Re: [AusNOG] Assistance and Access Bill moves to PJCIS

[Matthew Moyle-Croft]

April 2nd is budget day.

May 11 is *likely* Election Day (may 18th as a backup).

Sitting days are: 
https://www.aph.gov.au/About_Parliament/Sitting_Calendar/Sitting_calendar_2019-text_version

33 days is the *minimum* from issuing writs (usually on a Monday) to polling 
day which isn’t that far after budget day - so we’ll go into caretaker mode the 
moment the budget is passed.

I don’t expect anything to actually *happen* until the next government of which 
ever flavour is sworn in and starts moving on their legislative path - which 
could be well into the second half of this year.

I’m not smart enough to understand the “real issues” that the election will be 
“fought” over but I doubt it’s the #aabill and so I’m not even sure it’s worth 
saying much until after the election and the winning part(y|ies) start thinking 
about the next Parliament.

(I’ve attempted to discuss AABill with both my current Fed member and the other 
major Party’s candidate and neither were interested in engaging on it and the 
sitting member was, let’s say, very dismissive of my comments).

MMC


> On 29 Mar 2019, at 3:48 pm, Paul Wilkins  wrote:
> 
> Crunch time is 3rd April, when the PJCIS will report back to Parliament. I 
> expect Labor recommending their same amendments plus whatever washes up from 
> the latest round of consultation. Then it's up to the Liberals to either act 
> in good faith, and pass the Labor amendments as per prior agreement, or, play 
> politics, refuse to pass the agreed amendments, and scare up the issue. I'd 
> like to think there would be serious political cost for not honouring the 
> agreement. Unfortunately, the Liberal hard right Trumpists are the one's 
> invested in the populist theatre of blowing up public policy grounded in 
> evidence.
> 
> Kind regards
> 
> Paul Wilkins
> 
> 
> On Fri, 29 Mar 2019 at 10:52, Paul Brooks  > wrote:
> On 28/03/2019 5:29 pm, Peter Fern wrote:
> > On 28/3/19 12:33 pm, Paul Wilkins wrote:
> >> The silence on the Assistance and Access Act since it passed in December 
> >> has been
> >> deafening. It was firmly understood, on representations by the Liberal 
> >> Government,
> >> that the bill passed was passed as an expedient, yet now we have the third 
> >> report
> >> from PJCIS due 3rd April, and yet another round of submissions from 
> >> corporations
> >> large and small, industry luminaries and human rights and legal experts, 
> >> all saying
> >> that basically we're where we were back in September 2018, when Dutton 
> >> rather
> >> disingenuously reported to the House that:
> >>
> >> "The government has consulted extensively with industry and the public on 
> >> these
> >> measures and has made amendments to reflect the feedback in the 
> >> legislation now
> >> before the parliament."
> >>
> >> Yet no matter how many submissions are made to how many parliamentary 
> >> committees,
> >> we now seem stuck with a deeply flawed Act, the Liberals are walking 
> >> backwards on
> >> the Labor amendements, while the country's police forces now operate with 
> >> sweeping
> >> interception powers well beyond what's necessary and proportional.
> >
> >
> > Because, of course we are - anyone who thought we'd be anywhere else today 
> > was
> > living in a fantasy land.  And you can thank Labor for this, on account of 
> > being
> > completely spineless weasels, almost as much as the Libs for ramrodding this
> > disgusting mess through in the first place.  Tech policy in this country is 
> > an
> > absolute joke.
> 
> Looking forward to your submission to the PJCIS, and let us know how your 
> meeting with
> your local federal MP goes when you explain all this in words of one syllable 
> to her/him.
> 
> This week's event was the commercial tech industry waking up to the huge 
> economic
> impact, and the distrust and loss of business from international customers and
> prospects that will lead to Australian tech firms moving out of Australia, 
> and not
> starting up in Australia in the first place. When companies like Senatas and 
> Atlassian
> say they will need to move all their operations out of the country to avoid 
> the
> suspicion and mistrust, and Microsoft recently that the #AABill is making 
> them uneasy
> about storing customer data in Australia, the momentum is building that even 
> the
> relevant Ministers can't ignore.
> 
> Yes, it would have been great if the bill hadn't been passed back in December 
> - but
> that egg has been scrambled, the exercise now is to get it modified or 
> cancelled.
> 
> There is a template letter to your local MP hosted at
> https://www.dropbox.com/sh/u64wadpyy97sw4f/AACTZ-grqUgUqFClXBmzPk99a?dl=0 
> , 
> put
> together by the InnovationAUS crew, to help make it easy to send a message. 
> If they
> don't hear the message from the people - and trust me, they aren't reading 
> AusNOG -
> they won't change.
> 

