Re: [AusNOG] Risks to country and business infrastructure
Hi What I am saying is that in general you have more chance of humans being negligent and messing up security then you have of someone smuggling explosives into a Datacentre. While the AWS security breech wasn’t entirely the companies fault it doesn’t make them look good when they have Capital one splashed all over their website as a case study of how well they are doing. AWS really should be recommending their larger customers to go through trained partners. Regards Chad. Chad Kelly Manager CPK Web Services Phone 03 52730246 Web https://www.cpkws.com.au From: Andras Toth Sent: Wednesday, September 11, 2019 10:26 PM To: Chad Kelly Cc: ausnog@lists.ausnog.net; ausnog-requ...@lists.ausnog.net Subject: Re: [AusNOG] Risks to country and business infrastructure The person that got access to their system was not an AWS employee when the breach happened. The person got access via a misconfigured server/system that wasn't Amazon's fault. See the original court case for details: http://regmedia.co.uk/2019/07/29/capital_one_paige_thompson.pdf This is the same as saying it's Amazon's fault that people make their S3 buckets public and information gets exposed. Andras On Wed, Sep 11, 2019 at 12:26 PM Chad Kelly mailto:c...@cpkws.com.au>> wrote: On 9/11/2019 12:00 PM, ausnog-requ...@lists.ausnog.net<mailto:ausnog-requ...@lists.ausnog.net> wrote: > When someone questions whether this-or-that was predicted, this seems most > likely to indicate either the plausibility of the threat, or which side of > a closed door the questioner was on when the discussions were held. I'd worry less about people placing explosives in servers and more about making sure that proper checks are in place for the people with access to information. AWS is a good example of this, they really need to lift their game. Stuff like the Capital One incident just shouldn't happen and as a result of that I am not recommending AWS to any of our customers. That isn't the only reason, but the fact Capital One are still with AWS after that incident scares me a little, if I was them I would of dumped them as a vendor immediately. Basically Datacentres and network operators need to force all staff to undergo regular checks particularly when dealing with sensitive info. I also am aware that the Capital One case isn't Australian, but it is still a good example of why providers need to keep an eye on who has access to certain info. -- Chad Kelly Manager CPK Web Services Phone 03 5273 0246 Web www.cpkws.com.au<http://www.cpkws.com.au> ___ AusNOG mailing list AusNOG@lists.ausnog.net<mailto:AusNOG@lists.ausnog.net> http://lists.ausnog.net/mailman/listinfo/ausnog ___ AusNOG mailing list AusNOG@lists.ausnog.net http://lists.ausnog.net/mailman/listinfo/ausnog
Re: [AusNOG] Risks to country and business infrastructure
The world was much simpler when ISP's could just print Invoices direct to customer printers on Windows 95 dialup connections.. On Thu, 12 Sep 2019 at 08:20, Matt Palmer wrote: > On Wed, Sep 11, 2019 at 10:25:49PM +1000, Andras Toth wrote: > > This is the same as saying it's Amazon's fault that people make their S3 > > buckets public and information gets exposed. > > Misconfigure it once, shame on you. Misconfigure it 1,000 times, shame on > the system. > > Also, AWS have been doing things to make it harder to blow your foot off in > the specific case of accidentally-public S3 buckets, which presumably > wouldn't have happened if there wasn't at least a semi-plausible case to be > made that it *was*, at least partially, Amazon's fault. > > - Matt > > ___ > AusNOG mailing list > AusNOG@lists.ausnog.net > http://lists.ausnog.net/mailman/listinfo/ausnog > ___ AusNOG mailing list AusNOG@lists.ausnog.net http://lists.ausnog.net/mailman/listinfo/ausnog
Re: [AusNOG] Risks to country and business infrastructure
On Wed, Sep 11, 2019 at 10:25:49PM +1000, Andras Toth wrote: > This is the same as saying it's Amazon's fault that people make their S3 > buckets public and information gets exposed. Misconfigure it once, shame on you. Misconfigure it 1,000 times, shame on the system. Also, AWS have been doing things to make it harder to blow your foot off in the specific case of accidentally-public S3 buckets, which presumably wouldn't have happened if there wasn't at least a semi-plausible case to be made that it *was*, at least partially, Amazon's fault. - Matt ___ AusNOG mailing list AusNOG@lists.ausnog.net http://lists.ausnog.net/mailman/listinfo/ausnog
Re: [AusNOG] Risks to country and business infrastructure
The person that got access to their system was not an AWS employee when the breach happened. The person got access via a misconfigured server/system that wasn't Amazon's fault. See the original court case for details: http://regmedia.co.uk/2019/07/29/capital_one_paige_thompson.pdf This is the same as saying it's Amazon's fault that people make their S3 buckets public and information gets exposed. Andras On Wed, Sep 11, 2019 at 12:26 PM Chad Kelly wrote: > On 9/11/2019 12:00 PM, ausnog-requ...@lists.ausnog.net wrote: > > > When someone questions whether this-or-that was predicted, this seems > most > > likely to indicate either the plausibility of the threat, or which side > of > > a closed door the questioner was on when the discussions were held. > > I'd worry less about people placing explosives in servers and more about > making sure that proper checks are in place for the people with access > to information. > > > AWS is a good example of this, they really need to lift their game. > > Stuff like the Capital One incident just shouldn't happen and as a > result of that I am not recommending AWS to any of our customers. > > That isn't the only reason, but the fact Capital One are still with AWS > after that incident scares me a little, if I was them I would of dumped > them as a vendor immediately. > > Basically Datacentres and network operators need to force all staff to > undergo regular checks particularly when dealing with sensitive info. > > I also am aware that the Capital One case isn't Australian, but it is > still a good example of why providers need to keep an eye on who has > access to certain info. > > > -- > Chad Kelly > Manager > CPK Web Services > Phone 03 5273 0246 > Web www.cpkws.com.au > > ___ > AusNOG mailing list > AusNOG@lists.ausnog.net > http://lists.ausnog.net/mailman/listinfo/ausnog > ___ AusNOG mailing list AusNOG@lists.ausnog.net http://lists.ausnog.net/mailman/listinfo/ausnog
Re: [AusNOG] Risks to country and business infrastructure
On 9/11/2019 12:00 PM, ausnog-requ...@lists.ausnog.net wrote: > When someone questions whether this-or-that was predicted, this seems most > likely to indicate either the plausibility of the threat, or which side of > a closed door the questioner was on when the discussions were held. I'd worry less about people placing explosives in servers and more about making sure that proper checks are in place for the people with access to information. AWS is a good example of this, they really need to lift their game. Stuff like the Capital One incident just shouldn't happen and as a result of that I am not recommending AWS to any of our customers. That isn't the only reason, but the fact Capital One are still with AWS after that incident scares me a little, if I was them I would of dumped them as a vendor immediately. Basically Datacentres and network operators need to force all staff to undergo regular checks particularly when dealing with sensitive info. I also am aware that the Capital One case isn't Australian, but it is still a good example of why providers need to keep an eye on who has access to certain info. -- Chad Kelly Manager CPK Web Services Phone 03 5273 0246 Web www.cpkws.com.au ___ AusNOG mailing list AusNOG@lists.ausnog.net http://lists.ausnog.net/mailman/listinfo/ausnog
Re: [AusNOG] Risks to country and business infrastructure
Let's all bear in mind that we're still operating within the imagination constraint of human agency. As long as we're imagining, I'd like to see more people thinking about how the rules might change in the information security sphere, if someone seems to be approaching the achievement of human-level artificial general intelligence. As for the rest, with respect for the potential usefulness of brainstorming new cases - I've been wondering when we'll see a stop-thread on this topic. As others point out, movie plots tend to be encompassed within the planning sphere of Information Security and its subcategories of availability, integrity, confidentiality, authentication, accountability. When someone questions whether this-or-that was predicted, this seems most likely to indicate either the plausibility of the threat, or which side of a closed door the questioner was on when the discussions were held. - Tim ___ AusNOG mailing list AusNOG@lists.ausnog.net http://lists.ausnog.net/mailman/listinfo/ausnog
Re: [AusNOG] Risks to country and business infrastructure
Hi Phil, Definitely something that should be considered by both TIA942 and the uptime institute specs. Need to reach out to them. Ways to monitor EMP development and testing may also be a necessity via several satellites (and/or other methods) so that active EMP threats are monitored although now we’re talking high end of national security & sovereignty. We have the IT geniuses of the country here together, it would be good if we could work together to start closing off all the risks. Would the US license their black box operations if we paid for it and in return covered off such risks to both of us? Phil, great suggestions. Chris On Wed, 11 Sep 2019 at 7:48 am, Dave Fairbairn wrote: > Wouldn’t it be more realistic for someone to sneak in an EMP inside a > server case? > > Regards > > Dave > > > > *From:* AusNOG *On Behalf Of *Chris > Macko > *Sent:* Tuesday, 10 September 2019 1:15 PM > *To:* Phillip Grasso > *Cc:* Ausnog > *Subject:* Re: [AusNOG] Risks to country and business infrastructure > > > > Hi Phillip > > > > Thanks for that, from memory I already reached out to them the last time I > mentioned this issue but I’ll try again. > > > > Have a good day. > > > > Chris > > > > On Tue, 10 Sep 2019 at 10:22 am, Phillip Grasso > wrote: > > suggest you work with The National Security Hotline (NSH) 1800 123 400. I > think that might be a better direction for your msg. > > > > On Fri, 6 Sep 2019 at 20:15, Chris Macko > wrote: > > Hi Mark, > > > > You do realise how easy it is to get ammonium nitrate in WA goldfields and > even easier on Australian Opal fields? Not even requirements for cctv from > governance bodies for storage locations so completely lack of regard for > explosives security in that area exposed. > > > > Matey pull your finger maybe the little pinky and start taking this > seriously. I’d hate for our stock market to take a crash just because China > wanted a bit of backlash against us and America and found a gap within our > technology layer on this front. > > > > Now wouldn’t that be an easy way to take control of our country? Forget > about weapons of mass destruction one risk toppling all corporations in one > foul swoop. > > > > No words from ASX lads? Or don’t they tune in to tech related network > operators groups. Beware I’m sure that our Chinese friends are making calls > right this instant as a result of these troubling factors. > > > > Christopher-Edward Macko > > > > On Fri, 6 Sep 2019 at 9:21 am, Mark Newton wrote: > > > On 5 Sep 2019, at 11:55 PM, Chris Macko wrote: > > Examples of this include TIA942 and the Uptime Institute specs requiring > bullet proof glass yet no one has a procedure to stop 1kg let alone 100kg > of servers filled with explosives from entering our data centres disguised > as normal server equipment within fully racks brought in by clients during > colo moves. > > That’s a bit of a movie-plot threat, though. > > If an adversary has reached the point where that’s a sensible tack for > them to take, I’m going to offer that nothing your company does is going to > be capable of stopping them because your imagination is unlikely to be as > good as theirs, and we’re well into the realm of heavy law enforcement or > light military response. > > I expect that most of this community’s denizens will find that they’re > protected from this (supposed) threat by being in multiple locations in any > case. Unless you’re going to up the movie plot stakes by saying the > adversary is in all of them at the same time. > > (Can I also point out that the threat posed by smuggled explosives is > indistinguishable from the threat posed by earthquake, flood, or fire, and > companies with business continuity plans capable of withstanding completely > predictable natural disasters have no need to invest additional stress into > dealing with the next Die Hard sequel? You’re either prepared or you > aren’t; And everyone already knows how to prepare, they just differ in how > much they want to spend doing it) > > - mark > > > ___ > AusNOG mailing list > AusNOG@lists.ausnog.net > http://lists.ausnog.net/mailman/listinfo/ausnog > > ___ AusNOG mailing list AusNOG@lists.ausnog.net http://lists.ausnog.net/mailman/listinfo/ausnog
Re: [AusNOG] Risks to country and business infrastructure
Wouldn’t it be more realistic for someone to sneak in an EMP inside a server case? Regards Dave From: AusNOG On Behalf Of Chris Macko Sent: Tuesday, 10 September 2019 1:15 PM To: Phillip Grasso Cc: Ausnog Subject: Re: [AusNOG] Risks to country and business infrastructure Hi Phillip Thanks for that, from memory I already reached out to them the last time I mentioned this issue but I’ll try again. Have a good day. Chris On Tue, 10 Sep 2019 at 10:22 am, Phillip Grasso mailto:phillip.gra...@gmail.com>> wrote: suggest you work with The National Security Hotline (NSH) 1800 123 400. I think that might be a better direction for your msg. On Fri, 6 Sep 2019 at 20:15, Chris Macko mailto:chrismackozd...@gmail.com>> wrote: Hi Mark, You do realise how easy it is to get ammonium nitrate in WA goldfields and even easier on Australian Opal fields? Not even requirements for cctv from governance bodies for storage locations so completely lack of regard for explosives security in that area exposed. Matey pull your finger maybe the little pinky and start taking this seriously. I’d hate for our stock market to take a crash just because China wanted a bit of backlash against us and America and found a gap within our technology layer on this front. Now wouldn’t that be an easy way to take control of our country? Forget about weapons of mass destruction one risk toppling all corporations in one foul swoop. No words from ASX lads? Or don’t they tune in to tech related network operators groups. Beware I’m sure that our Chinese friends are making calls right this instant as a result of these troubling factors. Christopher-Edward Macko On Fri, 6 Sep 2019 at 9:21 am, Mark Newton mailto:new...@atdot.dotat.org>> wrote: On 5 Sep 2019, at 11:55 PM, Chris Macko mailto:chrismackozd...@gmail.com>> wrote: > Examples of this include TIA942 and the Uptime Institute specs requiring > bullet proof glass yet no one has a procedure to stop 1kg let alone 100kg of > servers filled with explosives from entering our data centres disguised as > normal server equipment within fully racks brought in by clients during colo > moves. That’s a bit of a movie-plot threat, though. If an adversary has reached the point where that’s a sensible tack for them to take, I’m going to offer that nothing your company does is going to be capable of stopping them because your imagination is unlikely to be as good as theirs, and we’re well into the realm of heavy law enforcement or light military response. I expect that most of this community’s denizens will find that they’re protected from this (supposed) threat by being in multiple locations in any case. Unless you’re going to up the movie plot stakes by saying the adversary is in all of them at the same time. (Can I also point out that the threat posed by smuggled explosives is indistinguishable from the threat posed by earthquake, flood, or fire, and companies with business continuity plans capable of withstanding completely predictable natural disasters have no need to invest additional stress into dealing with the next Die Hard sequel? You’re either prepared or you aren’t; And everyone already knows how to prepare, they just differ in how much they want to spend doing it) - mark ___ AusNOG mailing list AusNOG@lists.ausnog.net<mailto:AusNOG@lists.ausnog.net> http://lists.ausnog.net/mailman/listinfo/ausnog ___ AusNOG mailing list AusNOG@lists.ausnog.net http://lists.ausnog.net/mailman/listinfo/ausnog
Re: [AusNOG] Risks to country and business infrastructure
Hi Phillip Thanks for that, from memory I already reached out to them the last time I mentioned this issue but I’ll try again. Have a good day. Chris On Tue, 10 Sep 2019 at 10:22 am, Phillip Grasso wrote: > suggest you work with The National Security Hotline (NSH) 1800 123 400. I > think that might be a better direction for your msg. > > On Fri, 6 Sep 2019 at 20:15, Chris Macko > wrote: > >> Hi Mark, >> >> You do realise how easy it is to get ammonium nitrate in WA goldfields >> and even easier on Australian Opal fields? Not even requirements for cctv >> from governance bodies for storage locations so completely lack of regard >> for explosives security in that area exposed. >> >> Matey pull your finger maybe the little pinky and start taking this >> seriously. I’d hate for our stock market to take a crash just because China >> wanted a bit of backlash against us and America and found a gap within our >> technology layer on this front. >> >> Now wouldn’t that be an easy way to take control of our country? Forget >> about weapons of mass destruction one risk toppling all corporations in one >> foul swoop. >> >> No words from ASX lads? Or don’t they tune in to tech related network >> operators groups. Beware I’m sure that our Chinese friends are making calls >> right this instant as a result of these troubling factors. >> >> Christopher-Edward Macko >> >> On Fri, 6 Sep 2019 at 9:21 am, Mark Newton >> wrote: >> >>> >>> On 5 Sep 2019, at 11:55 PM, Chris Macko >>> wrote: >>> > Examples of this include TIA942 and the Uptime Institute specs >>> requiring bullet proof glass yet no one has a procedure to stop 1kg let >>> alone 100kg of servers filled with explosives from entering our data >>> centres disguised as normal server equipment within fully racks brought in >>> by clients during colo moves. >>> >>> That’s a bit of a movie-plot threat, though. >>> >>> If an adversary has reached the point where that’s a sensible tack for >>> them to take, I’m going to offer that nothing your company does is going to >>> be capable of stopping them because your imagination is unlikely to be as >>> good as theirs, and we’re well into the realm of heavy law enforcement or >>> light military response. >>> >>> I expect that most of this community’s denizens will find that they’re >>> protected from this (supposed) threat by being in multiple locations in any >>> case. Unless you’re going to up the movie plot stakes by saying the >>> adversary is in all of them at the same time. >>> >>> (Can I also point out that the threat posed by smuggled explosives is >>> indistinguishable from the threat posed by earthquake, flood, or fire, and >>> companies with business continuity plans capable of withstanding completely >>> predictable natural disasters have no need to invest additional stress into >>> dealing with the next Die Hard sequel? You’re either prepared or you >>> aren’t; And everyone already knows how to prepare, they just differ in how >>> much they want to spend doing it) >>> >>> - mark >>> >>> >>> >>> ___ >> AusNOG mailing list >> AusNOG@lists.ausnog.net >> http://lists.ausnog.net/mailman/listinfo/ausnog >> > ___ AusNOG mailing list AusNOG@lists.ausnog.net http://lists.ausnog.net/mailman/listinfo/ausnog
Re: [AusNOG] Risks to country and business infrastructure
suggest you work with The National Security Hotline (NSH) 1800 123 400. I think that might be a better direction for your msg. On Fri, 6 Sep 2019 at 20:15, Chris Macko wrote: > Hi Mark, > > You do realise how easy it is to get ammonium nitrate in WA goldfields and > even easier on Australian Opal fields? Not even requirements for cctv from > governance bodies for storage locations so completely lack of regard for > explosives security in that area exposed. > > Matey pull your finger maybe the little pinky and start taking this > seriously. I’d hate for our stock market to take a crash just because China > wanted a bit of backlash against us and America and found a gap within our > technology layer on this front. > > Now wouldn’t that be an easy way to take control of our country? Forget > about weapons of mass destruction one risk toppling all corporations in one > foul swoop. > > No words from ASX lads? Or don’t they tune in to tech related network > operators groups. Beware I’m sure that our Chinese friends are making calls > right this instant as a result of these troubling factors. > > Christopher-Edward Macko > > On Fri, 6 Sep 2019 at 9:21 am, Mark Newton wrote: > >> >> On 5 Sep 2019, at 11:55 PM, Chris Macko >> wrote: >> > Examples of this include TIA942 and the Uptime Institute specs >> requiring bullet proof glass yet no one has a procedure to stop 1kg let >> alone 100kg of servers filled with explosives from entering our data >> centres disguised as normal server equipment within fully racks brought in >> by clients during colo moves. >> >> That’s a bit of a movie-plot threat, though. >> >> If an adversary has reached the point where that’s a sensible tack for >> them to take, I’m going to offer that nothing your company does is going to >> be capable of stopping them because your imagination is unlikely to be as >> good as theirs, and we’re well into the realm of heavy law enforcement or >> light military response. >> >> I expect that most of this community’s denizens will find that they’re >> protected from this (supposed) threat by being in multiple locations in any >> case. Unless you’re going to up the movie plot stakes by saying the >> adversary is in all of them at the same time. >> >> (Can I also point out that the threat posed by smuggled explosives is >> indistinguishable from the threat posed by earthquake, flood, or fire, and >> companies with business continuity plans capable of withstanding completely >> predictable natural disasters have no need to invest additional stress into >> dealing with the next Die Hard sequel? You’re either prepared or you >> aren’t; And everyone already knows how to prepare, they just differ in how >> much they want to spend doing it) >> >> - mark >> >> >> >> ___ > AusNOG mailing list > AusNOG@lists.ausnog.net > http://lists.ausnog.net/mailman/listinfo/ausnog > ___ AusNOG mailing list AusNOG@lists.ausnog.net http://lists.ausnog.net/mailman/listinfo/ausnog
Re: [AusNOG] Risks to country and business infrastructure
John, a valid and good point, thanks for sharing On Mon, 9 Sep 2019 at 8:03 am, John Edwards wrote: > A movie that details such a corporate destruction is “Fight Club” and I > note that pushing additional risk-solving process onto security staff may > have actually exacerbated that scenario. > > > > On 6 Sep 2019, at 10:51 am, Mark Newton wrote: > > > > That’s a bit of a movie-plot threat, though. > ___ AusNOG mailing list AusNOG@lists.ausnog.net http://lists.ausnog.net/mailman/listinfo/ausnog
Re: [AusNOG] Risks to country and business infrastructure
A movie that details such a corporate destruction is “Fight Club” and I note that pushing additional risk-solving process onto security staff may have actually exacerbated that scenario. > On 6 Sep 2019, at 10:51 am, Mark Newton wrote: > > That’s a bit of a movie-plot threat, though. ___ AusNOG mailing list AusNOG@lists.ausnog.net http://lists.ausnog.net/mailman/listinfo/ausnog
Re: [AusNOG] Risks to country and business infrastructure
On 5 Sep 2019, at 11:55 PM, Chris Macko wrote: > Examples of this include TIA942 and the Uptime Institute specs requiring > bullet proof glass yet no one has a procedure to stop 1kg let alone 100kg of > servers filled with explosives from entering our data centres disguised as > normal server equipment within fully racks brought in by clients during colo > moves. That’s a bit of a movie-plot threat, though. If an adversary has reached the point where that’s a sensible tack for them to take, I’m going to offer that nothing your company does is going to be capable of stopping them because your imagination is unlikely to be as good as theirs, and we’re well into the realm of heavy law enforcement or light military response. I expect that most of this community’s denizens will find that they’re protected from this (supposed) threat by being in multiple locations in any case. Unless you’re going to up the movie plot stakes by saying the adversary is in all of them at the same time. (Can I also point out that the threat posed by smuggled explosives is indistinguishable from the threat posed by earthquake, flood, or fire, and companies with business continuity plans capable of withstanding completely predictable natural disasters have no need to invest additional stress into dealing with the next Die Hard sequel? You’re either prepared or you aren’t; And everyone already knows how to prepare, they just differ in how much they want to spend doing it) - mark ___ AusNOG mailing list AusNOG@lists.ausnog.net http://lists.ausnog.net/mailman/listinfo/ausnog
Re: [AusNOG] Risks to country and business infrastructure
Mind you we can move that decision in our favour by boosting Darwin as hydro agricultural hub and supplying China Indonesia and India with at least 20% of their fresh fruit and veg produce. It’s an achievable plan. But our government does require to scan all incoming and outgoing containers and know exactly what China may or may not bring to the country. That’s a real necessity. I’m sure America has that capability already whether they share it with Australia is another story. Who knows behind the scenes there’s stacked layers of secrets knowledge and imagination. I’m going to keep it quiet and see if we have any more responses at this stage. It’s about time we all started sharing the gaps and I’ll work hard with my team on fixing them. Chris On Fri, 6 Sep 2019 at 6:30 pm, Chris Macko wrote: > Further, For now things appear to be safe but a snare has been set and > things go to motion if anyone attempts to use this risk against our > democratic process. I’m not at liberty to share details. > > As for the NT minister responsible for renting out port of Darwin to China > for 100 years (and don’t get me wrong I do like the Chinese just feel they > may become a force to be reckoned with in future that needs to be managed > carefully as I like our existing cultural fit) what were you thinking? > Please come to Port Hedland so we can show you our gratitude. > > Chris > > On Fri, 6 Sep 2019 at 6:14 pm, Chris Macko > wrote: > >> Hi Mark, >> >> You do realise how easy it is to get ammonium nitrate in WA goldfields >> and even easier on Australian Opal fields? Not even requirements for cctv >> from governance bodies for storage locations so completely lack of regard >> for explosives security in that area exposed. >> >> Matey pull your finger maybe the little pinky and start taking this >> seriously. I’d hate for our stock market to take a crash just because China >> wanted a bit of backlash against us and America and found a gap within our >> technology layer on this front. >> >> Now wouldn’t that be an easy way to take control of our country? Forget >> about weapons of mass destruction one risk toppling all corporations in one >> foul swoop. >> >> No words from ASX lads? Or don’t they tune in to tech related network >> operators groups. Beware I’m sure that our Chinese friends are making calls >> right this instant as a result of these troubling factors. >> >> Christopher-Edward Macko >> >> On Fri, 6 Sep 2019 at 9:21 am, Mark Newton >> wrote: >> >>> >>> On 5 Sep 2019, at 11:55 PM, Chris Macko >>> wrote: >>> > Examples of this include TIA942 and the Uptime Institute specs >>> requiring bullet proof glass yet no one has a procedure to stop 1kg let >>> alone 100kg of servers filled with explosives from entering our data >>> centres disguised as normal server equipment within fully racks brought in >>> by clients during colo moves. >>> >>> That’s a bit of a movie-plot threat, though. >>> >>> If an adversary has reached the point where that’s a sensible tack for >>> them to take, I’m going to offer that nothing your company does is going to >>> be capable of stopping them because your imagination is unlikely to be as >>> good as theirs, and we’re well into the realm of heavy law enforcement or >>> light military response. >>> >>> I expect that most of this community’s denizens will find that they’re >>> protected from this (supposed) threat by being in multiple locations in any >>> case. Unless you’re going to up the movie plot stakes by saying the >>> adversary is in all of them at the same time. >>> >>> (Can I also point out that the threat posed by smuggled explosives is >>> indistinguishable from the threat posed by earthquake, flood, or fire, and >>> companies with business continuity plans capable of withstanding completely >>> predictable natural disasters have no need to invest additional stress into >>> dealing with the next Die Hard sequel? You’re either prepared or you >>> aren’t; And everyone already knows how to prepare, they just differ in how >>> much they want to spend doing it) >>> >>> - mark >>> >>> >>> >>> ___ AusNOG mailing list AusNOG@lists.ausnog.net http://lists.ausnog.net/mailman/listinfo/ausnog
Re: [AusNOG] Risks to country and business infrastructure
Further, For now things appear to be safe but a snare has been set and things go to motion if anyone attempts to use this risk against our democratic process. I’m not at liberty to share details. As for the NT minister responsible for renting out port of Darwin to China for 100 years (and don’t get me wrong I do like the Chinese just feel they may become a force to be reckoned with in future that needs to be managed carefully as I like our existing cultural fit) what were you thinking? Please come to Port Hedland so we can show you our gratitude. Chris On Fri, 6 Sep 2019 at 6:14 pm, Chris Macko wrote: > Hi Mark, > > You do realise how easy it is to get ammonium nitrate in WA goldfields and > even easier on Australian Opal fields? Not even requirements for cctv from > governance bodies for storage locations so completely lack of regard for > explosives security in that area exposed. > > Matey pull your finger maybe the little pinky and start taking this > seriously. I’d hate for our stock market to take a crash just because China > wanted a bit of backlash against us and America and found a gap within our > technology layer on this front. > > Now wouldn’t that be an easy way to take control of our country? Forget > about weapons of mass destruction one risk toppling all corporations in one > foul swoop. > > No words from ASX lads? Or don’t they tune in to tech related network > operators groups. Beware I’m sure that our Chinese friends are making calls > right this instant as a result of these troubling factors. > > Christopher-Edward Macko > > On Fri, 6 Sep 2019 at 9:21 am, Mark Newton wrote: > >> >> On 5 Sep 2019, at 11:55 PM, Chris Macko >> wrote: >> > Examples of this include TIA942 and the Uptime Institute specs >> requiring bullet proof glass yet no one has a procedure to stop 1kg let >> alone 100kg of servers filled with explosives from entering our data >> centres disguised as normal server equipment within fully racks brought in >> by clients during colo moves. >> >> That’s a bit of a movie-plot threat, though. >> >> If an adversary has reached the point where that’s a sensible tack for >> them to take, I’m going to offer that nothing your company does is going to >> be capable of stopping them because your imagination is unlikely to be as >> good as theirs, and we’re well into the realm of heavy law enforcement or >> light military response. >> >> I expect that most of this community’s denizens will find that they’re >> protected from this (supposed) threat by being in multiple locations in any >> case. Unless you’re going to up the movie plot stakes by saying the >> adversary is in all of them at the same time. >> >> (Can I also point out that the threat posed by smuggled explosives is >> indistinguishable from the threat posed by earthquake, flood, or fire, and >> companies with business continuity plans capable of withstanding completely >> predictable natural disasters have no need to invest additional stress into >> dealing with the next Die Hard sequel? You’re either prepared or you >> aren’t; And everyone already knows how to prepare, they just differ in how >> much they want to spend doing it) >> >> - mark >> >> >> >> ___ AusNOG mailing list AusNOG@lists.ausnog.net http://lists.ausnog.net/mailman/listinfo/ausnog
Re: [AusNOG] Risks to country and business infrastructure
Hi Mark, You do realise how easy it is to get ammonium nitrate in WA goldfields and even easier on Australian Opal fields? Not even requirements for cctv from governance bodies for storage locations so completely lack of regard for explosives security in that area exposed. Matey pull your finger maybe the little pinky and start taking this seriously. I’d hate for our stock market to take a crash just because China wanted a bit of backlash against us and America and found a gap within our technology layer on this front. Now wouldn’t that be an easy way to take control of our country? Forget about weapons of mass destruction one risk toppling all corporations in one foul swoop. No words from ASX lads? Or don’t they tune in to tech related network operators groups. Beware I’m sure that our Chinese friends are making calls right this instant as a result of these troubling factors. Christopher-Edward Macko On Fri, 6 Sep 2019 at 9:21 am, Mark Newton wrote: > > On 5 Sep 2019, at 11:55 PM, Chris Macko wrote: > > Examples of this include TIA942 and the Uptime Institute specs requiring > bullet proof glass yet no one has a procedure to stop 1kg let alone 100kg > of servers filled with explosives from entering our data centres disguised > as normal server equipment within fully racks brought in by clients during > colo moves. > > That’s a bit of a movie-plot threat, though. > > If an adversary has reached the point where that’s a sensible tack for > them to take, I’m going to offer that nothing your company does is going to > be capable of stopping them because your imagination is unlikely to be as > good as theirs, and we’re well into the realm of heavy law enforcement or > light military response. > > I expect that most of this community’s denizens will find that they’re > protected from this (supposed) threat by being in multiple locations in any > case. Unless you’re going to up the movie plot stakes by saying the > adversary is in all of them at the same time. > > (Can I also point out that the threat posed by smuggled explosives is > indistinguishable from the threat posed by earthquake, flood, or fire, and > companies with business continuity plans capable of withstanding completely > predictable natural disasters have no need to invest additional stress into > dealing with the next Die Hard sequel? You’re either prepared or you > aren’t; And everyone already knows how to prepare, they just differ in how > much they want to spend doing it) > > - mark > > > > ___ AusNOG mailing list AusNOG@lists.ausnog.net http://lists.ausnog.net/mailman/listinfo/ausnog
Re: [AusNOG] Risks to country and business infrastructure.
Hi Chris, In no way intending to be facetious, but given the sensitive nature of your request you could at a minimum include a PGP key in your email signature. (...and I am aware of the irony that I have not either) Kind regards, Jason > Date: Thu, 5 Sep 2019 21:55:25 +0800 > From: Chris Macko > To: ausnog@lists.ausnog.net > Subject: [AusNOG] Risks to country and business infrastructure > Message-ID: > > Content-Type: text/plain; charset="utf-8" > > Dear colleagues, > > As many of you are aware there are many gaps that have been discovered in > the hosting space and data centre centres over the years that I saw while > managing director of my previous hosting enterprise. Some of you may know > me quite intimately others who don?t I greet and say hello. > > I?m now working with a select group of specialists to form a new security > service that will help assist with technology and build hardware devices > that assist in solving (not mitigating) these risks. > > Examples of this include TIA942 and the Uptime Institute specs requiring > bullet proof glass yet no one has a procedure to stop 1kg let alone 100kg > of servers filled with explosives from entering our data centres disguised > as normal server equipment within fully racks brought in by clients during > colo moves. > > As you may be already aware at the time I last brought this to your > attention I was asking if the risk exposed our stock market in the case > that the ASX still continued to provide colo services, as that would put > our entire share market in jeopardy. is that still the case? Can anyone > from the asx respond? > > I?ve spoken to many directors since I sold my businesses and I don?t > believe anyone has stepped up to solving this risk (including ASIO or > CSIRO) so my group will do our best to suggest the most cost effective ways > to efficiently make the devices and provide them to you within a reasonable > timeframe. > > If you have seen gaps in technology software in business, lga, state or > federal run institutions, including airports, rail, mines, ports > authorities, banks, apra members, we need to know about it. Please email a > confidential email to chrismackozd...@gmail.com with 7 day expiry method so > that I can print off your concerns and safely store them until our group > meets for discussions in relation to your and our risks that we?ve seen > over the years. > > If you could please reply at your convenience, it would be appreciated. > > Kind and warm regards from Pilbara WA, > > Chris Macko > Master Director > Macko Corporation Pty Ltd > -- next part -- > An HTML attachment was scrubbed... > URL: > <http://lists.ausnog.net/pipermail/ausnog/attachments/20190905/7b852549/attachment-0001.html> > > -- > ___ AusNOG mailing list AusNOG@lists.ausnog.net http://lists.ausnog.net/mailman/listinfo/ausnog
[AusNOG] Risks to country and business infrastructure
Dear colleagues, As many of you are aware there are many gaps that have been discovered in the hosting space and data centre centres over the years that I saw while managing director of my previous hosting enterprise. Some of you may know me quite intimately others who don’t I greet and say hello. I’m now working with a select group of specialists to form a new security service that will help assist with technology and build hardware devices that assist in solving (not mitigating) these risks. Examples of this include TIA942 and the Uptime Institute specs requiring bullet proof glass yet no one has a procedure to stop 1kg let alone 100kg of servers filled with explosives from entering our data centres disguised as normal server equipment within fully racks brought in by clients during colo moves. As you may be already aware at the time I last brought this to your attention I was asking if the risk exposed our stock market in the case that the ASX still continued to provide colo services, as that would put our entire share market in jeopardy. is that still the case? Can anyone from the asx respond? I’ve spoken to many directors since I sold my businesses and I don’t believe anyone has stepped up to solving this risk (including ASIO or CSIRO) so my group will do our best to suggest the most cost effective ways to efficiently make the devices and provide them to you within a reasonable timeframe. If you have seen gaps in technology software in business, lga, state or federal run institutions, including airports, rail, mines, ports authorities, banks, apra members, we need to know about it. Please email a confidential email to chrismackozd...@gmail.com with 7 day expiry method so that I can print off your concerns and safely store them until our group meets for discussions in relation to your and our risks that we’ve seen over the years. If you could please reply at your convenience, it would be appreciated. Kind and warm regards from Pilbara WA, Chris Macko Master Director Macko Corporation Pty Ltd ___ AusNOG mailing list AusNOG@lists.ausnog.net http://lists.ausnog.net/mailman/listinfo/ausnog