Posted by ChrisJohnRiley on November 14, 2008
In an update to my earlier post on the EstDomains revocation, it seems that despite an attempt by EstDomains to clear up the issue, ICANN is going ahead with the revocation of the contract. Copies of the discussion between ICANN and EstDomains can be found on the ICANN website.
As much as I support the revocation, ICANN appear to be hiding behind the technical inaccuracies of filings from EstDomains to push through the revocation. I guess bad things happen to bad people, but still, it would be nice to see it spelled out for all to see, instead of saying that .:
The notice of primary contact change recently sent to ICANN’s Brussels office is not compliant with the requirements of the RAA and is not an effective notice of primary contact change.
Still, we can’t always have our cake and eat it 
Posted in Security, Strange | Tagged: estdomains, ICANN | Leave a Comment »
Posted by ChrisJohnRiley on November 1, 2008
It appears that after years of questionable practices ICANN has moved to revoke the accreditation for the Estonian company EstDomain, the 50th largest domain registrar (according to RegistrarStats.com). The F-Secure weblog has a quick write-up and a copy of the letter sent to EstDomain’s president Vladimir Tšaštšin. The letter from ICANN explains the reason behind the decision to revoke the accreditation, and the security community as a whole seems to support the decision. There is one question however that people don’t seem to be raising here. The revocation is a good thing considering the long standing issue of malware domains being registered through the registrar. However the reason for the revocation is directly connected to Vladimir Tšaštšin’s recent (Feb ‘08) conviction of Credit-card fraud, Money laundering and Document forgery. It’s obvious, to me at least, that Vladimir Tšaštšin is not the kind of person you want running a global registrar.
There are 2 ways I could have seen this issue play out.
Option 1: EstDomain was already under a black cloud – Taking the view that ICANN simply needed a solid legal grounding to revoke accreditation from EstDomain. After all a contract is a contract, and legals issues make the world go round (at least for high price lawyers). This is all well and good, however ICANN must have the power (legally speaking) to take actions to remove accreditation without having to wait for the company president to step out of line. Contracts need to be written in a way that enables ICANN to take action against “bad seeds” without waiting for the issues to get to this point.
Option 2: ICANN was not looking at EstDomains – Taking the more negative view that EstDomain wasn’t even on ICANN’s radar. If ICANN wasn’t looking for an excuse to revoke the accreditation, then this doesn’t seem to be the victory we all want it to be. It’s easy to say in this case, if Vladimir Tšaštšin wasn’t convicted then ICANN wouldn’t have taken any steps against EstDomain. This option seems very negative, but we’ve not seen ICANN active enough in this area for my liking. It’s a tough area to police, but not impossible.
- EstDomain – RegistrarStats.com
What’s going to come out of this ? This may set a precedent that presidents of accredited companies need to stay squeaky clean, however this probably isn’t going to stop some registrars from assisting the spread of malware, botnets, and on-line scams. It’s going to be easy enough for EstDomains to appoint a new President, hiding behind legal barriers to prevent the loss of accreditation. It’s a good thing to shake up the registrars and let them know that the contract between ICANN and the registrars isn’t set in stone if they break the rules. Then again, this isn’t ICANN firing the first shot in a war on rouge or badly organised registrars. When the dust settles I think things will continue on just as they have before.
I’d suggest checking out the F-Secure weblog and The Washington Post who did a detailed look at EstDomain’s activities in September this year.
Posted in Security, Strange, Technology | Tagged: Estdomain, ICANN, malware, registrar | Leave a Comment »
Posted by ChrisJohnRiley on October 16, 2008
The word hacker has many meanings. But despite the twisted view of the hacker presented by the media, a hacker is just somebody who likes to explore possibilities. To test the boundaries of what’s possible, and then break those boundaries. Who knows how many gadgets on the market today are there solely because somebody said “no, I want more”. However in recent years the view of hackers has been almost solely bas. Every time a computer system has a security problem, it’s because of hackers. However, with the increasing trend on moving everything possible to digital formats, how can we assign such labels. Every criminal, from the bank robbers to organized crime, is taking advantage of poor computer security to reach their goals. Just because a bank robber uses a poorly configured computer security system to rob a bank, it doesn’t make him a hacker. He’s simply another bank robber that’s got smart and moved into the 21st Century.
How long it takes the general media to begin to understand this is anybodies guess. However the point of critical mass is bound to come. The day when the news contains the word hacker so much, that it has no meaning anymore. It seems that then and only then will the media outlets realise that just because a computer was involved, it doesn’t change what the criminal is. I just wish that they’d realised that before ruining the reputation of so many great hackers of the past, who’ve brought us real innovations.
</rant>
Posted in Security, Strange, Technology | Tagged: criminal, hacker, media | Leave a Comment »
Posted by ChrisJohnRiley on September 7, 2008
Over the past few weeks, Wesley at the excellent www.mcgrewsecurity.com has blogged about the infamous (I use that word very very loosely) security consultant Yousif Yalda. I’ll save you the pain of re-hashing what’s already been covered, but you should really check out the hilarious posts on Wesley’s blog. If your having a dull day this’ll pep you right up
For bonus points, you also get to listen to Yousif’s friend/lackey phoning Wesley at 2am to get all repetitive up on his ass. It’s funny, on a whole new level. If you listen closely you even get to hear him cussing me out as a MF’ing Canadian. Close, but not quite accurate. In that I’ve never even BEEN to Canada. The slideshow Wesley has kindly added to stop us all from falling asleep during the inane ramblings adds well to the overall effect as the crazy man-spud takes repetition to whole new level. I wonder if the audio would make a good ringtone ???
Posted in Strange | Tagged: abuse, insecure, moron, script kiddy, skiddie | 2 Comments »
