ACMA to talk blacklist security

Lists in transit as "secure as a bank"

The Australian Communications and Media Authority (ACMA) will discuss blacklist security with a web filter vendor next week, amid reports the list will be hijacked or stolen.

The meeting, one of many throughout the year for the communications watchdog, will consider the fallibility of secure transit of blacklists between government agencies and Internet Service Providers (ISPs).

IT engineers and hackers have claimed the ability to inject URLs into blacklists held by ISPs, or to simply steal and publish the list.

NetSweeper regional director, Michael Grace, who will meet with ACMA officials next week, said the blacklists can be as “secure as a major bank”.

“There are methods that can be used to log and collect IP addresses and match them to web sites, but that is easy to say,” Grace said.

“Go ahead and do it. It would take an immense amount of time and power that makes that unworkable.

“The weakness is in the ISPs where an employee could take the list and publish it on wikileaks. But we can encrypt the blacklist, so they will only see garble.”

ACMA content classification section manager, Richard Fraser, said it is not formally evaluating the security of the blacklist, but is “collecting information and literature” on filtering technology, including the security of blacklists in transit.

Part of the Federal Government’s proposal includes the security of blacklists - that is something that needs to be taken into account,” Fraser said.

Grace, a security professional of more than 20 years, said he was formerly charged with protecting the daily transmission of sensitive information to some 500 European banks.

“You can’t promise security, but it can be as secure as what the banks rely on.”

He said the government will consider offering small ISPs a managed content filter service.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags ACMAmandatory ISP level filtering

More about Federal Government

Show Comments