Peter A Clarke

It would appear that the school management software of Camberwell High School has been accessed by a person without authority as reported in Camberwell High School becomes second target of major privacy breach in two weeks. Any breach is of concern but cyber threats, whether from overseas participants or bored students at the school is possibility.  In this case the damage limitation and advice to those affected has been dismal, and all too typical.  Government agencies, particularly at a state level are notoriously resistant to advising those whose personal information. As is often the case the shut down of communications or cover up occasionally makes a bad situation much, much worse.

The Camberwell High School Homepage provides no notice of comfort, providing contact details of those concerned about the breach.  Fairly typical “pull up the drawbridge” approach to information sharing.  According to the Camberwell High Schools Latest News:

Just a note to let you know that a small mudlark is protecting its nest along the Prospect Hill Road entries near the D building, it has also been sighted swooping near the E Building last week.  There have been a small number of students present with facial scratches so could you please be mindful and avoid the area when possible.

Please leave the mother bird alone as she will only be exhibiting this behaviour for a few weeks.

All for protecting mud larks and students from being scratched by them.  But losing personal information is a serious matter, as worrying if not more so than being swooped by the protective mudlark.  The cost of a data breach can be much greater!

What is interesting is that Read the rest of this entry »

It is something of a rite of passage for the Privacy Commissioner to release a report on privacy compliance or a survey about community attitudes to privacy around Privacy week.  This year is no different, with a 51 page report on a survey on Australian’s attitudes to privacy, privacy risks and trust in government and organisations.  The point of reference by comparison is a similar survey in 2013.  While the results are in the main consistent with 2013, there is a growing level of concern about online privacy.  This is not Read the rest of this entry »

The National Institute of Standards and Technology (the NIST) has issued an excellent guide to Blue Tooth Security. It should be mandatory reading for anybody interested in cyber security.

Bluetooth wireless technology is a ubiquitous technology used in linking devices.  It is an open standard for short-range radio frequency communication used primarily to establish wireless personal area networks (WPANs). It allows users to form ad hoc networks between devices to transfer voice and data. It is now integrated into business and consumer devices, including cellphones, laptops, automobiles, medical devices, printers, keyboards, mice and headsets.  It has recently been used in medical devices and personal devices such as smart watches, home appliances, fitness monitors, and trackers. Those devices hold and transfer large amounts of personal information.  Security is critical.

Bluetooth devices are susceptible to general wireless networking threats beyond Read the rest of this entry »

Further  to the earlier post, the worldwide ransomware attack on computer systems that did not properly patch their Microsoft systems has hit Australian shores.  In First Australian business infected in global cyber attack the Fairfax press reports on the first formally acknowledged hack.  The number of computers affected by the virus has Read the rest of this entry »

Ransomware attacks are hardly a new phenomana.  In internet terms it is a middle aged form of malware.  I have been writing about it for some years (see here, here, here, here, here, here and here for example).

Courtesy of a Microsoft vulnerability, hackers using the WannaCry ransomware have attacked thousands of locations throughout the world. At this stage there have been 75,000 attacks across 99 countries.  Organisations which did not apply a patch Microsoft released in March were vulnerable.  Unlike most ransomware Read the rest of this entry »

The Victorian Legislative Council passed the Freedom of Information Amendment (Office of the Victorian Information Commissioner) Bill 2016 yesterday.

The Act represents a significant restructure Read the rest of this entry »

Website flaws are a real problem for organisations.  Particularly where those flaw allow personal information to be viewed by non authorised personal.  In Website Flaw Let True Health Diagnostics Users View All Medical Records  a function Read the rest of this entry »

The Productivity Commission’s long running investigation into data use gave rise to a very significant interim report.  Yesterday the Productivity Commission publicly released the final report it provided to the Government on 31 March 2017.  The final report, a behometh at over 658 pages, is found here while the overview, not exactly a slim lined edition at 76 pages, is found here.

This is a very thoughtful and comprehensive report, even for those who do not agree with all of the methodology and the recommendations.  The Productivity Commission is recommending Read the rest of this entry »

Revenge porn or its new iteration “image based abuse” has been a feature of the internet for some time.  Social media and platforms in countries with no credible regulation has provided perpetrators with effective and vicious means to humiliate and harm those who were naive, foolish or simply unfortunate enough to have their images in the possession of others.  It is not a new problem.  Victoria  criminalised that conduct by creating the new offences of distribution of an intimate image, section 41DA, and threat to distribute an intimate image, section 41DB, under the Summary Offences Act 1966. Sexting is defined as “the creating, sharing, sending or posting of sexually explicit messages or images via the internet, mobile phones or other electronic devices”.  South Australia has similar laws with sections 26B and 26 C of the Summary Offences Act 1953 (SA).  
Read the rest of this entry »

In France prosecutions can be brought for invasion of privacy.  The trial of 6 individuals has just commenced for invasion of privacy and complicity.  The defendants include Read the rest of this entry »