Net filtering scheme has serious security risks
Kangaroo cockup
By Sylvie Barak
Wednesday, 17 December 2008, 18:52

A REVEALING INTERVIEW with computer security techspert, Matthew Strahan, has brought to light disturbing potential problems with Australia's upcoming ISP-level censorship plan, including the facilitating of personal data interception and even bringing down the whole Australian Internet.

In an interview to BanThisURL, Strahan, known as a "white hat hacker" because his job is hacking into company computer systems in order to fix their vulnerabilities, said any filters could be worked around, and might even pose security risks that wouldn't have occurred without them.

The filter proposed by the Aussie government is much like those used by many mean spirited companies that deny their employees the joys of Pr0n and YouTube at work. It will also apparently be a dedicated box rather than simply filtering software.

The main worry expressed by Strahan is that hackers could take over the filter box to carry out Man in the Middle attacks whereby they could intercept private information and emails without anyone being any the wiser.

Another serious concern is denial of service (DOS) attacks, which could allow a talented hacker to bring down the entire ISP by bombarding the filter with hundreds of thousands of HTTP packets in a very short space of time, overwhelming it and stopping it from letting any legitimate requests through.

You wouldn't even need to have a decent sized botnet, according to Strahan, who notes "if you find something that causes a lot of processing in the filter then even an ADSL connection might be able to bring it down."

As if that wasn't bad enough, there are plenty of other problems that could occur with the new filters, including cross site scripting vulnerabilities which could allow hackers to inject HTML or Javascript content into web pages. Also, if everything has to pass through a single box, and that box gets attacked and goes down, you can kiss your connection goodbye.

Another scary consequence could be if a hacker figured out how to add things onto the blacklist. If this happened, he or she could offer to sell their services to rival companies, offering to bung competitors into the blacklist and causing industrial chaos.

It all seems a bit of a shame, really, especially since filters are so easily bypassed using proxies anyway. Especially free VPN software like Hotspot Shield which just tunnels through the censor.

Asked if there were any filters he'd be confident enough deploying in an ISP level filtering system, Strahan replied "I wouldn't be confident enough in any of them," adding "If you standardise what boxes are put in the ISPs, all of them will be vulnerable to the same security vulnerabilities. Which means if somebody makes a single mistake - say the software manufacturer has a buffer overflow - then someone would be able to use that to take over all the filters in Australia."

Blimey!

Of course, that would be the worst case scenario. But that's not to say lots of other problems couldn't also arise. Australia better hope this whole net filtering idea doesn't boomerang on them. µ
sourcer inq