<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:st1="urn:schemas-microsoft-com:office:smarttags" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<!--[if !mso]>
<style>
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style>
<![endif]--><o:SmartTagType
namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="PlaceType"/>
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
name="PlaceName"/>
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
name="place"/>
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
name="PersonName"/>
<!--[if !mso]>
<style>
st1\:*{behavior:url(#default#ieooui) }
</style>
<![endif]-->
<style>
<!--
/* Font Definitions */
@font-face
        {font-family:Tahoma;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0cm;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman";}
a:link, span.MsoHyperlink
        {color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {color:purple;
        text-decoration:underline;}
p
        {mso-margin-top-alt:auto;
        margin-right:0cm;
        mso-margin-bottom-alt:auto;
        margin-left:0cm;
        font-size:12.0pt;
        font-family:"Times New Roman";}
address
        {margin:0cm;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman";
        font-style:italic;}
span.EmailStyle19
        {mso-style-type:personal;
        font-family:Arial;
        color:windowtext;}
span.EmailStyle20
        {mso-style-type:personal;
        font-family:Arial;
        color:navy;}
span.EmailStyle21
        {mso-style-type:personal;
        font-family:Arial;
        color:navy;}
span.EmailStyle22
        {mso-style-type:personal;
        font-family:Arial;
        color:navy;}
span.EmailStyle24
        {mso-style-type:personal-reply;
        font-family:Arial;
        color:navy;}
@page Section1
        {size:612.0pt 792.0pt;
        margin:72.0pt 90.0pt 72.0pt 90.0pt;}
div.Section1
        {page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-AU link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Information back from Gaia<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Thanks<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>rob<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<div>
<div class=MsoNormal align=center style='text-align:center'><font size=3
face="Times New Roman"><span lang=EN-US style='font-size:12.0pt'>
<hr size=2 width="100%" align=center tabindex=-1>
</span></font></div>
<p class=MsoNormal><b><font size=2 face=Tahoma><span lang=EN-US
style='font-size:10.0pt;font-family:Tahoma;font-weight:bold'>From:</span></font></b><font
size=2 face=Tahoma><span lang=EN-US style='font-size:10.0pt;font-family:Tahoma'>
David Atkinson [mailto:david@gaiacomputing.com.au] <b><span style='font-weight:
bold'>On Behalf Of </span></b>GAIA Support<br>
<b><span style='font-weight:bold'>Sent:</span></b> Tuesday, 15 August 2006 2:43
PM<br>
<b><span style='font-weight:bold'>To:</span></b> Padman, Jason S; GAIA Support<br>
<b><span style='font-weight:bold'>Cc:</span></b> Egglestone, Rhonda M;
Strachan, Robert L; Smith, Ian A<br>
<b><span style='font-weight:bold'>Subject:</span></b> RE: [Year 12 IPM] OT
Security Hole</span></font><span lang=EN-US><o:p></o:p></span></p>
</div>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span lang=EN-US
style='font-size:10.0pt;font-family:Arial;color:navy'>Hi Gaia Customers,<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span lang=EN-US
style='font-size:10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span lang=EN-US
style='font-size:10.0pt;font-family:Arial;color:navy'>Yes there was a problem
with security of the Recharge Vouchers but it was fixed in Version 2.7.1
released 1-Nov-2005. See <a
href="http://www.gaiacomputing.com.au/gpcrel27.shtml#V271">http://www.gaiacomputing.com.au/gpcrel27.shtml#V271</a>
for the release notes.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span lang=EN-US
style='font-size:10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span lang=EN-US
style='font-size:10.0pt;font-family:Arial;color:navy'>Prior to V2.7.1, the
recharge voucher codes were stored in plain text in the database and could be
read and stolen by students. The voucher file is now encrypted and can no
longer be read.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span lang=EN-US
style='font-size:10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span lang=EN-US
style='font-size:10.0pt;font-family:Arial;color:navy'>If you have not upgraded
to at least V2.7.1 we would strongly suggest you to do so immediately.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span lang=EN-US
style='font-size:10.0pt;font-family:Arial;color:navy'>The current release is
version 3.0.1 and can be downloaded from <a
href="http://www.gaiacomputing.com.au/download">http://www.gaiacomputing.com.au/download</a>
<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span lang=EN-US
style='font-size:10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span lang=EN-US
style='font-size:10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<div>
<address><st1:PersonName w:st="on"><b><i><font size=2 color=navy face=Arial><span
style='font-size:10.0pt;font-family:Arial;color:navy;font-weight:bold;
font-style:normal'>David Atkinson</span></font></i></b></st1:PersonName><font
color=navy><span style='color:navy'><o:p></o:p></span></font></address>
<address><i><font size=2 color=navy face=Arial><span style='font-size:10.0pt;
font-family:Arial;color:navy;font-style:normal'>Development and Support Manager</span></font></i><font
color=navy><span style='color:navy'><o:p></o:p></span></font></address>
<address><strong><b><i><font size=3 color=green face="Times New Roman"><span
style='font-size:12.0pt;color:green;font-style:normal'>Gaia Computing Pty Ltd</span></font></i></b></strong><font
color=navy><span style='color:navy'><o:p></o:p></span></font></address>
<address><i><font size=3 color=navy face="Times New Roman"><span
style='font-size:12.0pt;color:navy'><a href="http://www.gaiacomputing.com.au/"
title="http://www.gaiacomputing.com.au/"><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial;font-style:normal'><span
title="http://www.gaiacomputing.com.au/">www.gaiacomputing.com.au</span></span></font></a></span></font></i><font
size=1 color=navy face=Arial><span lang=EN-US style='font-size:9.0pt;
font-family:Arial;color:navy;font-style:normal'> Tel +61 3 5444 9599, Fax +61 3
5443 2847</span></font><font color=navy><span style='color:navy'><o:p></o:p></span></font></address>
<address><b><i><font size=1 color=red face=Arial><span lang=EN-US
style='font-size:9.0pt;font-family:Arial;color:red;font-weight:bold;font-style:
normal'> </span></font></i></b><font color=navy><span style='color:navy'><o:p></o:p></span></font></address>
<p class=MsoNormal><u><font size=1 color=navy face="Times New Roman"><span
lang=EN-US style='font-size:7.5pt;color:navy'>Disclaimer:</span></font></u><font
size=1 color=navy><span lang=EN-US style='font-size:7.5pt;color:navy'> This
email may contain privileged or confidential information intended for the named
recipients only. If you are not the intended recipient you are hereby notified
that any use, reproduction, disclosure or distribution of information contained
in the email is prohibited. If you receive this email in error, please
notify Gaia Computing Pty Ltd immediately on +61 3 5444 9588 and delete the
document. Although Gaia Computing Pty Ltd takes every measure to ensure
that email are virus free, we still recommend that you check the contents prior
to loading them onto your computer system. No warranty is made that this
material is free from computer virus or any other defect or error.</span></font><font
color=navy><span style='color:navy'><o:p></o:p></span></font></p>
</div>
<p class=MsoNormal><font size=2 color=navy face=Arial><span lang=EN-US
style='font-size:10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<div style='border:none;border-left:solid blue 1.5pt;padding:0cm 0cm 0cm 4.0pt'>
<div>
<div class=MsoNormal align=center style='text-align:center'><font size=3
face="Times New Roman"><span lang=EN-US style='font-size:12.0pt'>
<hr size=2 width="100%" align=center tabindex=-1>
</span></font></div>
<p class=MsoNormal><b><font size=2 face=Tahoma><span lang=EN-US
style='font-size:10.0pt;font-family:Tahoma;font-weight:bold'>From:</span></font></b><font
size=2 face=Tahoma><span lang=EN-US style='font-size:10.0pt;font-family:Tahoma'>
Padman, Jason S [mailto:Padman.Jason.S@edumail.vic.gov.au] <br>
<b><span style='font-weight:bold'>Sent:</span></b> Tuesday, 15 August 2006 1:51
PM<br>
<b><span style='font-weight:bold'>To:</span></b> <st1:PersonName w:st="on">GAIA
Support</st1:PersonName><br>
<b><span style='font-weight:bold'>Cc:</span></b> Egglestone, Rhonda M;
Strachan, Robert L; Smith, Ian A<br>
<b><span style='font-weight:bold'>Subject:</span></b> FW: [Year 12 IPM] OT
Security Hole</span></font><span lang=EN-US><o:p></o:p></span></p>
</div>
<p class=MsoNormal><font size=3 face="Times New Roman"><span lang=EN-US
style='font-size:12.0pt'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Hello <st1:PersonName w:st="on">GAIA
Support</st1:PersonName>,<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>I have received this info in regards to a
possible security problem with student’s possibly accessing Voucher
information in GAIA. Could you please advise if there is anything we need to
do.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Kind regards,<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<div>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Jason<br>
</span></font><font size=1 color=navy face=Arial><span style='font-size:7.5pt;
font-family:Arial;color:navy'>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<br>
Jason Padman<br>
Technical Support for Schools Program<br>
Echuca<br>
m: 0427 846 712<br>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~</span></font><o:p></o:p></p>
</div>
<div>
<div class=MsoNormal align=center style='text-align:center'><font size=3
face="Times New Roman"><span lang=EN-US style='font-size:12.0pt'>
<hr size=2 width="100%" align=center tabindex=-1>
</span></font></div>
<p class=MsoNormal><b><font size=2 face=Tahoma><span lang=EN-US
style='font-size:10.0pt;font-family:Tahoma;font-weight:bold'>From:</span></font></b><font
size=2 face=Tahoma><span lang=EN-US style='font-size:10.0pt;font-family:Tahoma'>
<st1:PersonName w:st="on">Strachan, Robert L</st1:PersonName> <br>
<b><span style='font-weight:bold'>Sent:</span></b> Tuesday, 15 August 2006
12:18 PM<br>
<b><span style='font-weight:bold'>To:</span></b> Padman, Jason S; Egglestone,
Rhonda M; Smith, Ian A<br>
<b><span style='font-weight:bold'>Subject:</span></b> FW: [Year 12 IPM] OT
Security Hole</span></font><span lang=EN-US><o:p></o:p></span></p>
</div>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Jason<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Received this email this morning, Ian has
looked at our Gaia setup and believes this could happen here. Could you please
have a look into it.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Thanks<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>rob<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<div>
<div class=MsoNormal align=center style='text-align:center'><font size=3
face="Times New Roman"><span lang=EN-US style='font-size:12.0pt'>
<hr size=2 width="100%" align=center tabindex=-1>
</span></font></div>
<p class=MsoNormal><b><font size=2 face=Tahoma><span lang=EN-US
style='font-size:10.0pt;font-family:Tahoma;font-weight:bold'>From:</span></font></b><font
size=2 face=Tahoma><span lang=EN-US style='font-size:10.0pt;font-family:Tahoma'>
ipm-bounces@edulists.com.au [mailto:ipm-bounces@edulists.com.au] <b><span
style='font-weight:bold'>On Behalf Of </span></b>Andrew Shortell<br>
<b><span style='font-weight:bold'>Sent:</span></b> Tuesday, 15 August 2006
12:02 PM<br>
<b><span style='font-weight:bold'>To:</span></b> IPM List<br>
<b><span style='font-weight:bold'>Subject:</span></b> [Year 12 IPM] OT Security
Hole</span></font><span lang=EN-US><o:p></o:p></span></p>
</div>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Hi Listers<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Yesterday I had a student show me a
security hole in our network where he could add print credit to his GAIA
account.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>The share in which the software is held has
read permissions so that the workstation can access details of the user’s
account before printing.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>The details of the vouchers are kept in
that same share. He was able to access the records of the unused vouchers and
give himself –or anyone else – extra credit. Of course that is
traceable but…….. You might like to examine your own to see if you
can tighten up. (He is now working on a challenge to be able to add print
credit untraceably!!)<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>As I often say to students, you should
always investigate things thoroughly – especially jobs and always do
background checks before you apply. After all, one doesn’t want
one’s students (or friends) to make the same mistakes one made
one’s self !! (when one was younger of course).<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Cheers<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Andrew<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'> <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=blue face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:blue'>Andrew Shortell</span></font><o:p></o:p></p>
<p class=MsoNormal><st1:place w:st="on"><st1:PlaceName w:st="on"><font size=2
color=blue face=Arial><span style='font-size:10.0pt;font-family:Arial;
color:blue'>Braemar</span></font></st1:PlaceName><font size=2 color=blue
face=Arial><span style='font-size:10.0pt;font-family:Arial;color:blue'> <st1:PlaceType
w:st="on">College</st1:PlaceType></span></font></st1:place><o:p></o:p></p>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=3 face="Times New Roman"><span lang=EN-US
style='font-size:12.0pt'>_______________________________________________ <br>
<a href="http://www.edulists.com.au">http://www.edulists.com.au </a>- FAQ,
resources, subscribe, unsubscribe <br>
IPM Mailing List kindly supported by <br>
<a href="http://www.vcaa.vic.edu.au">http://www.vcaa.vic.edu.au </a>- Victorian
Curriculum and Assessment Authority and <br>
<a href="http://www.vitta.org.au">http://www.vitta.org.au </a>- VITTA Victorian
Information Technology Teachers Association Inc<o:p></o:p></span></font></p>
<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>*******************************************<o:p></o:p></span></font></p>
<p><b><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial;
font-weight:bold'>Important - </span></font></b><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'>This email and any attachments may
be confidential. If received in error, please contact us and delete all copies.
Before opening or using attachments check them for viruses and defects.
Regardless of any loss, damage or consequence, whether caused by the negligence
of the sender or not, resulting directly or indirectly from the use of any
attached files our liability is limited to resupplying any affected
attachments. Any representations or opinions expressed are those of the
individual sender, and not necessarily those of the Department of Education
& Training.</span></font><o:p></o:p></p>
</div>
</div>
<p><font face="Arial" size="2">*******************************************</p></font><p><font face="Arial" size="2"><b>Important - </b>This email and any attachments may be confidential. If received in error, please contact us and delete all copies. Before opening or using attachments check them for viruses and defects. Regardless of any loss, damage or consequence, whether caused by the negligence of the sender or not, resulting directly or indirectly from the use of any attached files our liability is limited to resupplying any affected attachments. Any representations or opinions expressed are those of the individual sender, and not necessarily those of the Department of Education & Training.</font></body>
</html>