Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Aussie PM Office Calls For Government Ban On Gmail, Hotmail

samzenpus posted more than 3 years ago | from the no-gmail-for-you dept.

Australia 178

aesoteric writes "The Australian National Audit Office has called on all Australian government agencies to block free web-based email services like Gmail and Hotmail to mitigate security and information integrity risks. The auditor noted that such public email services 'should be blocked on agency IT systems, as these can provide an easily accessible point of entry for an external attack and subject the agency to the potential for intended or unintended information disclosure.' Not surprisingly, the move is seen by some as an attempt to prevent a WikiLeaks-style disclosure from occurring."

cancel ×

178 comments

Why not just block attachments? (1)

LetterRip (30937) | more than 3 years ago | (#35595910)

Why not just block uploading/download attachments from those services. That seems like it would solve the problem for the most part, even if you could hand type or copy/paste sensitive informtiation the time to do so would be prohibative.

Re:Why not just block attachments? (0)

Anonymous Coward | more than 3 years ago | (#35595922)

Because its easier to implement a DNS block on gmail.com etc than it is to block a specific function within a web service that you don't control and that could change at any time.

Re:Why not just block attachments? (1)

rtfa-troll (1340807) | more than 3 years ago | (#35595978)

Is it? I think that people know how to do forwarding etc. etc.

It seems to me that it's actually easier to block all executable content (flash / javascript etc) and then block file upload/download to / from the browser than it would be to find every possible https based mail service (including my own secret one; which is used only by me personally and even that almost never) which is what you would have to do in order for this to make sense.

Re:Why not just block attachments? (3, Interesting)

dwarfsoft (461760) | more than 3 years ago | (#35596778)

Personally I think the first thing that they should do prior to disabling gmail or hotmail is disable USB keys from working on the computers in the network... I'm surprised at how many places haven't locked this down... What's the point of locking down the services if they can just copy whatever information and then email it from home?

Or maybe they should look closer at how they are operating first and try to mitigate the risk by running a clean house and educating staff of the finer points of netiquette "no Jill, we do not open executable attachments from outside, even if you think it might have been from Jack". Better still, disable users from running untrusted executables! So many things they could start with, why bother with webmail?

Re:Why not just block attachments? (2)

bernywork (57298) | more than 3 years ago | (#35595970)

Once this session is in HTTPS how do you determine what's a POST for someone sending text and someone sending data?

The only way to do it would be in the browser and not anywhere in the rest of the network. Simply from a management perspective, this just isn't possible.

Re:Why not just block attachments? (4, Informative)

upuv (1201447) | more than 3 years ago | (#35596140)

It is 100% possible and it is done ever day.

The proxy terminates the https request and then creates a new https request going out. So yes you can tell if there is POST event. You can tell if it is a file. You may not be able to read the file as it may have separate encryption.

Re:Why not just block attachments? (1)

Nursie (632944) | more than 3 years ago | (#35596260)

This relies on the browser trusting the proxy of course, and the proxy being able to fake being any/all websites.

What sorts of systems can do this at the moment?

I'm interested, because I can see it's possible to build it into an HTTP or HTTPS proxy, but there would be quite a lot of certificate futzing needed to get it working properly.

Re:Why not just block attachments? (1)

Confusador (1783468) | more than 3 years ago | (#35596564)

I can't completely answer the question, but it's worth noting that the system only works because the same entity has control of both the proxy and the client browser; they can set up their own internal CA if need be. And since the proxy is redirecting everything, trying to bypass it (e.g. running a browser of a usb drive) just means you can't get to anything over ssl.

Re:Why not just block attachments? (1)

upuv (1201447) | more than 3 years ago | (#35596918)

You got it in 1. :)

A large enterprise like the government can most definitely have this level of control over the proxy, internal CA and client standard operating environment.

This is actually rather trivial to setup. I can assure you it is used in practice.

Oh you can use your own browser. You just have to add the CA cert and make sure you use the proxy.pac file that a standard install would use. Some of the weirdo auth mechanism that some enterprises use can get in the way however.

Re:Why not just block attachments? (1)

asdf7890 (1518587) | more than 3 years ago | (#35596960)

It is certainly done in certain companies. I'll not mention the company name (though it is no secret really) but I have a friend who works for a defence contractor who work on MoD projects, and they do this to monitor outgoing HTTPS connections. No machine that touches their network does so without running one of their locked-down OS builds, and all their builds include the certificate for their internal CA in the trusted list for the OS and any extra browsers. Once your CA cert is trusted by all your client browsers, automating the generation of "valid" certificates is not difficult. To reduce the speed impact of this their proxy maintains a cache of certificates rather than generating new ones for each request. No doubt other businesses in that and other sensitive arenas do the same thing.

Re:Why not just block attachments? (1)

bernywork (57298) | more than 3 years ago | (#35596508)

OK, fair point.

I've seen that technology being used as an anti-virus filter, but never seen it to be able to intercept specific streams. Especially pulling everything apart at the application level....

Re:Why not just block attachments? (1)

Pieroxy (222434) | more than 3 years ago | (#35596696)

IIRC, the POST keyword in the http request is encrypted as well. EVERYTHING is encrypted. How can you tell if it's a file? I mean, everything is a stream of bits. Encrypted in https how can you tell the difference?

Re:Why not just block attachments? (2)

c0lo (1497653) | more than 3 years ago | (#35595982)

Attachments? Gmail uploads them by HTTP. GMail lets you use HTTPS to access GMail.
Good luck detecting what is an attachment and when you just "copy/pasted sensitive information in the very body of the email".

Even when blocking gmail/yahoo, still not addressing leakers using :
a. a HTTP proxy (e.g. to access gmail).
b. a private mailserver
c. a combination of the above (one can arrange for tunneling through HTTP [wikipedia.org] a totally different protocol).

Re:Why not just block attachments? (1)

deniable (76198) | more than 3 years ago | (#35596022)

That's assuming a browser, a connection and sensitive information on the same machine. If so, you've already lost. This idea is probably to stop the leaks of things that aren't secret but are embarrassing.

Re:Why not just block attachments? (1)

CastrTroy (595695) | more than 3 years ago | (#35596434)

That's what I thought. There's no reason you couldn't just send the information out on another email service. Or set up a dropbox account, and post the files to that. There's a million different ways to get the data out there. Like you said, once you have confidential documents, a browser, and an internet connection, all bets are off. Unless you are running with a small white-list of sites, and you are really sure of what is on those web sites.

Re:Why not just block attachments? (2)

rtb61 (674572) | more than 3 years ago | (#35596518)

More accurately the whole concept is that all email leaving or entering government departments adhere to similar principles of snail mail. That it adhere to the standards set forth by each department, with regards to record keeping and content.

Bit of a miss of private email but then that is the quirk of employer supplied email versus employer supplied snail mail. With snail mail, you wrote in on company time, pilfered a stamp but you used non letter head paper and a blank envelope, nobody really cared didn't cost that much and kept worker morale up and it was clearly non-company correspondence.

Catch with email is it is very difficult to separate non company email from company email using the company servers and in government because of communications audit responsibilities just using web-based services is not quite enough separation.

Of course with smart phones and netbooks, there really is no excuse not to use your own stuff and keep your privacy unless of course you are banned from carrying those items into the work place. Then of course companies might have to consider setting themselves up as ISPs to achieve legal separation from the communications they allow their workers as part of the salary package.

Re:Why not just block attachments? (1)

mirix (1649853) | more than 3 years ago | (#35596058)

Gmail forces HTTPS these days. Maybe there is an option to turn it off, but it is default. (it used to be the other way around, not too long ago).

Re:Why not just block attachments? (1)

mwvdlee (775178) | more than 3 years ago | (#35596572)

d. a USB stick
e. a printout

Re:Why not just block attachments? (1)

deniable (76198) | more than 3 years ago | (#35596000)

Easier to just implement the evil bit.

Re:Why not just block attachments? (0)

shentino (1139071) | more than 3 years ago | (#35596090)

Considering there's considerable debate on the morality of exposing government corruption the evil bit would probably have an undefined value in this case.

Re:Why not just block attachments? (1)

Dan541 (1032000) | more than 3 years ago | (#35596178)

I would think this is also to stop people from using their personal email accounts on the taxpayers time.

Re:Why not just block attachments? (1)

icebraining (1313345) | more than 3 years ago | (#35596336)

So people shouldn't have breaks? I thought you wanted productive employees.

Re:Why not just block attachments? (1)

Dan541 (1032000) | more than 3 years ago | (#35596710)

Nice strawman. I never said anything about denying people breaks.

Re:Why not just block attachments? (1)

icebraining (1313345) | more than 3 years ago | (#35596926)

So people should have breaks, but be blocked from using personal email accounts during them, why?

Re:Why not just block attachments? (0)

Anonymous Coward | more than 3 years ago | (#35596692)

I don't think think that's the main reason (and I say this as someone that, although not employed by the Australian Government themselves, spends most of their time consulting to them and working on-site with them). No ulterior motives here, they just want to eliminate a couple of potential attack/leak vectors.

Won't stop employees checking their personal email accounts at all - they'll just do it on their phones/iPads at lunchtime instead. Hell most of them already do this.

Incidentally, I should point out that webmail services are already blocked inside many Australian Govt. departments. Definitely blocked at Centrelink, Medicare, DVA and several others I've worked with. The system used blocks most webmail sites, including any MS Outlook Web access (which is annoying when you are working for an external company there and you can't check your corporate mailbox any other way!)

Hyperbole much? (5, Insightful)

Leafheart (1120885) | more than 3 years ago | (#35595914)

Now seriously guys, there are bad titles, and there are pathetic ones. This takes the cake as the prime of the prime on the latter camp. You make it sound like they want to ban it on Australia as a whole, while the truth is much more simple and in fact, valid. They simply urged the agencies to not use those services. The puzzlement should come from why are they using it anyway?

This was an audit performed on the security of Government data and not an exercise on quashing free speech. FFS aesoteric and samzepous, this was so pathetic that it wasn't even funny.

Re:Hyperbole much? (1)

commlinx (1068272) | more than 3 years ago | (#35595962)

Agreed and public servants should have better things to do than ping around personal e-mails all day. While with a proper security model the attachment aspect shouldn't matter for security, in practice it will. Also if you know what the Australian public sector is like I'd be concerned about my tax being used to pay for $50K for "counselling" and "support" to someone after being exposed to a naked pair of breasts in the workplace.

Re:Hyperbole much? (2)

statusbar (314703) | more than 3 years ago | (#35596242)

It seems that many if not most of the american politicians use gmail/yahoo from their offices to conduct state business on in order to hide from public discovery/freedom of information act... Perhaps the U.S. needs policies like this too!

Re:Hyperbole much? (1)

c0lo (1497653) | more than 3 years ago | (#35596060)

aesoteric and ..., this was so pathetic that it wasn't even funny.

aesoteric [slashdot.org] a user that doesn't post comments, but only stories. And which's web page leads to...itnews.com.au.
It is bound to lead to a double dose of advertising... with luck, the TFA may fall into "stuff that matters" category but... how muck luck can one have on /. these days?

Re:Hyperbole much? (1)

Bunzinator (1105885) | more than 3 years ago | (#35596098)

Government agencies don't use hotmail etc. for official mail, they have the gov.au domain for that. They are talking more about denying public (civil) servants the use of webmail for their private purposes from government systems. A good move, I think.

Re:Hyperbole much? (1)

Hognoxious (631665) | more than 3 years ago | (#35596172)

Says the guy posting to slashdot from work.

Re:Hyperbole much? (1)

Bunzinator (1105885) | more than 3 years ago | (#35596330)

Incorrect. It's approximately 2030 here at the moment. I left work hours ago. And I'm not employed by the government in any case.

Re:Hyperbole much? (1)

Anonymous Coward | more than 3 years ago | (#35596388)

Incorrect. It's approximately 2030 here at the moment. I left work hours ago. And I'm not employed by the government in any case.

So you are a spy?

Re:Hyperbole much? (0)

Anonymous Coward | more than 3 years ago | (#35596884)

Incorrect. It's approximately 2030 here at the moment. I left work hours ago. And I'm not employed by the government in any case.

So you are a spy?

More importantly, we now have evidence that the Higgs singlet exists and can be used to transmit information from 19 years in the future.

Re:Hyperbole much? (1)

Anonymous Coward | more than 3 years ago | (#35596200)

They are talking more about denying public (civil) servants the use of webmail for their private purposes from government systems.

The one I work for already does, I'm pretty sure most of the big ones would anyway. Perhaps this is for the smaller and must less restrictive departments. Most people have smartphones, tablets or netbooks if they wish to access the internet for non work related purposes.

Re:Hyperbole much? (5, Interesting)

aesoteric (1344297) | more than 3 years ago | (#35596204)

I actually agree. The title is inaccurate. It's also not the one that was submitted.

Re:Hyperbole much? (0)

Anonymous Coward | more than 3 years ago | (#35596338)

I'm not sure this should've been news in the first place. Seems to me that it's an attempt to blow it out of proportion.

It just breaks down into a government doing something that....really isn't that big of a deal.

inb4 "first they came for gmail in the office, but I said nothing"

Re:Hyperbole much? (1)

Journe (1493651) | more than 3 years ago | (#35596346)

I'm not sure this should've been news in the first place. Seems to me that it's an attempt to blow it out of proportion.

It just breaks down into a government doing something that....really isn't that big of a deal.

inb4 "first they came for gmail in the office, but I said nothing"

Bah, posting again to attribute this comment to me. Forgot I'd cleared all my login cookies and such when I upgraded to FF4.

Re:Hyperbole much? (1)

bloodhawk (813939) | more than 3 years ago | (#35596456)

What's more the majority of Australian government sites already block hotmail and gmail as well as most other ISP and internet mail providers and have done so for a long time.

Re:Hyperbole much? (1)

Anonymous Coward | more than 3 years ago | (#35596644)

Indeed. My favourite story of these providers involves a woman who was let go from a software firm in Ireland. The company kept getting e-mails dumped back on them and when they looked at what was happening was that she was sending company information to herself which was greater than the 19MB (Real world) limit of the provider. So the only thing standing between them and their data being stolen was an employee not knowing what the attachment limit was. I guess we can see why she was let go.

Re:Hyperbole much? (4, Informative)

Cimexus (1355033) | more than 3 years ago | (#35596702)

I've worked in quite a few Australian Govt. Departments (Commonwealth and State). In at least three-quarters of them, webmail such as Gmail and Yahoo and Hotmail were ~already blocked~. So this recommendation I suppose is just to pull the few departments that haven't already blocked them, into line.

Not again. (0)

Anonymous Coward | more than 3 years ago | (#35595946)

The number of ways in which the Australian government can show its total lack of understanding of the Internet continues to boggle the mind.

Re:Not again. (0)

Anonymous Coward | more than 3 years ago | (#35596036)

You're an idiot, reread the article.

What where they thinking? (4, Informative)

Elimental (2013582) | more than 3 years ago | (#35595954)

In the private sector I have been doing this for years, because of security. If a user want to access his Gmail/private mail he can use his mobile not via my network and if management agrees I would place a shared system in areas that is on a separate network for such uses.

Re:What where they thinking? (0)

Anonymous Coward | more than 3 years ago | (#35596554)

As an Admin for a Mid tier Aussie Accounting Firm, this is exactly what I do too.
Block all and any Webmail service I can identify, as the only mail we want going in and out of our network is via our corporate email system. That way we can ensure the integrity and content of all email sent and received for legal reasons.
I have several Kiosk machines around the office not on our internal network ( so they can do the personal stuff during breaks), and management can monitor the use of them

Waste of Time (1)

benjamindees (441808) | more than 3 years ago | (#35595956)

These types of blocks are easy to work around for the determined and extremely annoying for people just trying to do their jobs.

Re:Waste of Time (5, Insightful)

Celarent Darii (1561999) | more than 3 years ago | (#35596034)

True, but if someone needs gmail to do their government job, someone is not doing their job correctly.

The real problem with gmail, yahoo, msn or whatever is that it isn't the government's server, and there are lots of requirements for archiving and providing an audit trail for government business that gmail cannot (and shouldn't) provide.

IT is more than just putting up a webpage and sending messages, it is also insuring accountability and security. Free web mail is fine and even preferable for private stuff, but when it comes to government work we demand a certain accountability and security, and rightly so. Perhaps people do private messages at work, but this is damn hard to filter and in general on tax-payers time you have no right to be doing private correspondance on government payroll and equipment.

From the workers point of view it might seem a hassle, but try to look at it from the administrator's point of view. Those blocks are there for a reason, and the audit trail is there for a reason. Remove the audit trail and it would be close to impossible to make any sort of investigation on who stole the last 10,000 $ from the government till, and who influenced who in the last bid, and who approved what by which contacts.

People aren't perfect, company and government policies even less so, but there is often a reason for the policy even if it is implemented wrongly.

Go and hug your IT admin today, you'll find it easier to get your job done :)

Re:Waste of Time (4, Informative)

deniable (76198) | more than 3 years ago | (#35596052)

A real world example. [wikipedia.org]

"Allow all, block some" firewalls don't work (1)

Luke has no name (1423139) | more than 3 years ago | (#35595958)

If I want to get a file off a computer with Internet access, it WILL happen.

Re:"Allow all, block some" firewalls don't work (0)

Anonymous Coward | more than 3 years ago | (#35596016)

Yeah, but "allow all, block some" can make it decisively harder to get the file off a computer by accident.

Re:"Allow all, block some" firewalls don't work (1)

tnn_dk (933235) | more than 3 years ago | (#35596294)

Solaris Trusted Extensions is designed to handle users like you :) http://www.sun-rays.org/lib/hardware/sunray/ds/go_DTW_cc.pdf [sun-rays.org]

Re:"Allow all, block some" firewalls don't work (1)

Mathinker (909784) | more than 3 years ago | (#35596402)

And it, like everything else, is vulnerable to the "analog hole". Yes, I know that at high security installations people are searched upon entry for cameras and audio recording devices, but unfortunately, the advance of technology makes it likely that it will eventually be trivial to conceal such devices from most kinds of search equipment (in general, the smaller something is, the easier it is to conceal it).

Re:"Allow all, block some" firewalls don't work (2)

pipedwho (1174327) | more than 3 years ago | (#35596824)

And it, like everything else, is vulnerable to the "analog hole". Yes, I know that at high security installations people are searched upon entry for cameras and audio recording devices, but unfortunately, the advance of technology makes it likely that it will eventually be trivial to conceal such devices from most kinds of search equipment (in general, the smaller something is, the easier it is to conceal it).

Ah yes, the good ol' a-hole vulnerability. And a micro-SDcard dipped in vaseline.

Counterproductive (1)

Anonymous Coward | more than 3 years ago | (#35595986)

I have to block webmail services and all it means is that when I want to investigate data leakage, I have no idea where to start.

We permitted personal mail access in the past, and that made it much easier to hold people to account, as the poor sweet dears always imagined they were being dead subtle uploading the stolen files to a draft on gmail or wherever. Now, there are a million places in their browsing histories I have to check to see if they have an upload or post capability.

The Aussies are deluding themselves if they imagine this'll stop civil servants making off with secrets...

Beat around the.. (1)

xnpu (963139) | more than 3 years ago | (#35595998)

Obviously they can't come out and say directly that Google doesn't protect your from CIA BS, nor from the CIA's Wikileaks media outlet. They would be considered conspiracy nuts (as you consider me after reading this).

It's to keep the malware out (1)

Anonymous Coward | more than 3 years ago | (#35596010)

Australian Government employee here. (Posting as AC, of course.)

Our agency allows Hotmail, Gmail, etc. Just not from your desktop; you have to go through a special DMZ machine, and if you've received messages that you need for business, forward it to your official account.. The given reason is a lot more mundane than Wikileaks: to keep malware, viruses, etc. out. (Although the use of these DMZ machines are, no doubt, monitored for leaks of unauthorised stuff too.)

The "official" agency e-mail servers are highly filtered for malware. Presumably Hotmail, Gmail, etc. are just as good at filtering... but by policy, we can't (and shouldn't) rely on something out of our control like that.

Re:It's to keep the malware out (2)

deniable (76198) | more than 3 years ago | (#35596040)

The main reason we're given is record keeping acts. How do you archive work documents being sent through gmail, hotmail and so on? We're now getting requests to distribute official documents through Dropbox. Once we peeled the records manager off the ceiling, we said no.

Very Short Blacklists (1)

Tei (520358) | more than 3 years ago | (#35596030)

There are literally more than 290.000.000 of ways to upload data to the internet. Blocking 2 gets you a list of 289.999.999 ways. On top of that, people can use his phones, usb drives, etc.

Proper safety stuff is *nothing* like that.
Anyway could be a first step in a "defense in deep" protection, to achieve a 2% or 5% more protection.

Re:Very Short Blacklists (0)

Anonymous Coward | more than 3 years ago | (#35596064)

actually its 289,999,998...

jus sayin

Re:Very Short Blacklists (1)

Psychotria (953670) | more than 3 years ago | (#35596116)

Actually, it's 289999998.... best to leave out the commas and decimal points entirely when speaking to a global audience.

Just sayin'

Re:Very Short Blacklists (1)

Hognoxious (631665) | more than 3 years ago | (#35596198)

Actually, it's 289 999 998

If you're going to be a pedantic prick at least try to be correct. ISO 31-0 [wikipedia.org]

Re:Very Short Blacklists (1)

Tigger's Pet (130655) | more than 3 years ago | (#35596372)

Actually, you're all working on the wrong basis. The original poster of this thread said that there were "more than 290.000.000" More than, means 290 000 001 or greater. Therefore, removing two of them leaves you with 289 999 999 or greater - not 289 999 998.
It's always good when an AC comes on and uses the old "just saying" - knowing full well that if he posted on his account he'd be hit with a "Score: -1, Idiot"

Re:Very Short Blacklists (1)

Cimexus (1355033) | more than 3 years ago | (#35596728)

No way ... reading long numbers without thousands separators (whether dots or commas or spaces) is hard :(

Re:Very Short Blacklists (0)

Anonymous Coward | more than 3 years ago | (#35597000)

Wow, you suck at math.

290.000.000 - 2 = 289.999.998

it is not unusual for companies to block webmail. (2)

Chrisq (894406) | more than 3 years ago | (#35596032)

it is not unusual for companies to block webmail. I don't see why government departments shouldn't do it either. As others have pointed out anyone who is determined will get information out anyway, but it does prevent the "casual" release, either accidental "There's a lot of hassle in the office, I haver heard people say the merger might be off" deliberate but non-malicious "I'll email this document home and I can finish it this evening" or malicious "I'll email this home then if I don't get my pay rise.....".

Why not educate. (0)

Anonymous Coward | more than 3 years ago | (#35596050)

The biggest problem this world has: It is lead by so called intelligent people. I start to RAGE when i see stupidity! Why not EDUCATE instead of blocking, punishing, etc.? EDUCATION is something that you dont see anywhere. They are not teaching you in school how to use a mail, they are teaching useless stuff that most of it you will forget or you dont use it! OH, Why not cut the electricity and you go back to stone age so you can rule your kingdom? (it will be easier if you shoot yourselves.)

Non-IT people making IT decisions. (2)

upuv (1201447) | more than 3 years ago | (#35596062)

I don't have to mention how much of nothing this solves.

The real issue is non-IT people making IT decisions.

Maybe IT people making IT decisions. (4, Insightful)

dbIII (701233) | more than 3 years ago | (#35596146)

Remember Sarah Palin and her webmail that somebody got into by just answering some incredibly easy "security" questions? If I was in government IT security I'd be recommending that nothing remotely important was sent to or from hotmail etc.
There's also the archiving problem. An important email sent to or from hotmail may disappear into a black hole never to be seen again within a year so you are out of luck if you want the information in it after that date.
Then there's the "paper trail". We wouldn't have had so much on Poindexter and North selling weapons to terrorists (Hezbolla via Iran after Hezbolla killed all those US Marines) if their emails hadn't been on the backup tapes. That's one reason why places have rules about not using hotmail etc.
Finally, gmail may be stable but if you are a University that has outsourced your students mail to hotmail and a stupid internal Microsoft DNS error prevents them getting email your trouble ticket gets put in a queue for a week before it gets fixed. That's for paying customers. Lost mail and no access for over a week. Now consider how those on free accounts are going to get treated when things go wrong.
It really is quite stupid to rely on it for anything work related if you want to pretend to be any sort of professional organisation.

From the Scene (1)

Anonymous Coward | more than 3 years ago | (#35596070)

Hi, I'm an Australian IT Security Administrator (thankfully not responsible for any of the agencies which recently got audited) but having these websites added to a blacklist doesn't just mean a technical block (which we all know can be bypassed) but it also means a clear IT Security policy decision saying "Accessing this website is against IT Policy". With this policy decision, actions can be taken against workers who attempt to bypass the block as we can say "It was clear in our policy and in it's enforcement that the website was blocked, you have no excuse for accessing said banned services". This is important seeing as at the moment it is not as clear and punitive measures are somewhat limited. Although users tend to be a bit thick, I've found that a large majority of them in cases such as using unofficial web mail services for official purposes can be resolved through user education of the dangers of using said services. Not only that but if IT departments in these agencies actually listen to their users, they'll probably find the reasons on why users favour them over the existing solution (ease of use is usually the answer) which can also be addressed.

Aussie PM? Really? (0, Flamebait)

captain_sweatpants (1997280) | more than 3 years ago | (#35596130)

It's the Australian Prime Minister.

I assume this was article was submitted by an Australian, and to that person I would say you need to get a little self-respect. FFS even if you don't respect the person, at least respect the office. Would you seriously submit an article about the yanky prezo and expect it to be published? No, you would refer to him as the US President or more likely just the President, or Obama, even if you hated his guts. To do otherwise is to insult the American people. Refering to some random Australian as an aussie, that's acceptable, although for a news site I personally consider it unprofessional. But, refering to the highest office in the land or any other official goverment entity for that matter as being 'aussie' is just insulting.

Re:Aussie PM? Really? (0)

Anonymous Coward | more than 3 years ago | (#35596184)

It's the Australian Prime Minister.

I assume this was article was submitted by an Australian, and to that person I would say you need to get a little self-respect.

I'm an Aussie, and I'd say you need to settle down, sunshine.

Re:Aussie PM? Really? (0)

Anonymous Coward | more than 3 years ago | (#35596298)

Did I see you on the tellie at the Cronulla riots? You're a boof head mate. Our Prime Minister deserves better that what /. served up, no matter what strip of politics you're from.

Re:Aussie PM? Really? (0)

Anonymous Coward | more than 3 years ago | (#35596536)

I was thinking of going, but I'm half skip half Lebanese so I decided against it for risk of beating myself up.

Re:Aussie PM? Really? (0)

Anonymous Coward | more than 3 years ago | (#35596214)

It's not insulting, it's a compliment. You do know we "aussies" boo'd the PM during the opening ceremony of the 2000 Sydney Olympics! We simply have not a care for such formalities. But of course we would not refer to your leader as a "Yanky prezo," but customs are different here, so no one cares what you call the PM or any other figure of authority. It's more a compliment than insult really to say "Aussie PM".

Re:Aussie PM? Really? (2)

centuren (106470) | more than 3 years ago | (#35596316)

It's the Australian Prime Minister.

I assume this was article was submitted by an Australian, and to that person I would say you need to get a little self-respect.

It's not insulting, it's a compliment.

I'm an Aussie, and I bear the term proudly. I am also proud of our long, rich heritage of not having sticks up our collective arses. Now an expat, I often refer to home as "Oz" and fondly tell stories like that of Bob Dwyer having to apologise to the Queen in 1991.

But, refering to the highest office in the land or any other official goverment entity for that matter as being 'aussie' is just insulting.

PM or not, she bloody well better be an 'Aussie' first.

No, you would refer to him as the US President or more likely just the President, or Obama, even if you hated his guts. To do otherwise is to insult the American people.

According to large portions of the American people, Obama is a terrorist and G.W. Bush was retarded, so I'm not quite sure what you're trying to convey to that Australian who needs "a little self-respect".

Re:Aussie PM? Really? (1)

zippthorne (748122) | more than 3 years ago | (#35596930)

Most people would've shortened that to "Yank Prez" and it's a perfectly cromulent way for a foreigner to refer to a US president, since we ourselves often refer to the president as "da prez" informally.

I'm sure Australians rarely refer to the "australian X" in their government though, since it's quicker to just say, "the X" Adding the qualifier when it doesn't really need to be qualified seems a little patronizing.

Re:Aussie PM? Really? (1)

TBBle (72184) | more than 3 years ago | (#35596282)

It's worse than that. "Aussie PM Office". What they're actually talking about the "Department of the Prime Minister and Cabinet", the department which holds a sort of higher-level overview position within the Australian Public Service rather than being dedicated to one particular area of government. (Like the Prime Minister herself) Hence the presence within that department of the National Audit Office, which does cross-department audits.

As for "Aussie PM" itself, that's not about self-respect. It's merely a failure to distinguish between levels of formality in speech and writing for an audience. She's the "Aussie PM" (or colloquially just "the PM") in the same way that the Queen is "Madge". But when you write formally (i.e. not transcribing speech to retain specific effect as I just did, or taking notes for oneself) then they're the "Australian Prime Minister" and "Her Majesty, The Queen" respectively.

Certainly not written by a Canberran (the actual colloquial spoken form is "PM and C", not "PM Office") and I doubt it was an Australian submission so much as an attempt to emulate the Australian vernacular.

Then again, I'd have contracted "president" to "pres", not "prezo" myself. So our vernaculars may simply differ. ^_^

Re:Aussie PM? Really? (1)

Cimexus (1355033) | more than 3 years ago | (#35596746)

Mod parent up +1 Informative. Would do it myself (I have points) but I already posted on this thread.

Settle down mate. (2)

LordHaart (1364019) | more than 3 years ago | (#35596400)

As a proud Aussie myself, I have never met another Australian who feels the term "Aussie" is in any way degrading or rude. Some Americans may feel that way about the term "Yank" but I can say with complete confidence that "Aussie PM" gets used ALL THE TIME in Australia, by people and on TV.

Re:Settle down mate. (0)

Anonymous Coward | more than 3 years ago | (#35596642)

As a proud Aussie myself, I have never met another Australian who feels the term "Aussie" is in any way degrading or rude. Some Americans may feel that way about the term "Yank" but I can say with complete confidence that "Aussie PM" gets used ALL THE TIME in Australia, by people and on TV.

Stone the crowes! Seriously fair crack of the whip mate! Us Aussies are true blue and proud of being called Aussies! On topic though, if they're afraid some kind of leak getting out, don't worry, us Aussie's know what a USB stick is. ^^

Re:Aussie PM? Really? (1)

upuv (1201447) | more than 3 years ago | (#35596966)

Um as an Aussie we don't feel the "Aussie" is in any way insulting.

As an X Canadian I also did not feel any shame in being called a Canuck.

I assume you must be a Yank. Cause if I was a Yank I would be insulted.

Re:Aussie PM? Really? (1)

Rennt (582550) | more than 3 years ago | (#35597014)

You're way off base there. "PM" is used throughout the former British Commonwealth as semi-official short-hand for Prime Minister, and Aussie is a badge worn with pride. "Aussie PM" in particular is published in newspapers every single day.

I'm sure the PM herself would be horrified at the suggestion that the term was anything to be ashamed of.

Re:Aussie PM Office Calls For Government Ban On Gm (-1)

Anonymous Coward | more than 3 years ago | (#35596160)

I love this game.I love it!LOVE IT! cheap nfl jerseys [cheapnfljerseyszone.com]
Action speak louder than words.[url=http://www.cheapnfljerseyszone.com]cheap nfl jerseys[/url]But I am a student,I have not time to watch the games on live. cheap jerseys [hotjerseys2011.com]
So I still care for this game.I can because i think i can.[url=http://www.hotjerseys2011.com]cheap jerseys[/url]Someone tell me that we are the loser.The winner never quit. victory!!!!!!Never say die.

swiss imitation watches (-1)

Anonymous Coward | more than 3 years ago | (#35596238)

End up being Trendy By using swiss imitation watches [swissimita...atches.com]
Now the watch not only present precision perform of revealing time, but also show that wearer’ personality style, so adding a watch on your wrist is actually necessary. If you don’t have enough money to afford a brand watch, swiss imitation watches [swissimita...atches.com] are your best choice.
If you understand little about the imitation watches for sale [swissimita...atches.com] , let me grant you a simple description. They are the copies of brand watches, but are not crafted in the original designer watches, so quality imitation watches [swissimita...atches.com] haven’t the expensive price, but the high quality imitation watches [swissimita...atches.com] offer the similar feel and show as that original ones.
Attention, now the best imitation watches [swissimita...atches.com] are greatly more advanced than the false ones. These high quality imitation watches [swissimita...atches.com] will be the exact imitations which serve a similar purpose in the original ones. Manufacturers set special treatment and hard work on the details, so these imitation watches for sale [swissimita...atches.com] tend to the same as the original ones. Actually, an individual that offers basic knowledge within the brands in addition to their item lines can simply recognize these kinds of quality imitation watches [swissimita...atches.com] from false ones.
Now the most fast in addition to convenient approach is searching online. There are a lot of online shops offering a whole range worth mentioning swiss imitation watches [swissimita...atches.com] . It is possible to choose in the wide choice at extremely affordable price ranges.
If you wish, you can make much more to stay yourself updated while using latest style trend. In the word, should you be looking for classy and cost-effective best imitation watches [swissimita...atches.com] , look no beyond quality reproduction timepieces.
Article resource: www.swissimitationwatches.com

It's not enough (1)

Artem Tashkinov (764309) | more than 3 years ago | (#35596360)

They should block Tor, SSL websites, applications with encryption too (almost all modern archivers support AES, not to mention TrueCrypt and similar products). And special Aussie Windows version without built-in encryption won't hurt.

Good luck with this mission impossible.

Gmail is secure. (1)

pro151 (2021702) | more than 3 years ago | (#35596396)

My company (Worldwide) has switched to Google Apps and Gmail and we find it to be a very secure system so far, and the Gmail spam filter is top shelf.

Ampersand (0)

Anonymous Coward | more than 3 years ago | (#35596484)

The comma is not suitable for a list of two items. Instead, use an ampersand.

"Calls for Government ban on Gmail & Hotmail"

London (0)

Anonymous Coward | more than 3 years ago | (#35596488)

It does sound a bit odd to those used to accessing whatever they want at will, but I work in an investment bank in London and it's the same story here. You don't need Gmail to do your job. Learn to split your work and home life up a little so you can actually be a bit more productive rather than breaking your attention span every 10 minutes.

They can still... (0)

Anonymous Coward | more than 3 years ago | (#35596560)

send out confidential data using the in-house email client. Sure, it will be in the logs and maybe your folders/sent but they can't block you from sending it. Even if you leak it, the most they could do is fire/prosecute you but it would still be leak-able.

They can't block email to non-govt-domain IDs since it's obvious that they may be legitimately emailing someone outside of their department or even the government.

If they are gonna be retards about it, why not block out internet access completely? They could still use 'dropbox' type services (2 GB) or sugarsync (5 GB worth of confidential data leaked per account/per day). How hard would it be to leak info even if they block gmail? Heck, if you can access govt/work email from home, just save yourself a massive draft file or email urself and download the attachment at home. There's also sending attachments in chat services, ftp, etc.

Frankly, the only ppl this policy would inconvenience are those not planning to do any leaking.

UK government already does this (0)

Anonymous Coward | more than 3 years ago | (#35596584)

All webmail is blocked by the filtering software.

PM office? (0)

Anonymous Coward | more than 3 years ago | (#35596606)

So pray tell dear American editors making up headlines - Just when did the Audit Department group join the Prime Minister's department? You know how people on /. say RTFA... well as editors you should!

Doesn't GMail block executable attachments? (2)

EmagGeek (574360) | more than 3 years ago | (#35596608)

And scan all email for viruses and malware? I've never so much as had a peep from anything I've gotten in GMail in 5 years.

oh lordy (0)

Anonymous Coward | more than 3 years ago | (#35596622)

Everyone knows thats how the big leaks happen. People sitting at their work desks sending email via hotmail and google.

Seriously, they should also ban printing, external peripherals, being a disgruntled employee, ban WiFi, jam cell phone signals, and finally, every day at 5pm wipe their employees memory and store it in a machine until 9am the next morning when it can be reloaded into the employees brain. That way information can be controlled in 50% more effectively.

good point (1)

Miska (45422) | more than 3 years ago | (#35596666)

given the state of disrepair of our university email system, many of us - staff included - are considering switching to something like gmail, to 'fix' things. probably quite a few government email systems are in no better shape.

Already blocked in some UK government bodies (1)

mr fog (716564) | more than 3 years ago | (#35596712)

My wife works for the FSA and cannot access gmail/yahoo there.

I call deflection .. (1)

Anonymous Coward | more than 3 years ago | (#35596764)

the Australian PM is hugely unpopular (think Bush near the end of his reign) ..
And besides what email system IS secure?

Re:I call deflection .. (2)

The Fanta Menace (607612) | more than 3 years ago | (#35596798)

Amusingly, the nutjob opposition leader is even more unpopular.

This already happens (2)

Entropic Alchemist (1613649) | more than 3 years ago | (#35596776)

I can definitely say, as an Australian Federal Public Service employee that web-based email is completely blocked. It is actually cause for immediate dismissal if you try to access them.

Pointless (2)

The Fanta Menace (607612) | more than 3 years ago | (#35596788)

Blocking webmail services is like whack-a-mole. There's likely to be one somewhere that you'll miss, and when the potential leakers (henceforth known as patriots) find it, you're back to square one.

The Great Down Under is going down fast! (0)

Anonymous Coward | more than 3 years ago | (#35596882)

The actions suggested sound more like those of a TinPotDictator attempting to suppress the dissemination of independent thoughts than anything else.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...