Re: [AusNOG] Assistance and Access Bill moves to PJCIS

[Paul Wilkins]

Crunch time is 3rd April, when the PJCIS will report back to Parliament. I
expect Labor recommending their same amendments plus whatever washes up
from the latest round of consultation. Then it's up to the Liberals to
either act in good faith, and pass the Labor amendments as per prior
agreement, or, play politics, refuse to pass the agreed amendments, and
scare up the issue. I'd like to think there would be serious political cost
for not honouring the agreement. Unfortunately, the Liberal hard right
Trumpists are the one's invested in the populist theatre of blowing up
public policy grounded in evidence.

Kind regards

Paul Wilkins


On Fri, 29 Mar 2019 at 10:52, Paul Brooks 
wrote:

> On 28/03/2019 5:29 pm, Peter Fern wrote:
> > On 28/3/19 12:33 pm, Paul Wilkins wrote:
> >> The silence on the Assistance and Access Act since it passed in
> December has been
> >> deafening. It was firmly understood, on representations by the Liberal
> Government,
> >> that the bill passed was passed as an expedient, yet now we have the
> third report
> >> from PJCIS due 3rd April, and yet another round of submissions from
> corporations
> >> large and small, industry luminaries and human rights and legal
> experts, all saying
> >> that basically we're where we were back in September 2018, when Dutton
> rather
> >> disingenuously reported to the House that:
> >>
> >> "The government has consulted extensively with industry and the public
> on these
> >> measures and has made amendments to reflect the feedback in the
> legislation now
> >> before the parliament."
> >>
> >> Yet no matter how many submissions are made to how many parliamentary
> committees,
> >> we now seem stuck with a deeply flawed Act, the Liberals are walking
> backwards on
> >> the Labor amendements, while the country's police forces now operate
> with sweeping
> >> interception powers well beyond what's necessary and proportional.
> >
> >
> > Because, of course we are - anyone who thought we'd be anywhere else
> today was
> > living in a fantasy land.  And you can thank Labor for this, on account
> of being
> > completely spineless weasels, almost as much as the Libs for ramrodding
> this
> > disgusting mess through in the first place.  Tech policy in this country
> is an
> > absolute joke.
>
> Looking forward to your submission to the PJCIS, and let us know how your
> meeting with
> your local federal MP goes when you explain all this in words of one
> syllable to her/him.
>
> This week's event was the commercial tech industry waking up to the huge
> economic
> impact, and the distrust and loss of business from international customers
> and
> prospects that will lead to Australian tech firms moving out of Australia,
> and not
> starting up in Australia in the first place. When companies like Senatas
> and Atlassian
> say they will need to move all their operations out of the country to
> avoid the
> suspicion and mistrust, and Microsoft recently that the #AABill is making
> them uneasy
> about storing customer data in Australia, the momentum is building that
> even the
> relevant Ministers can't ignore.
>
> Yes, it would have been great if the bill hadn't been passed back in
> December - but
> that egg has been scrambled, the exercise now is to get it modified or
> cancelled.
>
> There is a template letter to your local MP hosted at
> https://www.dropbox.com/sh/u64wadpyy97sw4f/AACTZ-grqUgUqFClXBmzPk99a?dl=0,
> put
> together by the InnovationAUS crew, to help make it easy to send a
> message. If they
> don't hear the message from the people - and trust me, they aren't reading
> AusNOG -
> they won't change.
>
> Paul.
>
>
>
>
>
>
>
>
> > ___
> > AusNOG mailing list
> > AusNOG@lists.ausnog.net
> > http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Mikrotik IPv6 Vulnerability - Must Read if you have Public IPv6 Facing Mikrotik

[Noel Butler]

On 29/03/2019 11:17, Mike Everest wrote:

> On the point of "the fix is in v7"

v7  has for a great many years, been code for  "too hard basket"

-- 
Kind Regards, 

Noel Butler 

This Email, including any attachments, may contain legally 
privileged
information, therefore remains confidential and subject to copyright
protected under international law. You may not disseminate, discuss, or
reveal, any part, to anyone, without the authors express written
authority to do so. If you are not the intended recipient, please notify
the sender then delete all copies of this message including attachments,
immediately. Confidentiality, copyright, and legal privilege are not
waived or lost by reason of the mistaken delivery of this message. Only
PDF [1] and ODF [2] documents accepted, please do not send proprietary
formatted documents 

 

Links:
--
[1] http://www.adobe.com/
[2] http://en.wikipedia.org/wiki/OpenDocument___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Mikrotik IPv6 Vulnerability - Must Read if you have Public IPv6 Facing Mikrotik

[Mike Everest]

On the point of “the fix is in v7”

 

That kind of statement is usually code for “it’s a kernel issue” since the 
major version number of RouterOS has (so far) related to linux kernel revision. 
 Therefore, if that is the official position on this problem, then there may be 
some logical conclusions that might be drawn:

 

1.   Maybe this can’t be fixed in current routerOS v6.xx

2.   Maybe other OS based on linux kernel may also be affected

 

Pure conjecture from me, of course – despite the relatively ‘close’ 
relationship that we have with MikroTik, we are not much better informed than 
everyone else when it comes to this sort of thing :-}

Cheers!

Mike.

 

From: AusNOG [mailto:ausnog-boun...@lists.ausnog.net] On Behalf Of Rob Thomas
Sent: Friday, 29 March 2019 10:50 AM
To: Cameron Murray 
Cc:  
Subject: Re: [AusNOG] Mikrotik IPv6 Vulnerability - Must Read if you have 
Public IPv6 Facing Mikrotik

 

Quick summary of the problem:

 

* From the description it appears to be a kernel-level issue - when a MikroTik 
device receives a magic IPv6 packet, it will panic.

* MikroTik have known about it for almost a year, and have not fixed it.

* It is not fixed in the latest 6.44.1 image

* The discoverer has been trying to practice responsible disclosure, but has 
given up

 

Further things:

* MikroTik HAVE acknowledged it in a new thread a couple of hours ago

  https://forum.mikrotik.com/viewtopic.php?f=2 
 
=147048#p723696

* Twitter thread from the guy who discovered it:

  https://twitter.com/maznu/status/1110910688623513601

* There's a comment 'The fix is in v7' - theres a long running joke that v7 
will never emerge (it probably never will, they've lost most of their senior 
engineers, and refuse to open source their code to leverage their developers in 
the community)

 

I guess the good thing for me is that Nexium still can't provide us IPv6 so 
we're kinda safe up here 8)

 

--Rob

 

 

On Fri, 29 Mar 2019 at 09:25, Cameron Murray mailto:cameron.mur...@gmail.com> > wrote:

Guys,

 

This has just popped up on the Mikrotik forums that I am sure many on the list 
need to be aware of.

 

If you run Mikrotik in your network and have IPv6 on a Public facing interface 
please check the following link: 
https://forum.mikrotik.com/viewtopic.php?t=147076 

 

Cheers

 

Cameron

___
AusNOG mailing list
AusNOG@lists.ausnog.net  
http://lists.ausnog.net/mailman/listinfo/ausnog

___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Mikrotik IPv6 Vulnerability - Must Read if you have Public IPv6 Facing Mikrotik

[Mark Smith]

