7.94 requests/sec – 101.6 kB/second – 12.8 kB/request

Your tax dollars at work, ladies and gentlemen!

Here is a complete accounting of all connections on the webserver that hosts strategis.ic.gc.ca, businessgateway.ic.gc.ca, commercecan.ic.gc.ca and other Industry Canada services.

Or perhaps you tire of looking at other people’s URLs (watch for ‘secret’ URLs, usernames/passwords passed via POST, and session data — don’t tell the privacy commissioner), and you’d like to view processes and statistics instead? Your government is here to help!

Bonus points: These webservers (and countless others in the Industry Canada IP Space) are infected with a trojan that allows anyone to connect to them and execute arbitrary code. Guess which one it is!

Edit: Looks like they took down the first one. Any bets on how long the others will last?

12 thoughts on “7.94 requests/sec – 101.6 kB/second – 12.8 kB/request

  1. Holy cow! That’s frightening dude. Industry being exposed like that… shit.
    Good going and hopefully they’ll actually take your warning seriously.

  2. Here’s hoping, but I’m not counting on it. I warned National Defence of a hole in their security a year and a half before someone else exploited it.

  3. if it’s still there after a week, call mcguinty’s office… and the newspapers. they’d eat that shit up like candy.

  4. I worked on Strategis for a year, replacing a package that was going to cost them the better part of a million dollars with two Free/Open Source Software packages that would do all that they needed, and all it took was my help. Back then, the Strategis people were some of the smartest…it looks like they upgraded their Apache at some point, and forgot to delete the stuff from the development server…you see, they have a development server and a production server…and when the powers-that-be feel that a system is ready for prime time, they move it over…but sometimes, they really need to re-install it on the production system, without all the debugging features enabled.

    ttyl

  5. You really shouldn’t post stuff like that publicly. It could be considered condoning malicious attacks. Good work none-the-less. Looks like they patched (chmod’d) it up.

  6. Sometimes, the only way to make them sit up and pay attention is to point out the vulnerability.

    It wouldn’t have gotten fixed if I had sent a letter to the WHOIS contact or what-not.

Leave a Reply