Week 5 - Section 3

General computer crime laws

Cybercrime Act 2001

The Commonwealth Cybercrime Bill 2001 was tabled in the House of Representatives on 27 June 2001. The Senate Senate Legal and Constitutional Legislation Committee was asked to undertake an inquiry into the Bill and the Committee's Report was issued in August. The Bill was approved by the Parliament with minor amendments on 27 September 2001.

The legislation is an overbroad knee-jerk reaction to recent well-publicised virus attacks, and has the potential to criminalise innocent behaviour such as possession of security software. It also introduces an alarming law enforcement provision requiring release of encryption keys or decryption of data, contrary to the common law privilege against self-incrimination.

Privacy laws

Types of privacy

The type of privacy covered by the Privacy Act and our Office is the protection of people's personal information.

However, this is just one aspect of privacy. Other types of privacy can include territorial privacy and physical or bodily privacy and privacy of your communications.

This Office generally handles privacy issues which involve a person's personal information. This can include privacy issues associated with information about your location, your health and body and your communications with others.

What is personal information?

Personal information is information that identifies you or could identify you. There are some obvious examples of personal information, such as your name or address. Personal information can also include medical records, bank account details, photos, videos, and even information about what you like, your opinions and where you work - basically, any information where you are reasonably identifiable.

Information does not have to include your name to be personal information. For example, in some cases, your date of birth and post code may be enough to identify you.

Export and Espionage laws

The Criminal Code Amendment (Espionage and Related Matters) Act 2002

The Criminal Code Amendment (Espionage and Related Matters) Act 2002 enhances Australia's national security legislative framework by strengthening Australia's espionage laws. The maximum penalty for a person convicted of espionage is now 25 years imprisonment. In addition to strengthening the offence provisions, the Act supports the process of bringing cases of espionage to trial.

Copyright laws

Copyright is a type of property that is founded on a person's creative skill and labour. It is designed to prevent the unauthorized use by others of a work, that is, the original form in which an idea or information has been expressed by the creator.

Copyright is not a tangible thing. It is made up of a bundle of exclusive economic rights to do certain acts with an original work or other copyright subject-matter. These rights include the right to

copy, publish, communicate (eg, broadcast, make available online) and publicly perform the copyright material.

Copyright creators also have a number of non-economic rights. These are known as moral rights. This term derives from the French droit moral. Moral rights recognised in Australia are the right of integrity of authorship, the right of attribution of authorship and the right against false attribution of authorship. These rights are explained more fully at paragraphs state and local regulations.

It is the responsibility of the information security professional to understand state laws and regulations and insure the organization’s security policies and procedures comply with those laws and regulations.

I think privacy laws is the most important for information security, because the Privacy Act regulates how your personal information is handled, It covers how your personal information is collected; how it is then used and disclose; its accuracy; how securely it is kept ; your general right to access that information.

The law also covers the use of your tax file number and how credit worthiness information about you is handled by credit reporting agencies and credit providers.

Week 4 - Section 2

Virus – I was downloading songs and movie from a P2P program few years ago, and accidently downloaded a virus data which automatically deleting all my flies one by one.
Ended up have to change a new hard drive, and every since that happened, I always denied the unknown file which comes out from my anti-virus program warning.

Trojan horse – I used to download a lot of new programs from www.download.com. Most of the un-popular programs always have Trojan horse, which made readme.exe automatically install.
I stopped trying un-popular programs.

Back door – Friend of mine got heck in her computer and the attacker turned on her webcam.
There has been few same cases happened. Police tell user to block their webcam with a piece of paper.

Worm – Few years ago, pop out was the most popular worm from a lot of websites, especially pornography, and almost every single porn site has warm.
All the new explores has block pop out programs, which makes pop out isn’t a treat anymore.


A new virus is relying on some old tricks to infect Windows Mobile users. The so-called 'companion virus' attack uses a method of assuming the identity of an existing file and moving the old file to a different location. The appearance of this new virus for Windows Mobile phones may mark a change from for-profit Trojans and spyware to the more experimental form of viruses.

This virus will damage most of the business uses mobile phone data, lose information, delay of meetings, and attackers can also steal privet database.


A virus detection chip has created for detect virus in the mobile phone, and blocking virus. It is installed in most of the recent phones now, when users go online with their phones, they will get lower ricks of getting virus.

University of Ballarat must has a information secure team to implement controls to limit damage and prepare contingency plans for continued operations.

Week 3 - Section 1

The main things I've learned.

The history of Information security.
The history of Information security; earlier versions of the German code machine Enigma were first broken by the Poles in 1930; in 1960s, Advanced Research Procurement Agency (ARPA) was testing networks supports for military to exchange information and communication. In December 1973, discovered problems of ARPANET, included no safety procedures for dial-up connections to ARPANET and non-existent user identification and authorization to system, which had security threats in late 1970s; in 1990s, networks of computers became more common; now a day, internet brings millions of computer networks into communication with each other, each connected computer needs to be secure.
After the introduction of Information security, I also learned the definition of security and types of information security. How to develop an information security. The system development life cycle is designed for implementation of information security within an organization.
Information secure project team is to design to update and protect the organization’s information security.

What I find difficult to understand.

There are few keywords I found hard to understand such as, security blueprint, security model, security model and security posture.

What interests or doesn't interest me.

Information secure project team is the one thing really interests me, because it also related to management and team development.
Didn't get too interest of the history of the information security.


Recent news article (on the Internet)

http://www.securityfocus.com/brief/1014

Social-networking sites short on securityPublished: 2009-09-18

Web 2.0 sites that allow user-generated content make up the majority of top distributors of malicious software, stated a report that security firm Websense published this week.
The report, which covers Internet security trends for the first half of 2009, found that a stunning 95 percent of user-generated comments to blogs, chat rooms and message boards are either spam or contain links to malicious programs. In all, the number of malicious sites detected by Websense more than tripled in the last six months, growing almost eight-fold in the last year. The report also found that more than three-quarters of the Web sites hosting some malicious code are legitimate sites that have been compromised.
"The very aspects of Web 2.0 sites that have made them so revolutionary -- the dynamic nature of the content on the the sites, the ability for anyone to easily create and post content, and the trust that users have for others in their online networks -- are the same characteristics that radically raise the potential for abuse," the company stated in the report.
The report echoed a recent survey by researchers from TippingPoint and Qualys, who found that legitimate Web sites are failing to patch significant vulnerabilities, leaving themselves open to compromise.
The Websense report found that 61 of the Top 100 Web sites "either hosted malicious content or contained a masked redirect to lure unsuspecting victims from legitimate sites to malicious content."

Websites we use everyday including facebook, myspace, msn, emails or other comment board are either spam or contain links to malicious programs, which related to information security system, non-existent user identification and authorization to system.