
>>>
>>> I expect that most of this community’s denizens will find that they’re
>>> protected from this (supposed) threat by being in multiple locations in any
>>> case. Unless you’re going to up the movie plot stakes by saying the
>>> adversary is in all of them at the same time.
>>>
>>> (Can I also point out that the threat posed by smuggled explosives is
>>> indistinguishable from the threat posed by earthquake, flood, or fire, and
>>> companies with business continuity plans capable of withstanding completely
>>> predictable natural disasters have no need to invest additional stress into
>>> dealing with the next Die Hard sequel? You’re either prepared or you
>>> aren’t; And everyone already knows how to prepare, they just differ in how
>>> much they want to spend doing it)
>>>
>>>   - mark
>>>
>>>
>>>
>>> ___
>> AusNOG mailing list
>> AusNOG@lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Risks to country and business infrastructure

[Phillip Grasso]

suggest you work with The National Security Hotline (NSH) 1800 123 400. I
think that might be a better direction for your msg.

On Fri, 6 Sep 2019 at 20:15, Chris Macko  wrote:

> Hi Mark,
>
> You do realise how easy it is to get ammonium nitrate in WA goldfields and
> even easier on Australian Opal fields? Not even requirements for cctv from
> governance bodies for storage locations so completely lack of regard for
> explosives security in that area exposed.
>
> Matey pull your finger maybe the little pinky and start taking this
> seriously. I’d hate for our stock market to take a crash just because China
> wanted a bit of backlash against us and America and found a gap within our
> technology layer on this front.
>
> Now wouldn’t that be an easy way to take control of our country? Forget
> about weapons of mass destruction one risk toppling all corporations in one
> foul swoop.
>
> No words from ASX lads? Or don’t they tune in to tech related network
> operators groups. Beware I’m sure that our Chinese friends are making calls
> right this instant as a result of these troubling factors.
>
> Christopher-Edward Macko
>
> On Fri, 6 Sep 2019 at 9:21 am, Mark Newton  wrote:
>
>>
>> On 5 Sep 2019, at 11:55 PM, Chris Macko 
>> wrote:
>> > Examples of this include TIA942 and the Uptime Institute specs
>> requiring bullet proof glass yet no one has a procedure to stop 1kg let
>> alone 100kg of servers filled with explosives from entering our data
>> centres disguised as normal server equipment within fully racks brought in
>> by clients during colo moves.
>>
>> That’s a bit of a movie-plot threat, though.
>>
>> If an adversary has reached the point where that’s a sensible tack for
>> them to take, I’m going to offer that nothing your company does is going to
>> be capable of stopping them because your imagination is unlikely to be as
>> good as theirs, and we’re well into the realm of heavy law enforcement or
>> light military response.
>>
>> I expect that most of this community’s denizens will find that they’re
>> protected from this (supposed) threat by being in multiple locations in any
>> case. Unless you’re going to up the movie plot stakes by saying the
>> adversary is in all of them at the same time.
>>
>> (Can I also point out that the threat posed by smuggled explosives is
>> indistinguishable from the threat posed by earthquake, flood, or fire, and
>> companies with business continuity plans capable of withstanding completely
>> predictable natural disasters have no need to invest additional stress into
>> dealing with the next Die Hard sequel? You’re either prepared or you
>> aren’t; And everyone already knows how to prepare, they just differ in how
>> much they want to spend doing it)
>>
>>   - mark
>>
>>
>>
>> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Risks to country and business infrastructure

[Chris Macko]

John, a valid and good point, thanks for sharing

On Mon, 9 Sep 2019 at 8:03 am, John Edwards  wrote:

> A movie that details such a corporate destruction is “Fight Club” and I
> note that pushing additional risk-solving process onto security staff may
> have actually exacerbated that scenario.
>
>
> > On 6 Sep 2019, at 10:51 am, Mark Newton  wrote:
> >
> > That’s a bit of a movie-plot threat, though.
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Risks to country and business infrastructure

[John Edwards]

A movie that details such a corporate destruction is “Fight Club” and I note 
that pushing additional risk-solving process onto security staff may have 
actually exacerbated that scenario.


> On 6 Sep 2019, at 10:51 am, Mark Newton  wrote:
> 
> That’s a bit of a movie-plot threat, though.
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Risks to country and business infrastructure

[Mark Newton]

On 5 Sep 2019, at 11:55 PM, Chris Macko  wrote:
> Examples of this include TIA942 and the Uptime Institute specs requiring 
> bullet proof glass yet no one has a procedure to stop 1kg let alone 100kg of 
> servers filled with explosives from entering our data centres disguised as 
> normal server equipment within fully racks brought in by clients during colo 
> moves.

That’s a bit of a movie-plot threat, though.

If an adversary has reached the point where that’s a sensible tack for them to 
take, I’m going to offer that nothing your company does is going to be capable 
of stopping them because your imagination is unlikely to be as good as theirs, 
and we’re well into the realm of heavy law enforcement or light military 
response.

I expect that most of this community’s denizens will find that they’re 
protected from this (supposed) threat by being in multiple locations in any 
case. Unless you’re going to up the movie plot stakes by saying the adversary 
is in all of them at the same time.

(Can I also point out that the threat posed by smuggled explosives is 
indistinguishable from the threat posed by earthquake, flood, or fire, and 
companies with business continuity plans capable of withstanding completely 
predictable natural disasters have no need to invest additional stress into 
dealing with the next Die Hard sequel? You’re either prepared or you aren’t; 
And everyone already knows how to prepare, they just differ in how much they 
want to spend doing it)

  - mark



___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Risks to country and business infrastructure

[Chris Macko]

Mind you we can move that decision in our favour by boosting Darwin as
hydro agricultural hub and supplying China Indonesia and India with at
least 20% of their fresh fruit and veg produce. It’s an achievable plan.

But our government does require to scan all incoming and outgoing
containers and know exactly what China may or may not bring to the country.
That’s a real necessity.

I’m sure America has that capability already whether they share it with
Australia is another story. Who knows behind the scenes there’s stacked
layers of secrets knowledge and imagination.

I’m going to keep it quiet and see if we have any more responses at this
stage. It’s about time we all started sharing the gaps and I’ll work hard
with my team on fixing them.

Chris

On Fri, 6 Sep 2019 at 6:30 pm, Chris Macko 
wrote:

> Further, For now things appear to be safe but a snare has been set and
> things go to motion if anyone attempts to use this risk against our
> democratic process. I’m not at liberty to share details.
>
> As for the NT minister responsible for renting out port of Darwin to China
> for 100 years (and don’t get me wrong I do like the Chinese just feel they
> may become a force to be reckoned with in future that needs to be managed
> carefully as I like our existing cultural fit) what were you thinking?
> Please come to Port Hedland so we can show you our gratitude.
>
> Chris
>
> On Fri, 6 Sep 2019 at 6:14 pm, Chris Macko 
> wrote:
>
>> Hi Mark,
>>
>> You do realise how easy it is to get ammonium nitrate in WA goldfields
>> and even easier on Australian Opal fields? Not even requirements for cctv
>> from governance bodies for storage locations so completely lack of regard
>> for explosives security in that area exposed.
>>
>> Matey pull your finger maybe the little pinky and start taking this
>> seriously. I’d hate for our stock market to take a crash just because China
>> wanted a bit of backlash against us and America and found a gap within our
>> technology layer on this front.
>>
>> Now wouldn’t that be an easy way to take control of our country? Forget
>> about weapons of mass destruction one risk toppling all corporations in one
>> foul swoop.
>>
>> No words from ASX lads? Or don’t they tune in to tech related network
>> operators groups. Beware I’m sure that our Chinese friends are making calls
>> right this instant as a result of these troubling factors.
>>
>> Christopher-Edward Macko
>>
>> On Fri, 6 Sep 2019 at 9:21 am, Mark Newton 
>> wrote:
>>
>>>
>>> On 5 Sep 2019, at 11:55 PM, Chris Macko 
>>> wrote:
>>> > Examples of this include TIA942 and the Uptime Institute specs
>>> requiring bullet proof glass yet no one has a procedure to stop 1kg let
>>> alone 100kg of servers filled with explosives from entering our data
>>> centres disguised as normal server equipment within fully racks brought in
>>> by clients during colo moves.
>>>
>>> That’s a bit of a movie-plot threat, though.
>>>
>>> If an adversary has reached the point where that’s a sensible tack for
>>> them to take, I’m going to offer that nothing your company does is going to
>>> be capable of stopping them because your imagination is unlikely to be as
>>> good as theirs, and we’re well into the realm of heavy law enforcement or
>>> light military response.
>>>
>>> I expect that most of this community’s denizens will find that they’re
>>> protected from this (supposed) threat by being in multiple locations in any
>>> case. Unless you’re going to up the movie plot stakes by saying the
>>> adversary is in all of them at the same time.
>>>
>>> (Can I also point out that the threat posed by smuggled explosives is
>>> indistinguishable from the threat posed by earthquake, flood, or fire, and
>>> companies with business continuity plans capable of withstanding completely
>>> predictable natural disasters have no need to invest additional stress into
>>> dealing with the next Die Hard sequel? You’re either prepared or you
>>> aren’t; And everyone already knows how to prepare, they just differ in how
>>> much they want to spend doing it)
>>>
>>>   - mark
>>>
>>>
>>>
>>>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Risks to country and business infrastructure

[Chris Macko]

Further, For now things appear to be safe but a snare has been set and
things go to motion if anyone attempts to use this risk against our
democratic process. I’m not at liberty to share details.

As for the NT minister responsible for renting out port of Darwin to China
for 100 years (and don’t get me wrong I do like the Chinese just feel they
may become a force to be reckoned with in future that needs to be managed
carefully as I like our existing cultural fit) what were you thinking?
Please come to Port Hedland so we can show you our gratitude.

Chris

On Fri, 6 Sep 2019 at 6:14 pm, Chris Macko 
wrote:

> Hi Mark,
>
> You do realise how easy it is to get ammonium nitrate in WA goldfields and
> even easier on Australian Opal fields? Not even requirements for cctv from
> governance bodies for storage locations so completely lack of regard for
> explosives security in that area exposed.
>
> Matey pull your finger maybe the little pinky and start taking this
> seriously. I’d hate for our stock market to take a crash just because China
> wanted a bit of backlash against us and America and found a gap within our
> technology layer on this front.
>
> Now wouldn’t that be an easy way to take control of our country? Forget
> about weapons of mass destruction one risk toppling all corporations in one
> foul swoop.
>
> No words from ASX lads? Or don’t they tune in to tech related network
> operators groups. Beware I’m sure that our Chinese friends are making calls
> right this instant as a result of these troubling factors.
>
> Christopher-Edward Macko
>
> On Fri, 6 Sep 2019 at 9:21 am, Mark Newton  wrote:
>
>>
>> On 5 Sep 2019, at 11:55 PM, Chris Macko 
>> wrote:
>> > Examples of this include TIA942 and the Uptime Institute specs
>> requiring bullet proof glass yet no one has a procedure to stop 1kg let
>> alone 100kg of servers filled with explosives from entering our data
>> centres disguised as normal server equipment within fully racks brought in
>> by clients during colo moves.
>>
>> That’s a bit of a movie-plot threat, though.
>>
>> If an adversary has reached the point where that’s a sensible tack for
>> them to take, I’m going to offer that nothing your company does is going to
>> be capable of stopping them because your imagination is unlikely to be as
>> good as theirs, and we’re well into the realm of heavy law enforcement or
>> light military response.
>>
>> I expect that most of this community’s denizens will find that they’re
>> protected from this (supposed) threat by being in multiple locations in any
>> case. Unless you’re going to up the movie plot stakes by saying the
>> adversary is in all of them at the same time.
>>
>> (Can I also point out that the threat posed by smuggled explosives is
>> indistinguishable from the threat posed by earthquake, flood, or fire, and
>> companies with business continuity plans capable of withstanding completely
>> predictable natural disasters have no need to invest additional stress into
>> dealing with the next Die Hard sequel? You’re either prepared or you
>> aren’t; And everyone already knows how to prepare, they just differ in how
>> much they want to spend doing it)
>>
>>   - mark
>>
>>
>>
>>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Risks to country and business infrastructure

[Chris Macko]

Hi Mark,

You do realise how easy it is to get ammonium nitrate in WA goldfields and
even easier on Australian Opal fields? Not even requirements for cctv from
governance bodies for storage locations so completely lack of regard for
explosives security in that area exposed.

Matey pull your finger maybe the little pinky and start taking this
seriously. I’d hate for our stock market to take a crash just because China
wanted a bit of backlash against us and America and found a gap within our
technology layer on this front.

Now wouldn’t that be an easy way to take control of our country? Forget
about weapons of mass destruction one risk toppling all corporations in one
foul swoop.

No words from ASX lads? Or don’t they tune in to tech related network
operators groups. Beware I’m sure that our Chinese friends are making calls
right this instant as a result of these troubling factors.

Christopher-Edward Macko

On Fri, 6 Sep 2019 at 9:21 am, Mark Newton  wrote:

>
> On 5 Sep 2019, at 11:55 PM, Chris Macko  wrote:
> > Examples of this include TIA942 and the Uptime Institute specs requiring
> bullet proof glass yet no one has a procedure to stop 1kg let alone 100kg
> of servers filled with explosives from entering our data centres disguised
> as normal server equipment within fully racks brought in by clients during
> colo moves.
>
> That’s a bit of a movie-plot threat, though.
>
> If an adversary has reached the point where that’s a sensible tack for
> them to take, I’m going to offer that nothing your company does is going to
> be capable of stopping them because your imagination is unlikely to be as
> good as theirs, and we’re well into the realm of heavy law enforcement or
> light military response.
>
> I expect that most of this community’s denizens will find that they’re
> protected from this (supposed) threat by being in multiple locations in any
> case. Unless you’re going to up the movie plot stakes by saying the
> adversary is in all of them at the same time.
>
> (Can I also point out that the threat posed by smuggled explosives is
> indistinguishable from the threat posed by earthquake, flood, or fire, and
> companies with business continuity plans capable of withstanding completely
> predictable natural disasters have no need to invest additional stress into
> dealing with the next Die Hard sequel? You’re either prepared or you
> aren’t; And everyone already knows how to prepare, they just differ in how
> much they want to spend doing it)
>
>   - mark
>
>
>
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Risks to country and business infrastructure.

[Jason Xiros]

Hi Chris,

In no way intending to be facetious, but given the sensitive nature of your 
request you could at a minimum include a PGP key in your email signature.

(...and I am aware of the irony that I have not either)

Kind regards,

Jason


> Date: Thu, 5 Sep 2019 21:55:25 +0800
> From: Chris Macko 
> To: ausnog@lists.ausnog.net
> Subject: [AusNOG] Risks to country and business infrastructure
> Message-ID:
>
> Content-Type: text/plain; charset="utf-8"
> 
> Dear colleagues,
> 
> As many of you are aware there are many gaps that have been discovered in
> the hosting space and data centre centres over the years that I saw while
> managing director of my previous hosting enterprise. Some of you may know
> me quite intimately others who don?t I greet and say hello.
> 
> I?m now working with a select group of specialists to form a new security
> service that will help assist with technology and build hardware devices
> that assist in solving (not mitigating) these risks.
> 
> Examples of this include TIA942 and the Uptime Institute specs requiring
> bullet proof glass yet no one has a procedure to stop 1kg let alone 100kg
> of servers filled with explosives from entering our data centres disguised
> as normal server equipment within fully racks brought in by clients during
> colo moves.
> 
> As you may be already aware at the time I last brought this to your
> attention I was asking if the risk exposed our stock market in the case
> that the ASX still continued to provide colo services, as that would put
> our entire share market in jeopardy. is that still the case? Can anyone
> from the asx respond?
> 
> I?ve spoken to many directors since I sold my businesses and I don?t
> believe anyone has stepped up to solving this risk (including ASIO or
> CSIRO) so my group will do our best to suggest the most cost effective ways
> to efficiently make the devices and provide them to you within a reasonable
> timeframe.
> 
> If you have seen gaps in technology software in business, lga, state or
> federal run institutions, including airports, rail, mines, ports
> authorities, banks, apra members, we need to know about it. Please email a
> confidential email to chrismackozd...@gmail.com with 7 day expiry method so
> that I can print off your concerns and safely store them until our group
> meets for discussions in relation to your and our risks that we?ve seen
> over the years.
> 
> If you could please reply at your convenience, it would be appreciated.
> 
> Kind and warm regards from Pilbara WA,
> 
> Chris Macko
> Master Director
> Macko Corporation Pty Ltd
> -- next part --
> An HTML attachment was scrubbed...
> URL: 
> <http://lists.ausnog.net/pipermail/ausnog/attachments/20190905/7b852549/attachment-0001.html>
> 
> --
> 

___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

[AusNOG] Risks to country and business infrastructure

[Chris Macko]

Dear colleagues,

As many of you are aware there are many gaps that have been discovered in
the hosting space and data centre centres over the years that I saw while
managing director of my previous hosting enterprise. Some of you may know
me quite intimately others who don’t I greet and say hello.

I’m now working with a select group of specialists to form a new security
service that will help assist with technology and build hardware devices
that assist in solving (not mitigating) these risks.

Examples of this include TIA942 and the Uptime Institute specs requiring
bullet proof glass yet no one has a procedure to stop 1kg let alone 100kg
of servers filled with explosives from entering our data centres disguised
as normal server equipment within fully racks brought in by clients during
colo moves.

As you may be already aware at the time I last brought this to your
attention I was asking if the risk exposed our stock market in the case
that the ASX still continued to provide colo services, as that would put
our entire share market in jeopardy. is that still the case? Can anyone
from the asx respond?

I’ve spoken to many directors since I sold my businesses and I don’t
believe anyone has stepped up to solving this risk (including ASIO or
CSIRO) so my group will do our best to suggest the most cost effective ways
to efficiently make the devices and provide them to you within a reasonable
timeframe.

If you have seen gaps in technology software in business, lga, state or
federal run institutions, including airports, rail, mines, ports
authorities, banks, apra members, we need to know about it. Please email a
confidential email to chrismackozd...@gmail.com with 7 day expiry method so
that I can print off your concerns and safely store them until our group
meets for discussions in relation to your and our risks that we’ve seen
over the years.

If you could please reply at your convenience, it would be appreciated.

Kind and warm regards from Pilbara WA,

Chris Macko
Master Director
Macko Corporation Pty Ltd
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog