ITWire

Home Business IT Security MelbourneIT in the firing line over AAPT hack

MelbourneIT in the firing line over AAPT hack

Get all your tech news delivered to your mail box five days a week
iTWire UPDATE - it's FREE!


Questions are being asked over the relative simplicity with which the hacking group Anonymous was able to break into both the various Queensland Government websites AND the AAPT business servers. The one common factor - they're hosted by MelbourneIT. And this isn't the first time.

iTWire has received confirmation from a number of sources that the hacked Queensland Government servers AND the AAPT business customer database were both hosted by MelbourneIT.

Furthermore, it would seem that Adobe's Cold Fusion application server was the underlying platform in all cases. Interestingly, when iTWire discussed this with well-known local security expert, Michael McKinnon of AVG, McKinnon observed that the issues with Cold Fusion were well known in the hosting community and relatively easily addressed. In fact, McKinnon admitted that he had only just finished re-checking that Cold Fusion servers under his own control were properly hardened prior to our conversation.

He outlined how the Cold Fusion exploit worked to this writer. It's very simple, but we won't be shouting it from the rooftops!

The Anonymous organisation has claimed that these hacks are in support of its opposition to the Federal Government's proposed data retention rules
The biggest problem however, is that this is not the first time MelbourneIT has been somewhat "open-handed" in its protection of customer data. In March 2005, fellow iTWire author Sam Varghese wrote a tale of woe on the part of panix.com - a victim of domain hijacking.

In that report, Varghese wrote, "Domain name arbiter, the Internet Corporation for Assigned Names and Numbers, has placed the blame for the domain hijacking of panix.com squarely on the shoulders of Melbourne IT.

"The domain name of Panix, one of the oldest ISPs in New York, was registered with Dotster, a registrar based in Washington. The hijack took place on January 15. By January 17, the domain had been restored."

Despite promising the 'liberated' AAPT data nearly two days ago, at the time of writing, there was still no sign of it on Anonymous' own 'leaks' website.

RECRUITMENT & RETENTION REPORT 2013

HIRE OR FIRE? BUY OR BUILD

2013 is well underway and Australian companies need to know whether they should invest in IT skills training or pay a premium for the people they need.

If you want to know which choices are being made in your sector, what skills are hard to find, which sectors intend to hire or fire and where the IT spend is going, this free report is must have.

GET YOUR REPORT NOW

David Heath

joomla statistics

David Heath has over 25 years experience in the IT industry, specializing particularly in customer support, security and computer networking. Heath has worked previously as head of IT for The Television Shopping Network, as the network and desktop manager for Armstrong Jones (a major funds management organization) and has consulted into various Australian federal government agencies (including the Department of Immigration and the Australian Bureau of Criminal Intelligence). He has also served on various state, national and international committees for Novell Users International; he was also the organising chairman for the 1994 Novell Users' Conference in Brisbane. Heath is currently employed as an Instructional Designer, building technical training courses for industrial process control systems.

More in this category: « AAPT confirms ownership of Anonymous hacked data AAPT data file to drop late tonight »
back to top


Services

Company

Community

Connect

http://bs.serving-sys.com/BurstingPipe/adServer.bs?cn=tf&c=19&mc=imp&pli=5460041&PluID=0&ord=[2000]&rtu=-1