Class action to target government over ‘robotdebt’ scheme


Centrelink’s controversial ‘robodebt’ scheme will be the subject of a class action led by law firm Gordon Legal with the support of the Labor Party.

The scheme — formally known as the Online Compliance Initiative (OCI) — involves automatically generated letters being sent to former and current welfare recipients demanding that they prove they were not overpaid by Centrelink.

The data-matching program takes Australian Taxation Office (ATO) income records and matches them with Centrelink clients. Centrelink’s algorithm assumes that the ATO-reported annual income of an individual was earned at an equal rate throughout the year, leading to letters being sent asking highlighting a possible debt being owed to Centrelink even in cases where there is no conflict between the data sets.

A 2017 report from a Senate inquiry called for the system’s suspension.

“Throughout this inquiry, the committee heard many personal accounts of the stress and distress the automated debt recovery system has caused recipients,” the report stated. The OCI system involved a “fundamental lack of procedural fairness” that was “evident in every stage,” the report said.




10 minutes mail – Also known by names like : 10minemail, 10minutemail, 10mins email, mail 10 minutes, 10 minute e-mail, 10min mail, 10minute email or 10 minute temporary email. 10 minute email address is a disposable temporary email that self-destructed after a 10 minutes. https://tempemail.co/– is most advanced throwaway email service that helps you avoid spam and stay safe. Try tempemail and you can view content, post comments or download something anonymously on Internet.

Australia concluded China was behind hack on parliament, political parties


Australian intelligence determined China was responsible for a cyber-attack on its national parliament and three largest political parties before the general election in May, five people with direct knowledge of the matter told Reuters.

The Australian Signals Directorate (ASD)  concluded in March that China’s Ministry of State Security was responsible for the attack, the five people with direct knowledge of the findings of the investigation told Reuters.

The five sources declined to be identified due to the sensitivity of the issue. Reuters has not reviewed the classified report.

The report, which also included input from the Department of Foreign Affairs, recommended keeping the findings secret in order to avoid disrupting trade relations with Beijing, two of the people said. The Australian government has not disclosed who it believes was behind the attack or any details of the report.

In response to questions posed by Reuters, Prime Minister Scott Morrison’s office declined to comment on the attack, the report’s findings or whether Australia had privately raised the hack with China. The ASD also declined to comment.

China’s Foreign Ministry denied involvement in any sort of hacking attacks and said the internet was full of theories that were hard to trace.

“When investigating and determining the nature of online incidents there must be full proof of the facts, otherwise it’s just creating rumors and smearing others, pinning labels on people indiscriminately. We would like to stress that China is also a victim of internet attacks,” the Ministry said in a statement sent to Reuters.

“China hopes that Australia can meet China halfway, and do more to benefit mutual trust and cooperation between the two countries.”

China is Australia’s largest trading partner, dominating the purchase of Australian iron ore, coal and agricultural goods, buying more than one-third of the country’s total exports and sending more than a million tourists and students there each year.

Australian authorities felt there was a “very real prospect of damaging the economy” if it were to publicly accuse China over the attack, one of the people said.




10 minutes mail – Also known by names like : 10minemail, 10minutemail, 10mins email, mail 10 minutes, 10 minute e-mail, 10min mail, 10minute email or 10 minute temporary email. 10 minute email address is a disposable temporary email that self-destructed after a 10 minutes. https://tempemail.co/– is most advanced throwaway email service that helps you avoid spam and stay safe. Try tempemail and you can view content, post comments or download something anonymously on Internet.

NSW Government iCare claim platform cost $360M


A bespoke platform to power the NSW Government’s recently-merged insurance provider has cost $360 million dollars, a public hearing for the Inquiry into Budget Estimates 2019-2020 revealed.

Insurance and Care NSW (iCare) first launched the Guidewire Insurance Platform in 2017 following its formation from six public insurance schemes two years previously.

The NSW Government paid $160 million in licence and building fees for the cloud-based platform, plus a further $200 million on the “transformation” costs of rolling out the platform across iCare and other insurance.

The figures were revealed by iCare CEO and MD John Nagle during a State Premier and Finance committee on 29 August.

When grilled by Greens MP David Shoebridge about the $160 million expenditure, Nagle defended Guidewire as a “standard system” that is one biggest insurance platforms used globally.




10 minutes mail – Also known by names like : 10minemail, 10minutemail, 10mins email, mail 10 minutes, 10 minute e-mail, 10min mail, 10minute email or 10 minute temporary email. 10 minute email address is a disposable temporary email that self-destructed after a 10 minutes. https://tempemail.co/– is most advanced throwaway email service that helps you avoid spam and stay safe. Try tempemail and you can view content, post comments or download something anonymously on Internet.

What we know so far about the unusual Windows 10 1909


Microsoft has acknowledged that this fall’s “feature upgrade” for Windows 10 will be virtually identical to the already-available version 1903 released in May.

“19H1 and 19H2 share the same servicing content. That means they share the same Cumulative Update package,” Dona Sarkar and Brandon LeBlanc, the spokespeople for Microsoft’s Windows Insider beta testing program, wrote last week in a post to their group’s blog.

Sarkar and LeBlanc referenced 19H1 and 19H2 – better known perhaps as 1903 and 1909, respectively, in Microsoft’s four-number labeling format – because their team had just released those builds to the Release Preview ring, where a subgroup of all program participants do a last test of betas.

Although Sarkar and LeBlanc did not explicitly say so – Microsoft rarely puts things plainly – their explanation confirmed that the fall “upgrade,” 1909, will be nothing like previous Windows 10 editions. Instead, it will be a barely changed retread of the spring’s 1903.

That Windows 10 1909 will resemble an old style “service pack” was not news: Last month, Sarkar and LeBlanc touted the refresh’s small number of features and their even smaller import. Both were central to the characterization of 1909 as a service pack, as that format rarely included new features but instead collected past updates. (Microsoft’s last service pack was for Windows 7, issued in early 2011.)

The two went into even greater detail about why Insider delivered two builds, 191H/1903 and 192H/1909, to the Release Preview ring.

“For the small subset of Windows Insiders (the 10%) in Release Preview who were given the option to install 19H2, an enablement package is downloaded from Windows Update that turns on the 19H2 features,” Sarkar and LeBlanc wrote. “This changes the build number for the OS from 19H1 Build 18362 to 19H2 Build 18363. Because they use the same servicing content, the build revision number (the number that comes after the dot) will always match between 19H1 and 19H2. As we continue to test our servicing packages in the Release Preview ring, Insiders on 19H1 and 19H2 will get a single Cumulative Update with the same fixes.”

It’s parsing time

There is worthwhile information in what Sarkar and LeBlanc said in the quotes above. It’s just that it’s buried in terminology no one outside Microsoft’s development team needs to know, surrounded by unnecessary verbiage that few understand or find useful.

Here are the bits that, teased from the rest, proved important.

  • 19H1 and 19H2 share the same servicing content. This is actually fairly clear; the two “upgrades” 1903 and 1909 that are now being tested and will be released this fall, presumably simultaneously, are identical in content.




10 minutes mail – Also known by names like : 10minemail, 10minutemail, 10mins email, mail 10 minutes, 10 minute e-mail, 10min mail, 10minute email or 10 minute temporary email. 10 minute email address is a disposable temporary email that self-destructed after a 10 minutes. https://tempemail.co/– is most advanced throwaway email service that helps you avoid spam and stay safe. Try tempemail and you can view content, post comments or download something anonymously on Internet.

ISPs ordered to continue blocking sites hosting Christchurch terror footage


Major Australian Internet service providers (ISPs) have been directed to continue blocking access to eight sites that host footage of the Christchurch terrorist attacks or the manifesto written by the alleged attacker.

In the wake of the Christchurch attacks in March, major telcos including Telstra, Optus and Vodafone blocked a range of sites that hosted copies of the footage originally streamed by the alleged gunman on Facebook Live. Sites including 4chan, 8chan, Kiwi Farms, Encyclopaedia Dramatica, Live Leak, Voat and Zerohedge were believed to be blocked, at least temporarily, by some or all of the ISPs.

“Australian internet service providers acted quickly and responsibly in the wake of the terrorist attacks in Christchurch in March this year to block websites that were hosting this harmful material,” communications minister Paul Fletcher said today.

“ISPs called on the government to provide them with certainty and clarity in taking the action they did, and today, we are providing that certainty.”

The minister said that the eSafety Commissioner had directed ISPs to continue blocking a list of eight websites. The blocks will last at least six months, following which the commissioner will review the sites and remove from the list those that have taken down copies of the footage or manifesto.

The government said that the commissioner is working with telcos on a protocol for rapid takedowns of terror material during crisis events. Devising such arrangements was a recommendation of the Australian Taskforce To Combat Terrorist And Extreme Violent Material Online. The taskforce said that ultimately the government should move to introduce legislation to “establish a content blocking framework for terrorist and extreme violent material online in crisis events”.

In August Prime Minister Scott Morrison announced an OECD initiative that he said would “strengthen transparency by tech companies in a bid to prevent online terrorist activity”.

“I’m very pleased to say that Australia, together with New Zealand and the OECD, is funding a project to develop Voluntary Transparency Reporting Protocols on preventing, detecting, and removing terrorist and violent extremist content from online platforms. We welcome and encourage further support for this project,” a statement released at the time by the PM said.

“This work will establish standards and provide clarity about how online platforms are protecting their users, and help deliver commitments under the Christchurch Call to implement regular and transparent public reporting in a way that is measurable and supported by clear methodology,” Morrison said.

“Digital industry will benefit from establishing a global level playing field. The project will assist to reduce the risk of further unilateral action at national levels, avoid fragmentation of the regulatory landscape and reduce reporting burdens for online platforms.”

Join the newsletter!

Error: Please check your email address.

Tags governmentTelecommunicationseSafety CommissionerChristchurch Call




10 minutes mail – Also known by names like : 10minemail, 10minutemail, 10mins email, mail 10 minutes, 10 minute e-mail, 10min mail, 10minute email or 10 minute temporary email. 10 minute email address is a disposable temporary email that self-destructed after a 10 minutes. https://tempemail.co/– is most advanced throwaway email service that helps you avoid spam and stay safe. Try tempemail and you can view content, post comments or download something anonymously on Internet.

Government mulls greater role protecting private sector from cyber threats


The government is seeking feedback as to whether its role in fighting cyber crime should change in order to offer “greater assistance to Australian businesses to defend against highly sophisticated malicious actors”.

“State actors target Australian businesses for a range of reasons, including access to intellectual
property and espionage. In these situations, it might not be possible for businesses to fully defend themselves given the skills and expertise of those targeting them,” a government discussion paper released today states.

“The Government is most concerned about threats to Australian businesses that provide essential services, such as energy, water, telecommunications and transport.”

The discussion paper and accompanying consultation process are intended to inform an update to Australia’s National Cyber Security Strategy, which was originally launched in 2016 and updated in 2017.




10 minutes mail – Also known by names like : 10minemail, 10minutemail, 10mins email, mail 10 minutes, 10 minute e-mail, 10min mail, 10minute email or 10 minute temporary email. 10 minute email address is a disposable temporary email that self-destructed after a 10 minutes. https://tempemail.co/– is most advanced throwaway email service that helps you avoid spam and stay safe. Try tempemail and you can view content, post comments or download something anonymously on Internet.

New cyber security principles provide strategic guidance for government agencies


A significant revamp of a key cyber security document is designed to provide government agencies with strategic guidance on protecting their data.

The Australian Cyber Security Centre (ACSC), which is part of the Australian Signals Directorate (ASD), has released an updated version of the government’s Information Security Manual (ISM). The ISM now includes a series of “cyber security principles” grouped into four key activities:

  • Govern: Identifying and managing security risks.
  • Protect: Implementing security controls to reduce security risks.
  • Detect: Detecting and understanding cyber security events.
  • Respond: Responding to and recovering from cyber security incidents.

The document includes a framework to help organisations assess their maturity across the four categories.

The updated ISM is the culmination of a 12-month effort to shift the document “from a compliance-based information security manual to a principles-based cyber security framework that organisations can apply, using their corporate risk management framework, to protect their systems and information from cyber threats,” a statement released by the ACSC said.

“With the release of these updated principles, government, industry and academia are strongly encouraged to consider the strategic guidance they provide when designing and implementing new systems and services.”

The ISM now receives monthly updates; previously it was updated on an annual basis.

The new edition of the ISM also updates a range of security controls. Many of the changes are relatively minor (using “data repositories” in preference to “information”), but the control relating to temporary access to systems has been tightened, and the recommendations relating to management practices for passwords used as the sole method of authentication for a system have also undergone some small changes.

The ISM is available online.

In July, the ACSC released an update to its ‘Essential Eight’ maturity model. The ASD in early 2017 unveiled the Essential Eight mitigation strategies.

The ACSC’s ‘cyber security principles’:

Govern

G1: A Chief Information Security Officer provides leadership and oversight of cyber security.

G2: The identity and value of systems, applications and information is determined and documented.

G3: The confidentiality, integrity and availability requirements of systems, applications and information is determined and documented.

G4: Security risk management processes are embedded into organisational risk management frameworks.

G5: Security risks are identified, documented, managed and accepted both before systems and applications are authorised for use, and continuously throughout their operational life.

Protect

P1: Systems and applications are designed, deployed, maintained and decommissioned according to their value and their confidentiality, integrity and availability requirements.

P2: Systems and applications are delivered and supported by trusted suppliers.

P3: Systems and applications are configured to reduce their attack surface.

P4: Systems and applications are administered in a secure, accountable and auditable manner.

P5: Security vulnerabilities in systems and applications are identified and mitigated in a timely manner.

P6: Only trusted and supported operating systems, applications and computer code can execute on systems. Australian Government Information Security Manual SEPTEMBER 2019 2

P7: Information is encrypted at rest and in transit between different systems.

P8: Information communicated between different systems is controlled, inspectable and auditable.

P9: Information, applications and configuration settings are backed up in a secure and proven manner on a regular basis.

P10: Only trusted and vetted personnel are granted access to systems, applications and data repositories.

P11: Personnel are granted the minimum access to systems, applications and data repositories required for their duties.

P12: Multiple methods are used to identify and authenticate personnel to systems, applications and data repositories.

P13: Personnel are provided with ongoing cyber security awareness raising and training.

P14: Physical access to systems, supporting infrastructure and facilities is restricted to authorised personnel.

Detect

D1: Cyber security events and anomalous activities are detected, collected, correlated and analysed in a timely manner.

Respond

R1: Cyber security incidents are identified and reported both internally and externally to relevant bodies in a timely manner.

R2: Cyber security incidents are contained, eradicated and recovered from in a timely manner.

R3: Business continuity and disaster recovery plans are enacted when required.

Join the newsletter!

Error: Please check your email address.

Tags governmentcyber securityAustralian Cyber Security Centre (ACSC)Australian Signals Directorate (ASD)security




10 minutes mail – Also known by names like : 10minemail, 10minutemail, 10mins email, mail 10 minutes, 10 minute e-mail, 10min mail, 10minute email or 10 minute temporary email. 10 minute email address is a disposable temporary email that self-destructed after a 10 minutes. https://tempemail.co/– is most advanced throwaway email service that helps you avoid spam and stay safe. Try tempemail and you can view content, post comments or download something anonymously on Internet.

Google eyes second Australian cloud region, is keen to host classified data


Google has continued to build up the capacity of its Sydney cloud region since its mid-2017 launch, but the company is also in throes of planning for a second Australian-based region.

“We continue to bring more and more capacity and more and more capability to our infrastructure as we grow and the demand grows,” said Colin Timm, Google Cloud’s ANZ country director.

The second Australia-based Google Cloud Platform region will be located in another capital city. The cloud provider isn’t yet prepared to publicly announce the city, but Timm told Computerworld “it stands to reason, we need to be close to our customers”.

“Obviously we’re providing for disaster recovery across sovereign data and of course we’re reducing latency at every turn,” the local Google Cloud head said. “Hang that off of Google’s private network that we have, and the subsea cables now around the other end of Australia [the INDIGO cable system] — that presents for a very solid story around our capacity in-country.”

The cloud provider is also interested in making it easier for government agencies to use its services to process classified data.

In December 2018, the Australian Cyber Security Centre announced that 16 Google Cloud Platform services had been certified for use with unclassified but sensitive government data.

Google was added to the Certified Cloud Services List (CCSL), joining the likes of Amazon Web Services (AWS) and Microsoft, as well as Australian providers such as Macquarie Telecom, Sliced Tech and Vault Systems.

The certified services comprised compute (Compute Engine, App Engine and Kubernetes Engine), storage (Cloud Storage and Persistent Disk), networking (Virtual Private Cloud, Cloud Load Balancing and Cloud DNS), security (Cloud Key Management Service and Cloud IAM), management (Stackdriver), data analytics (Cloud Dataflow, Cloud Dataproc and Cloud Datalab), and databases (Cloud SQL and Cloud Datastore).

“We are working to the next level of certification,” Timm said. “We have policy people landing on shore here; we will be relentless in our pursuit of that.”

Google is intent on building out its base of public sector customers, Timm said.

Microsoft had its certification for hosting data classified as Protected accepted in April 2018, coinciding with the company’s launch of its government-focused Canberra Azure regions. In January 2019, AWS received the green light to host government data classified at the Protected level. Macquarie, Sliced and Vault are also certified for hosting Protecting data.

Join the newsletter!

Error: Please check your email address.

Tags governmentCloudcloud computingGoogleGoogle Cloud PlatformCertified Cloud Services List




10 minutes mail – Also known by names like : 10minemail, 10minutemail, 10mins email, mail 10 minutes, 10 minute e-mail, 10min mail, 10minute email or 10 minute temporary email. 10 minute email address is a disposable temporary email that self-destructed after a 10 minutes. https://tempemail.co/– is most advanced throwaway email service that helps you avoid spam and stay safe. Try tempemail and you can view content, post comments or download something anonymously on Internet.

NT ICAC hunts for case management system to aid corruption investigations


The Northern Territory’s Independent Commissioner Against Corruption (ICAC) has begun the hunt for a software system to manage ICAC’s investigations and cases.

The Office of the ICAC began taking reports on 30 November, following the mid-2018 appointment of Kenneth Fleming as the ICAC.

Fleming’s office has released a request for tender, with the ICAC seeking a “proven” commercial off-the-shelf proven integrated business system. The ICAC is “seeking a contemporary business system to manage the end to end investigation and case management workflow,” tender documents state.

The system must allow individuals to directly submit, potentially anonymously, reports of improper conduct to ICAC via its website, including uploading supporting documentation, as well as manage details of offline reports to the commission. It must also meet the ICAC’s legislative requirements “to protect the identity of those who report improper conduct by delivering enhanced security and access controls,” tender documents state.

The ICAC is seeking “tools to manage complex investigations including planning capability, robust activity tracking and automatic workflow escalations”.




10 minutes mail – Also known by names like : 10minemail, 10minutemail, 10mins email, mail 10 minutes, 10 minute e-mail, 10min mail, 10minute email or 10 minute temporary email. 10 minute email address is a disposable temporary email that self-destructed after a 10 minutes. https://tempemail.co/– is most advanced throwaway email service that helps you avoid spam and stay safe. Try tempemail and you can view content, post comments or download something anonymously on Internet.

Breach notification rules for new government data scheme, but no consent for sharing


New legislation that will enable data collected by public sector agencies to be more easily shared is expected to be accompanied by new rules for data breach notifications, a discussion paper released today by the government said.

The government in May 2018 said it would introduce a new data sharing and release framework as part of a package of reforms sparked by the Productivity Commission’s report on the availability and use of data.

Development of the proposed framework is inspired partly by the UK ‘Five Safes’ principles.

The Office of the National Data Commissioner (ONDC), which was established last year by the government, today released a consultation paper on the development of data sharing and release legislation. The paper states that the ONDC is still considering the kind of data breach scheme that is needed for the new framework.

In February 2018, the Notifiable Data Breaches (NDB) scheme, which is overseen by the Office of the Australian Information Commissioner (OAIC) and covers a range of personal information about individuals, came into effect.

“The Data Sharing and Release legislation requires a different kind of notification scheme for the vast range of data falling outside the Privacy Act 1988 notifications scheme,” the ONDC consultation paper states.




10 minutes mail – Also known by names like : 10minemail, 10minutemail, 10mins email, mail 10 minutes, 10 minute e-mail, 10min mail, 10minute email or 10 minute temporary email. 10 minute email address is a disposable temporary email that self-destructed after a 10 minutes. https://tempemail.co/– is most advanced throwaway email service that helps you avoid spam and stay safe. Try tempemail and you can view content, post comments or download something anonymously on Internet.