If ever there was a case for handing out prophylactics and saying “for the love of (insert deity) let it end with you”, this is it. An art student, Thorarinn Jonsson, from the OCAD placed a fake bomb behind the Royal Ontario Museum in Toronto in what was apparently part of his final school project. The police were alerted to the device which resembled several pipe bombs strapped together. He affixed a note to the device that said “this is not a bomb”.
Indeed.
From Citynews.ca:
The 25-year-old remains relatively unrepentant about an escapade that also cost police hours of their valuable time and an equal amount in rustling up the necessary experts and equipment to defuse the phony explosive.
“I expected the police to immediately realize what they were dealing with,” he claims. Two videos surrounding the hoax were posted on YouTube, one here, the other here. One shows a girl going through the ROM when an apparent explosion takes place. Jonsonn calls it part of his final assignment for the school.
“I’m taking something that’s clearly a sculpture. It’s clearly not a bomb. But by taking it out of context and putting it into another context, by leaving it lying around … it suddenly takes on a different meaning.”
Does he feel bad about the effect it had? “I think the piece is pretty important … Police waste their time all the time doing all kinds of things.”
Yes, police do waste their time with these type of things because morons like Jonsson do stupid crap like this.
Tags: Moron, Fake Bomb, Pipe Bomb Art Project
Whenever there is a meeting to talk about say, Windows servers, the discussion is left primarily to the subject matter experts when dealing on a technical level. The same can be said of application development et cetera. So, why is it that when the discussion ultimately circles around to security that everyone in the room thinks that they know more than the security wonk?
I have had the distinct displeasure at a former company to sit in a meeting where the CTO said that UDP was a more reliable transport than TCP. He followed by telling me that telnet was a secure method of communication. Thankfully my coworker had the foresight to chain my to my seat and to jab a syringe filled with some sedative into my leg.
This is an example of why I refuse to be intimidated by anyone simply because their business card has a lofty signature. I do find it an interesting social experiment however. Why do people feel it necessary to tell me about the computer virus that they had on their Windows 98 machine when I’m at a Christmas party? Not that I have a problem discussing it. But, they feel it necessary to cross swords with me rather than discuss it. My first thought is “Well, hell. You asked me.” but, that gives way to a more diplomatic approach. I try to steer the conversation in such a manner that the initiator feels they have made their point.
Very curious.
Tags: Secuity SME, Security Education
Ah finally Friday arrives. It has been a long week (isn’t it always) and I will welcome the rest. Wait, I forgot. No rest for the wicked.
And now, the news…
- Google developing locater technology (line up for your implant)
- Hackers re-poison Google search results (see, 5 minutes)
- U.S. Special Counsel Says He Won’t Provide Files (crack out the EnCase)
- FBI: Operation ‘Bot Roast II’ Nets Hackers
- GNUCITIZEN Wordpress Plugins
- ANI Exploit + SQL injection
- Cell phone battery explodes in the night
- Teen cyber crime kingpin nabbed
Click here to subscribe to Liquidmatrix Security Digest!
Tags: News, Daily Links, Security Blog, Information Security, Security News
More podcasty goodness.
Get the MP3 here…
Put it in your RSS here…
Add it to iTunes here…
Tags: csirt, security podcast, ranting, steve katz
Wow, this is a classic example of the quagmire (love that word) that the legal system(s) in the US (and elsewhere) has become. Legal action in the States as an example has gotten to a level where, if they don’t turn pro it will be an Olympic event next time.
This story makes me stare blankly.
From InfoWorld:
Lagos Analysis Corp., or Lancor, filed the lawsuit Thursday in the Federal High Court, Lagos Judicial Division in Nigeria, where the company owns a patent for a four shift-key keyboard, said Adé Oyegbola, Lancor’s CEO.
OLPC illegally reverse-engineered the company’s patented keyboard, which, with its four-shift keys, allows computers to better handle multiple languages, Oyegbola said. Lancor wants the Nigerian court to award “substantial” damages and issue a permanent injunction to prevent OLPC from manufacturing and selling its XO laptop.
Oyegbola said he hopes Lancor can reach a settlement with OLPC before the Nigerian court issues an injunction. OLPC could have “sought a license and gotten it for a minimal fee,” he said. “We’re hoping … they can come to their senses, and we sit down and come to a reasonable settlement.”
Lancor, based in Natick, Massachusetts, has tried to reach a settlement with OLPC but did not get a “reasonable response” from the project, Oyegbola said.
OLPC released a statement, saying it has not yet seen the legal filings in the case. “OLPC has the utmost respect for the rights of intellectual property owners,” Robert Fadel, OLPC director of finance and operations, said in the statement. “To OLPC’s knowledge, all of the intellectual property used in the XO Laptop is either owned by OLPC or properly licensed. Until we have a copy of the claim and have had time to review it, we will not be commenting further on the matter.”
This is the OLPC that they are suing not some multinational corp with deep pockets.
Help support OLPC and donate a laptop.
Tags: OLPC, OLPC Sued, Lagos Analysis Corp
News this morning that an oil pipeline managed by Enbridge exploded caught fire outside Minnesota. Two workers were killed in the blast fire.
Now, normally I wouldn’t pick up on a story like this however, this is an example of how an accident in the wrong place at the wrong time can have a domino effect. This was a leak that was under repair when the accident happened. It does serve as an example of how badly things could possibly go wrong if security of critical infrastructure were to be compromised.
From Bloomberg.com:
Enbridge closed four pipelines that supply an average of 1.5 million barrels a day after a blast yesterday killed two workers. The company said today a fire is still burning at the Clearbrook terminal in Minnesota where the pipelines meet.
“It’s an important pipeline and it’s also where it’s being hit, these pipeline junctions are a nightmare,” said Rob Laughlin, a senior broker at MF Global Ltd. in London. Oil “could go up further if it’s shut for some time.”
Crude oil for January delivery gained as much as $4.55, or 5 percent, to $95.17 a barrel in electronic trading on the New York Mercantile Exchange. That’s the biggest gain since Oct. 31. The contract, which gained for the first time this week, traded at $94.24 at 10:45 a.m. in London.
“All our lines are shut down until we can safely start up the system,” Denise Hamsher, a spokeswoman for Calgary-based Enbridge, said today by telephone. “At least one or two lines will be shut down for quite sometime.”
Tags: Critical Infrastructure, Oil Pipeline Fire, Infrastructure Damage
Google took a positive step this week and wiped clean the search results of malware sites that had been gumming up the results. Sadly as with anything on the internet that has anything to do with malware and spammers…wait five minutes. They’ll be back.
From Computer World:
“They look gone to us,” said Alex Eckelberry, the CEO of Sunbelt Software Distribution Inc., the company that broke the news Monday of a massive, coordinated campaign by attackers to spread malware through search results on Google, Yahoo, Microsoft Live Search and other sites.
“Google did confirm yesterday with us that they were working the case, and they are good about nailing this stuff,” Eckelberry added in an e-mail late Wednesday afternoon. Sunbelt had notified Google of its findings on Monday.
Earlier today, Sunbelt malware researcher Adam Thomas said his spot searches on Google the night before had come up sans malware URLs. “They appeared to be zapped,” Thomas had said.
Ironically, Google itself refused to confirm or deny that it had cleansed its index of the more than 40,000 malware hosting sites, or even that they had existed.
LA LA LA we can’t see them so, they weren’t really there.
Tags: Malware, Malware Hosting, Google Malware Clean Up, Google Security
Well, I have managed to make it this far.
I have learned a lot about blogging over the last 2000 posts. I have made a few stumbles along the way and hit a couple out of the park. I have had no end of enjoyment reading Myrcurial’s “Don’t quit your day job” posts.
I would like to thank everyone who has commented on the site and sent in emails. I would especially like to thanks those of you who have subscribed to the RSS feed and to all of our daily readers and wow, there are a lot of you.
Thanks everyone. OK, now…post 2001 working title “Why security wonks are caffeine addicted, sleep deprived….”
Nah.
Tags: Security Blog, Dave Lewis, gattaca, Myrcurial, Liquidmatrix Security Digest
Good morning all. Right, marching up and down the square…what? You have something better to do?
And now, the news…
- Client-side vulnerabilities loom large
- BEA portal product springs a leak
- $10,000 reward for missing VA computers
- How to tell when you are SE0wN3d?
- Hacker breaches marketing software maker
- Congress to examine “the Internet” as a tool for homegrown terrorism
- World said to face “cyber cold war” threat
- Cyberattacks in the present tense, Estonian says
Click here to subscribe to Liquidmatrix Security Digest!
Tags: News, Daily Links, Security Blog, Information Security, Security News
Cue the evil laughter and wringing of hands. The Bush White House has been ordered to produce documents related to the domestic spy scandal. A judge in San Francisco has stipulated that they must produce these docs by this Friday (Nov 30).
From CNET:
U.S. District Judge Susan Illston in San Francisco gave the Office of the Director of National Intelligence until November 30 (Friday) to turn over documents relating to conversations it had with Congress and telecommunications carriers about how to rewrite wiretapping laws.
The Electronic Frontier Foundation had filed this case to seek faster processing of a Freedom of Information Act request it filed, which could help buttress its ongoing lawsuit against AT&T. There are approximately 250 pages of unclassified material and 65 pages of classified material, which would be redacted, that the administration has identified but said could not be turned over until December 31.
Note that Illston’s order doesn’t deal with the NSA’s wiretapping program itself (how it works, what companies are involved, whether there really is a secret room at AT&T’s 611 Folsom Street location). Instead the documents relate only to conversations and communications about retroactive immunity for companies like AT&T that are accused of violating the law.
It will be interesting to see if this information is actually produced. I have a dollar that says they have “trouble” locating the information. Much in the same vein of the missing emails.
Just a hunch.
Tags: Domestics Spying, Bush White House Disclosure, White House Spy Docs
