May 2009

Liability for “cavalier disregard”

OK, this has got nothing to do with computers (except that the SkyTrain is completely automated).

For the past three years, Cambie Street, a major thoroughfare with at least four different shopping and business areas on it, has been almost completely shut down for the construction of the RAV (Richmond-Airport-Vancouver) SkyTrain line (aka Canada Line).  (Since it is located almost dead centre in Vancouver, the city has been pretty much bisected for that time, and the traffic hassles have been enormous.)  Originally the line was supposed to be a tunnel, but that was going to take too long and cost too much, so they dug up the entire street.  For three years.

Most of the businesses along Cambie have gone bankrupt in that time: others have moved.

Now a lawsuit for damages has been won by a business owner.

This will, of course be a precedent, and will undoubtedly lead to more judgements (I think other cases are already before the courts) and more lawsuits.

I’ve got to admit to an uncharitable glee over this turn of events.  The RAV line was not prompted, but the decision to actually build it was undoubtedly influenced, by the 2010 Olympics.  The provincial government has been absolutely gaga over having the games here, and has launched a number of “vanity” projects and other measures.  (Latest on the list: for the games, security personnel won’t have to undergo the minimal training and licencing that already exists.  They can get a special certificate which seems to merely verify that they are breathing.)

C-level execs ignorant of Web 2.0 dangers

According to ITWorldCanada, C-level executives are pushing for greater access to social networking sites and facilities, while even IT managers and security specialists are unprepared to deal with the full range of risks from this type of activity.

In order to get some traction with senior management on this issue, you might want to remind them that, when they take off with funds they’ve obtained via fraud, it’s best not to post boasts on Facebook.

Smells like teen spirit

It must be the 90s again. Nirvana is on the radio, and people are finding remotely exploitable WebDAV vulnerabilities. Using unicode encoding no less – the choice of a new generation. A note to Microsoft: in the 21st century we have this new thing called “a fuzzer”. You might want to google for ‘bestorm’ or ask the SDL team about the general concept.

Another 90s thing is to publish a critical exploit without going through a broker to get paid for it (or waiting for a hacking contest). Don’t get me wrong – we offer both options: the publish your exploits for free, and publish your exploits for profit routes are both open to you. Personally – if you go on the full disclosure path more power to you, but I have to admit nowadays it’s as rare as hearing Nirvana on the radio.

Now I hear there’s a new browser out there nicknamed “mozilla”. I think I’ll check it out, they say it will kick Internet Explorer ass before Y2K…

The oldest vulnerability is known – let’s find the oldest data loss incident

The oldest documented vulnerability in computer security world is password file disclosure vulnerability from 1965, found by Mr. Ryan Russell.

Open Security Foundation – an organization behind OSVDB and DataLossDB has launched a competition to find the oldest documented data loss incident.

The last day to make a submission is next Friday – 15th May.
The link is easy to remember –

ICQ Phishing – You Type, They Sell

My friend ax1les has a 5 digit ICQ number and he always gets wiered messages that turn out to be phishing or links to trojans. A few days ago, he got this message:

He thought it would be a good idea that we’ll take a look at that website together, and we did :)

In the last decade russians really mad fun of the world using the Internet.
The website is a phishing website that “confirms” your ICQ account credentials are still valid (yeah right). The amazing thing is he didn’t even bother changing the title from the former text “” :)

But of course his business is really successful as he is also the owner of the mega-icq-shop, he is trying to hide so much that he event left it in the domain’s whois details……

Domain ID:D28335226-LRMS
Created On:20-Apr-2009 07:27:17 UTC
Last Updated On:29-Apr-2009 15:01:04 UTC
Expiration Date:20-Apr-2010 07:27:17 UTC
Sponsoring Registrar:Directi Internet Solutions Pvt. Ltd. d/b/a (R159-LRMS)
Registrant ID:DI_9732581
Registrant Name:Andrey Petrovich
Registrant Organization:Private person
Registrant Street1:Krasnoarmeyskaya 18 dom 4 kv 32
Registrant Street2:
Registrant Street3:
Registrant City:Moskva
Registrant State/Province:Moskva
Registrant Postal Code:132132
Registrant Country:RU
Registrant Phone:+7.4951783223
Registrant Phone Ext.:
Registrant FAX:
Registrant FAX Ext.:
Admin ID:DI_9732581
Admin Name:Andrey Petrovich
Admin Organization:Private person
Admin Street1:Krasnoarmeyskaya 18 dom 4 kv 32
Admin Street2:
Admin Street3:
Admin City:Moskva
Admin State/Province:Moskva
Admin Postal Code:132132
Admin Country:RU
Admin Phone:+7.4951783223
Admin Phone Ext.:
Admin FAX:
Admin FAX Ext.:
Billing ID:DI_9732581
Billing Name:Andrey Petrovich
Billing Organization:Private person
Billing Street1:Krasnoarmeyskaya 18 dom 4 kv 32
Billing Street2:
Billing Street3:
Billing City:Moskva
Billing State/Province:Moskva
Billing Postal Code:132132
Billing Country:RU
Billing Phone:+7.4951783223
Billing Phone Ext.:
Billing FAX:
Billing FAX Ext.:
Tech ID:DI_9732581
Tech Name:Andrey Petrovich
Tech Organization:Private person
Tech Street1:Krasnoarmeyskaya 18 dom 4 kv 32
Tech Street2:
Tech Street3:
Tech City:Moskva
Tech State/Province:Moskva
Tech Postal Code:132132
Tech Country:RU
Tech Phone:+7.4951783223
Tech Phone Ext.:
Tech FAX:
Tech FAX Ext.:
Name Server:NS1.AGHOST.RU
Name Server:NS2.AGHOST.RU

Anyway, the really wiered thing about this case is that while i am writing this post this website is not loading anymore…the DNS no longer resolves to any IP and their former IP reponse with “Apache is working properley” when requesting the Host “”.
May be I scared them away with a few little DNS requests or the cops just randomly knocked on their door :)