On Fri, 29 Mar 2019 at 10:51, Rob Thomas  wrote:
>
> Quick summary of the problem:
>
> * From the description it appears to be a kernel-level issue - when a 
> MikroTik device receives a magic IPv6 packet, it will panic.
> * MikroTik have known about it for almost a year, and have not fixed it.
> * It is not fixed in the latest 6.44.1 image
> * The discoverer has been trying to practice responsible disclosure, but has 
> given up
>
> Further things:
> * MikroTik HAVE acknowledged it in a new thread a couple of hours ago
>   https://forum.mikrotik.com/viewtopic.php?f=2=147048#p723696
> * Twitter thread from the guy who discovered it:
>   https://twitter.com/maznu/status/1110910688623513601
> * There's a comment 'The fix is in v7' - theres a long running joke that v7 
> will never emerge (it probably never will, they've lost most of their senior 
> engineers, and refuse to open source their code to leverage their developers 
> in the community)
>
> I guess the good thing for me is that Nexium still can't provide us IPv6 so 
> we're kinda safe up here 8)
>

So there is a possibility that an IPv6 packet tunnelled over IPv4
towards one of these Microtiks could trigger the vulnerability, as the
entry point for IPv6 packets into the IPv6 stack for both IPv6 over a
link layer vs. IPv6 over IPv4 is the same (as IPv4 is effectively
being used as a link layer.)

I don't know anything about Microtik or have access to any, however it
may be worth checking if they enable an IPv6 over IPv4 tunnel
capability by default in some way. For example, a "stateless" tunnel
technology like 6to4 (with "stateless" meaning that tunnel endpoints
don't need to be explicitly configured), enabled by default, may make
the device vulnerable.

"Security Implications of IPv6 on IPv4 Networks"
(https://tools.ietf.org/html/rfc7123) has quite a lot of discussion
regarding security issues related to tunnelling of IPv6 over IPv4 and
mitigations. It is dated 2014, so it may be a bit dated, however the
advice on how to block the various IPv6 in IPv4 packets would still be
correct.

Regards,
Mark.


> --Rob
>
>
> On Fri, 29 Mar 2019 at 09:25, Cameron Murray  wrote:
>>
>> Guys,
>>
>> This has just popped up on the Mikrotik forums that I am sure many on the 
>> list need to be aware of.
>>
>> If you run Mikrotik in your network and have IPv6 on a Public facing 
>> interface please check the following link: 
>> https://forum.mikrotik.com/viewtopic.php?t=147076
>>
>> Cheers
>>
>> Cameron
>> ___
>> AusNOG mailing list
>> AusNOG@lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Mikrotik IPv6 Vulnerability - Must Read if you have Public IPv6 Facing Mikrotik

[Rob Thomas]

Quick summary of the problem:

* From the description it appears to be a kernel-level issue - when a
MikroTik device receives a magic IPv6 packet, it will panic.
* MikroTik have known about it for almost a year, and have not fixed it.
* It is not fixed in the latest 6.44.1 image
* The discoverer has been trying to practice responsible disclosure, but
has given up

Further things:
* MikroTik HAVE acknowledged it in a new thread a couple of hours ago
  https://forum.mikrotik.com/viewtopic.php?f=2=147048#p723696
* Twitter thread from the guy who discovered it:
  https://twitter.com/maznu/status/1110910688623513601
* There's a comment 'The fix is in v7' - theres a long running joke that v7
will never emerge (it probably never will, they've lost most of their
senior engineers, and refuse to open source their code to leverage their
developers in the community)

I guess the good thing for me is that Nexium still can't provide us IPv6 so
we're kinda safe up here 8)

--Rob


On Fri, 29 Mar 2019 at 09:25, Cameron Murray 
wrote:

> Guys,
>
> This has just popped up on the Mikrotik forums that I am sure many on the
> list need to be aware of.
>
> If you run Mikrotik in your network and have IPv6 on a Public facing
> interface please check the following link:
> https://forum.mikrotik.com/viewtopic.php?t=147076
>
> Cheers
>
> Cameron
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Assistance and Access Bill moves to PJCIS

[Paul Brooks]

On 28/03/2019 5:29 pm, Peter Fern wrote:
> On 28/3/19 12:33 pm, Paul Wilkins wrote:
>> The silence on the Assistance and Access Act since it passed in December has 
>> been
>> deafening. It was firmly understood, on representations by the Liberal 
>> Government,
>> that the bill passed was passed as an expedient, yet now we have the third 
>> report
>> from PJCIS due 3rd April, and yet another round of submissions from 
>> corporations
>> large and small, industry luminaries and human rights and legal experts, all 
>> saying
>> that basically we're where we were back in September 2018, when Dutton rather
>> disingenuously reported to the House that:
>>
>> "The government has consulted extensively with industry and the public on 
>> these
>> measures and has made amendments to reflect the feedback in the legislation 
>> now
>> before the parliament."
>>
>> Yet no matter how many submissions are made to how many parliamentary 
>> committees,
>> we now seem stuck with a deeply flawed Act, the Liberals are walking 
>> backwards on
>> the Labor amendements, while the country's police forces now operate with 
>> sweeping
>> interception powers well beyond what's necessary and proportional.
>
>
> Because, of course we are - anyone who thought we'd be anywhere else today was
> living in a fantasy land.  And you can thank Labor for this, on account of 
> being
> completely spineless weasels, almost as much as the Libs for ramrodding this
> disgusting mess through in the first place.  Tech policy in this country is an
> absolute joke.

Looking forward to your submission to the PJCIS, and let us know how your 
meeting with
your local federal MP goes when you explain all this in words of one syllable 
to her/him.

This week's event was the commercial tech industry waking up to the huge 
economic
impact, and the distrust and loss of business from international customers and
prospects that will lead to Australian tech firms moving out of Australia, and 
not
starting up in Australia in the first place. When companies like Senatas and 
Atlassian
say they will need to move all their operations out of the country to avoid the
suspicion and mistrust, and Microsoft recently that the #AABill is making them 
uneasy
about storing customer data in Australia, the momentum is building that even the
relevant Ministers can't ignore.

Yes, it would have been great if the bill hadn't been passed back in December - 
but
that egg has been scrambled, the exercise now is to get it modified or 
cancelled.

There is a template letter to your local MP hosted at
https://www.dropbox.com/sh/u64wadpyy97sw4f/AACTZ-grqUgUqFClXBmzPk99a?dl=0, put
together by the InnovationAUS crew, to help make it easy to send a message. If 
they
don't hear the message from the people - and trust me, they aren't reading 
AusNOG -
they won't change.

Paul.








> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog


___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

[AusNOG] Mikrotik IPv6 Vulnerability - Must Read if you have Public IPv6 Facing Mikrotik

[Cameron Murray]

Guys,

This has just popped up on the Mikrotik forums that I am sure many on the
list need to be aware of.

If you run Mikrotik in your network and have IPv6 on a Public facing
interface please check the following link:
https://forum.mikrotik.com/viewtopic.php?t=147076

Cheers

Cameron
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Assistance and Access Bill moves to PJCIS

[Peter Fern]

On 28/3/19 12:33 pm, Paul Wilkins wrote:
The silence on the Assistance and Access Act since it passed in 
December has been deafening. It was firmly understood, on 
representations by the Liberal Government, that the bill passed was 
passed as an expedient, yet now we have the third report from PJCIS 
due 3rd April, and yet another round of submissions from corporations 
large and small, industry luminaries and human rights and legal 
experts, all saying that basically we're where we were back in 
September 2018, when Dutton rather disingenuously reported to the 
House that:


"The government has consulted extensively with industry and the public 
on these measures and has made amendments to reflect the feedback in 
the legislation now before the parliament."


Yet no matter how many submissions are made to how many parliamentary 
committees, we now seem stuck with a deeply flawed Act, the Liberals 
are walking backwards on the Labor amendements, while the country's 
police forces now operate with sweeping interception powers well 
beyond what's necessary and proportional.



Because, of course we are - anyone who thought we'd be anywhere else 
today was living in a fantasy land.  And you can thank Labor for this, 
on account of being completely spineless weasels, almost as much as the 
Libs for ramrodding this disgusting mess through in the first place.  
Tech policy in this country is an absolute joke.

___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog