|
|
| SCO Says Worm Hasn't Hit Yet; ISPs Are Blocking Them...Right. That's the Ticket. |
 |
|
Sunday, February 01 2004 @ 02:02 AM EST
|
The latest from Lindon is that Blake Stowell said on Saturday that MyDoom hadn't hit them yet. The reason they were not reachable was because ISPs have been blocking them. Huh? What about all those interviews? They told the world for days and the SEC in an official filing that MyDoom had hit them already.
Somebody must have finally told SCO that MyDoom was timed for today. Woops.
So now the story is that it's ISPs that are blocking their site, and of course no one in the media remembers what Darl and Co. said just a day or two ago, so of course there are no followup questions. They just print whatever SCO tells them: "US software maker SCO, target of the Mydoom computer virus, said Internet access providers had hobbled its website, fearing infection by what may be the fastest-growing worm ever.
"'There are Internet service providers around the world who are blocking access to SCO,' company spokesman Blake Stowell said, adding it was because they believe they can limit exposure to the virus that way. However, he said, Mydoom.A was not due to attack until Sunday, at precisely 1609 GMT.
"Until then, 'the bandwidth levels for accessing our website are at a normal level,' Stowell said." Um...what about those CNN interviews, Darl? Didn't you announce to the world you were under attack already? Puh-lease.
I don't like to kick anyone when they are down, and I'm truly sorry they are having troubles, but they gleefuly spread this ethically-challenged PR all over the world, and they did say they were already under attack. They even filed it in an *SEC filing*. The Linux community was smeared. That must not be forgotten. Just to review, here is what McBride told CNN: "MCBRIDE: We came out, we found that key parts of our code -- we owned the Unix operating system -- was showing up in this new upstart program called Linux. These new programmers working with IBM. We found that things were violated against our copyrights.
And so we filed a $3 billion lawsuit against IBM. We've been working through a judicial system here. But now you have people going outside the system, trying to attack us, to try and shut us down before we have a court verdict.
O'BRIEN: Well, I guess you're right, in the sense that this wild west analogy, carrying that on, it's a frontier with no jurisdictional borders, right? Whatever laws apply, wherever you happen to be standing are what might apply. Nevertheless it might not apply where you are being affected.
MCBRIDE: I think that's exactly the case. With the new Linux system, it's very interesting, because it's very open, anybody around the world can participate, anybody can use it.
But what happens when you have a problem inside the system? Because there are no boundaries and no control systems, the mechanism's built into Linux. Then you have this type of behavior when you have a problem actually pop up.
O'BRIEN: Is Linux particularly susceptible?
MCBRIDE: Well, we believe -- we have had four attacks on our company over the last year. At least one was claimed -- the Linux community claimed responsibility for the attack. We believe that there is a problem with Linux in terms of the code we see showing up inside of there. We don't know for sure if this attack is coming from Linux, but we have very strong suspicions that is the case."
Here's what they said in the SEC filing, their 10K, filed on January 28: "We have also experienced several denial-of-service attacks on our website, which have prevented web users from accessing our website and doing business with us for a period of time. Additionally, we have recently experienced a distributed denial-of-service attack as a result of the "Mydoom" worm virus. It is reported that the effects of this virus will continue into February 2004. If such attacks continue or if our customers and strategic partners are also subjected to similar attacks, our business and results of operations could be materially harmed."[emphasis added] They are remarkable prophets. Or time travelers. Take a look for yourself at Netcraft's charts and see if they match the story. What can we all take away from this experience? I have some suggestions for your consideration in the media. Maybe the media should listen more carefully to Bruce Perens when he speaks. He said it was likely spammers from day one. While no one can know for sure until someone is caught, it does look like he was right. Now, others finally agree with him. (Cf. here and here.) Here's Bob Mims from the Salt Lake Tribune yesterday: "SCO's Web site has been crashed repeatedly in the past year as it has accelerated its claims on the freely distributed Linux operating system, and the company had previously suggested past DoS attacks were the work of pro-Linux, 'open source' extremists.
"With the origin point seeming to be confirmed as Russian, experts speculated the virus may have been the work of spammers, or -- noting the worm's accessing of PC users private information through back-door ports also may indicate an organized crime involvement." ABC has this: "'These are people who want to spread spam and make money,' Mr Albrecht said. . . .Some experts have warned that the attacks against Microsoft and SCO could be a diversion aimed at hiding another goal: relaying spam through the infected machines. Mydoom causes no apparent damage to computers. However, it leaves behind a program that could allow hackers or others to control the infected PCs for malicious purposes: stealing passwords, files or sensitive information through so-called "keyloggers", software that tracks and logs keystrokes.
"Mi2g warned: 'Mydoom leaves several ports open, which are being actively sought by attackers to install their Hacker Activated Code, including keyloggers and complex Trojan horse software to steal usernames, passwords, identities, bank account details and credit card numbers.'"
So... what do you say, guys? If you don't want to pay more attention to Perens, could you at least not spread SCO's "suggestions" and "suspicions" as if they were gospel? Why didn't you at least include Perens' statement along with Darl's? And why not attribute it to Darl, when it's Darl speaking, so the rest of us know it's just him again, instead of reporting that Linux enthusiasts "were thought to be responsible" as so many of you did? As far as that goes, did you call any ISPs to find out if they are blocking SCO? Remember, it's supposed to be all the news that's *fit* to print. Here is a typical example of an article implying that Linux enthusiasts were responsible. The Linux community was smeared around the world and there was needless damage done. Just make a note, will you? If SCO tells you something, verify, verify, verify. At least put it in quotation marks, so we are warned. I know most Groklaw readers don't use Windows computers on the internet, so we're not contributing to any SCO problems, but if any visitors are using Windows, instructions on how to remove the MyDoom virus are on the Salt Lake Tribune page, where they direct you to Symantec and McAfee. You'd be doing yourself and the rest of us a favor if you make sure you clean up your computer, if necessary. Spammers grab and use your Windows boxes because they can so easily. Linux and Mac users weren't endangered by MyDoom, but our inboxes would thank you Windows users if you'd fix your problems. If I had to use a Windows box, I know for sure I'd not use my computer on the internet today anyway. Why run the risk of doing damage to someone? You can solve your virus problems permanently by switching to Linux, where they are rare indeed, mostly proof of concept things. I've never experienced one. Did you know you can set up GNU/Linux so that you have a /home partition? That way if you do have a problem, you can fix it without losing everything you have on your computer. Or, if you do want to reinstall from scratch, and the problem isn't in your home partition, you can save all your documents and email and all your personal stuff in the /home partition and reinstall the rest. It's very flexible and handy. Did you know you can look to see what is "hiding" on your computer in GNU/Linux? Wouldn't that be nice right along about now, you Windows users? Come on in. The water's fine. If you can't leap that far yet, think about a Mac. The FBI uses them, I hear, because they are secure out of the box. Why not you? Had you made the leap a week ago, you wouldn't now be worrying if there is a keylogger on your computer from MyDoom belonging to Russian mobsters who would like to have your credit card numbers. Of course, Mr. Gates is of a different opinion: "As the latest mass-mailing worm spread across the Internet on Monday, infecting many tens of thousands of Windows PCs with a program designed to attack the servers of Unix vendor SCO Group on 1 February, Gates stressed the importance of security to his company's products, but said that competing vendors -- such as SCO -- were courting danger by sitting back.
"'A high volume system like [Windows] that has been thoroughly tested will be by far the most secure,' Gates told the audience at the Developing Software for the future Microsoft Platform conference at London's Queen Elizabeth II Conference Centre. 'To say a system is secure because no one is attacking it is very dangerous,' said Gates, referring to operating systems that have a smaller share of the desktop market, such as Apple Mac OS and Linux." Did he just say that SCO could avoid all their troubles if they would secure their systems instead of sitting back? Why, yes. Yes, he did.
|
|
|
|
| Authored by: OK on Sunday, February 01 2004 @ 04:18 AM EST |
The more I read/listen/watch media the more I become diappointed about quality
of information. Information itself became just another product, and the quality
is not the first priority for reporters these days. Pity...[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Sunday, February 01 2004 @ 04:24 AM EST |
I think SCO has put themselves in a sufficent place to be sued for slander. They
have lied on multiple occasions with the intent of hurting the Linux community.
Lies that they knew at the time were lies. The 10 million Intel/IBM has raised
for legal funding should most definatly be put toward a slander suit once IBM
gets this case dismissed/wins. Their slander has caused financial distress for
Linux consultants whom must try and tell their product to CEO's who read
mainstream press where SCO's lies are reported without question. On more than a
few occasions I have been refed SCO's lies by CEO's as reasons they do not
currently want to consider any Linux implementations.[ Reply to This | # ]
|
| |
| Authored by: SilverWave on Sunday, February 01 2004 @ 04:32 AM EST |
If you want to Give Linux a try without installing try Kurumin its not in
English but its only a 180mb download and works off a cd.
http://www.guiadohardware.net./linux/kurumin/
Oh and every thing is Auto detected at start-up and dvd’s sound mps avi’ all
work.
It can be installed on hard drive and English support installed.
Come on in the waters fine!!!
******************
Great article thanks for all the hard work PJ
---
"Unless stopped I believe they will walk away from the rotten, decaying corpse
that is SCOG a lot richer" :-(
Stopped it is then.[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Sunday, February 01 2004 @ 04:34 AM EST |
Tech news have never been investigating journalist. They never has been and they
not use to it. The just report was happening. In most cases you don't need it.
Thats musch difference with politics and so.
Btw I can't reach SCO from holland. Trace route stops at
205.158.14.114.ptr.us.xo.net[ Reply to This | # ]
|
| |
| Authored by: Weeble on Sunday, February 01 2004 @ 04:35 AM EST |
That doesn't even make sense. How could blocking access to the SCO site protect
anyone from anything? It might protect SCO from DDoS pings, but it wouldn't
protect an ISP or its customers, as far as I know.
Good grief. They've just proven that I don't need to change my Groklaw sig
anytime soon. I'm going back to bed.
---
"Every time I think I've heard it all from SCO, they come
up with a new howler." Steven Vaughan-Nichols, eWeek[ Reply to This | # ]
|
| |
| Authored by: shaun on Sunday, February 01 2004 @ 04:37 AM EST |
I get a document contains no data error in Mozilla. Means it found the web site
but nothing there.
--Shaun
[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Sunday, February 01 2004 @ 04:38 AM EST |
I think it's in order to compile a list of news organizations who report
unproven SCO press releases as the truth. Lou Dobbs does something similar with
his "Exporting America" series. He has a list of all businesses
exporting American jobs to other countries. Once we have our list we can ALL
email them (hehe know where I'm going with this one?) with valid critisims. That
way they may think twice about having their inbox flooded if they are going to
report something untruthful/unproven.[ Reply to This | # ]
|
| |
| Authored by: cr on Sunday, February 01 2004 @ 05:13 AM EST |
http://uptime.net
craft.com/perf/graph?site=www.sco.com has the play-by-play, and it keeps
your IP from showing up at SCO's routers.
<shrug> Hey,
SCO-watching is more fun to me than TV football can ever
be...
--crb3 [ Reply to This | # ]
|
| |
| Authored by: Anonymous on Sunday, February 01 2004 @ 05:13 AM EST |
| FWIW, dig www.sco.com gives me a NXDOMAIN. ie (for the non geeks) the name
cannot be resolved. This is from the Netherlands. A dig on a US based account
gives me 216.250.128.12.
telnet 216.250.128.12 80
yields
Connected to 216.250.128.12.
Escape character is
'^]'.
Connection closed by foreign host.
[ Reply to This | # ]
|
| |
| Authored by: leeway00 on Sunday, February 01 2004 @ 05:28 AM EST |
I thought that several people had opened this worm up & stated that the worm
only did a single DNS lookup, not a full fledged DDoS attack. The mailing list
with this information was either posted here or on /.
Leeway
[ Reply to This | # ]
|
| |
| Authored by: shareme on Sunday, February 01 2004 @ 05:51 AM EST |
People its time to send Groklaw reps to the Harvard Law Darl q and a speech..
Can we get organized to do this?
As you know Harvard has a history of allowing civilized questioning of both the
speaker, his or her assumptions, and etc..woould be a nice shwo and awakening
for the press I think :)
---
Sharing and thinking is only a crime in those societies where freedom doesn't
exist.[ Reply to This | # ]
|
| |
| Authored by: danamania on Sunday, February 01 2004 @ 05:51 AM EST |
I found a statement in this techarget
article rather amusing
"Before
people surf to SCO's site, they should run an antivirus
scan
on
their own
machines to make sure they are not infected with Mydoom-A.
It's unlikely that
people whose machines are infected even realize it,
especially those who have
DSL and cable modems. "Most people don't
use up all their bandwidth normally
anyway," Cluley said."
If you have the worm, you're doing to be
DDoSing sco whether or not you
browse to it. If you don't have the worm you're
not going to CATCH it
from sco. why should you run an antivirus scan
specifically before going
to SCO's site?
That kind of reporting or
security advice (depending on whether the
reporter mixed things up, or the
security guy gaffed) is why I don't much
trust media for giving any more than
an outline of a story, such as "there
is a virus out there now".
---
--
[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Sunday, February 01 2004 @ 05:57 AM EST |
So every ISP in the world is blocking them ?
I think it more likely
SCO's own network provider is blocking them in self defence.
How the
SCO group can get away with these lies, and be believed by the press states
wonders for American media.
BTW after 19 hops (yes 19), I get stopped
at 205.158.14.114.ptr.us.xo.net
8 of these hops are in
US.XO.net, with the penultimate being
p0-0.CHR1.SaltLake-UT.us.xo.net
So I think SCO has either taken
themselves off the air (most likely), or their own provider has
It would
be just like SCO to take themselves off then blame everyone else.
I
think the media should dig deep on this.
Obviously MY isp is not blocking
www.sco.com
[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Sunday, February 01 2004 @ 05:57 AM EST |
| http://biz.yahoo.com/prnews/040201/nysu004_1.html [ Reply to This | # ]
|
| |
| Authored by: MacUser on Sunday, February 01 2004 @ 06:37 AM EST |
I contacted my ISP this morning about MyDoom, and asked whether it
ran on Linux/OS X. Response from Customer Support: "This virus was
designed to attack the creators of Linux!" [ Reply to This | # ]
|
| |
| Authored by: Anonymous on Sunday, February 01 2004 @ 06:57 AM EST |
According to Netcraft:
So far, though, www.sco.com
still resolves and receives http requests, though closing the connection without
sending a response.[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Sunday, February 01 2004 @ 07:02 AM EST |
ok, i had too much curiosity on this one.
i looked for packets to the ip address in question at a (very) small time isp.
just ~400 cable modem subscribers.
i got absolutely 0 packets so far.
i'm not sure what to make of things.[ Reply to This | # ]
|
| |
| Authored by: prammy on Sunday, February 01 2004 @ 07:03 AM EST |
Ahh this is too funny. I cant access www.sco.com at all. So since their ISPs are
now blocking all access to SCO will they count this as a Denial Of Service ?
I can just imagine the Press Release on Monday :
McBride or Sontag sez: "Yes The MyDoom virus was set to deny access to our
customers but we beat it to the punch. We took it down and denied our 3
customers access to our site Ourselves!"
Wonder if they will blame this lack of access on the Linux commununity though.
- prammy <3 u[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Sunday, February 01 2004 @ 07:07 AM EST |
Just think about the possibilities of this one if SCO can act quickly enough.
If they can pull up a really good press release (what am I talking about? I'm
sure they have at least a few pre-printed already!), and they can get in touch
with the marketing people of the NFL... Anyone know where I'm going with this?
The SuperBowl's mystery guest!
Think about it, it would be perfect for them! They can reach a mind-boggling
amount of people and spread their FUD into the living rooms of brainwashable
Americans without anyone publicly questioning them, and no one asking for proof
(you know, kind of like the media is behaving towards them now regarding the
lawsuits).
Just my two cents.
[ Reply to This | # ]
|
| |
| Authored by: jmc on Sunday, February 01 2004 @ 07:37 AM EST |
And not a mention of our friend Darl either.
http://news.bbc.co.uk/1
/hi/technology/3436289.stm [ Reply to This | # ]
|
| |
| Authored by: Waterman on Sunday, February 01 2004 @ 07:46 AM EST |
| SCOG today claims Denial of Service attack.
In the ongoing battle with
Linux(R) users, today SCO Group claims that their website has come under yet
another attack.
This time they claim that all the big, bad ISPs that run
Linux(R)are blocking access to their site. When a company spokesman ( who wishes
to remain unnamed ) was asked why the ISPs would do that, he replied " Because
they don't like us anymore. We nave never done anything to them. We don't
understand why they would be so mean as to cut off our customer's access." When
asked for a name of a customer who has had their access blocked, we got a "
We'll get back to you " comment. My guess is that they are trying to find
someone who would admit to even wanting to go to SCOG's website. More as this
story unfolds.
:-) [ Reply to This | # ]
|
| |
| Authored by: Anonymous on Sunday, February 01 2004 @ 07:53 AM EST |
| According to this article the site was
taken offline by the virus. In a statement issued on Sunday morning, the
Utah-based company confirmed MyDoom knocked its site, http://www.sco.com, out of
commission.
"Internet traffic began building momentum on Saturday evening
and by midnight Eastern Time (5:00 a.m. British time) the SCO Web site was
flooded with requests beyond its capacity," the statement read.
[ Reply to This | # ]
|
| |
| Authored by: Stumbles on Sunday, February 01 2004 @ 08:03 AM EST |
| Man, those boys at SCO sure do play loose and free with the truth.
Would I be
correct to assume someone here at Groklaw is keeping
track of all their press
releases and anything they have said in
public?
It would be nice to
have a chronological list of their ramblings with the
inaccuracies in
red and the truth in normal text. [ Reply to This | # ]
|
| |
| Authored by: Steve Martin on Sunday, February 01 2004 @ 08:16 AM EST |
Just a quick humor diversion from Dust Puppy and the
guys at userfriendly.org.
---
"When I say something, I put my name
next to it." -- Isaac Jaffee, "Sports Night" [ Reply to This | # ]
|
| |
| Authored by: Anonymous on Sunday, February 01 2004 @ 08:39 AM EST |
| FWIW, at the moment (5:40am PST), outbound from Seattle, WA (comcast.net), SCO
seems to be being dropped by xo.net, within Utah, and perhaps within Salt Lake
City:
[me@snowflake ~] $ traceroute
216.250.128.12
traceroute to 216.250.128.12 (216.250.128.12), 30 hops
max, 38 byte packets
1 greatwall (192.168.1.2) 0.463 ms 0.233 ms
0.162 ms
2 10.130.176.1 (10.130.176.1) 12.286 ms 6.353 ms 8.126 ms
3 12.244.82.65 (12.244.82.65) 7.570 ms 7.652 ms 9.126 ms
4 12.244.64.1
(12.244.64.1) 10.718 ms 20.557 ms 8.807 ms
5 12.244.72.18
(12.244.72.18) 10.502 ms 8.896 ms 59.527 ms
6
tbr1-p012402.st6wa.ip.att.net (12.122.5.174) 14.689 ms 11.271 ms 11.031
ms
7 tbr2-cl1.sffca.ip.att.net (12.122.12.113) 27.127 ms 25.880 ms
26.183 ms
8 ggr1-p370.sffca.ip.att.net (12.123.13.69) 25.822 ms 26.107
ms 29.574 ms
9 p14-0.IR1.PaloAlto-CA.us.xo.net (206.111.12.145) 27.812
ms 30.958 ms 27.769 ms
10 p5-2-0.RAR2.SanJose-CA.us.xo.net (65.106.5.177)
72.993 ms 27.600 ms 27.980 ms
11 p6-0-0.RAR1.LA-CA.us.xo.net
(65.106.0.17) 66.029 ms * 34.942 ms
12 p0-0-0-0.RAR2.LA-CA.us.xo.net
(65.106.1.50) 66.895 ms 35.768 ms 33.887 ms13
p4-0-0.MAR2.SaltLake-UT.us.xo.net (65.106.5.74) 69.119 ms 68.681 ms 68.811
ms
14 p15-0.CHR1.SaltLake-UT.us.xo.net (207.88.83.46) 75.427 ms 67.409 ms
71.531 ms
15 205.158.14.114.ptr.us.xo.net (205.158.14.114) 74.511 ms
68.698 ms 69.847 ms
16 * * *
17 * * *
18 * *
[ Reply to This | # ]
|
| |
| Authored by: rsmith on Sunday, February 01 2004 @ 08:42 AM EST |
Over the last couple of days, I've been keeping a close look at my spamfilter.
Normally, around a 100 spam/virus e-mails get deleted by my spam filter every
day (2601 e-mails over 22 days; jan 4-27). Around 7% of that were viruses.
From 26th to the 27th of September last year, during the Sobig Sweep, 307 spam
e-mails were caught in the filter, 80% of which was a win32 virus. And IIRC,
that wasn't even the top of the infection.
Over the last 16 hours, I intercepted 285 spam messages, 14% of which was a
win32 virus.
So there is definately a lot of spam flying around, but at the moment mydoom is
not as nearly as big as Sobig was, as some people seem to claim. Of cource it
might still grow.
---
Never ascribe to malice that which is adequately explained by incompetence.[ Reply to This | # ]
|
| |
| Authored by: tintak on Sunday, February 01 2004 @ 08:51 AM EST |
Here is the URL. http://news.bbc.co.uk/1/hi/technology/3436289.stm
Enjoy.
---
What shape should a weathervane be?[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Sunday, February 01 2004 @ 08:52 AM EST |
It doesn't surprise me that SCO couldn't wait for MYDOOM to take their website
down. Not when Frank Sorenson et al. have just demonstrated how much
embarrassing evidence against SCO can be extracted from that website.
Did anyone manage to take a snapshot of the site before Darl took it down? [ Reply to This | # ]
|
| |
| Authored by: lpletch on Sunday, February 01 2004 @ 08:56 AM EST |
I see no reason for SCO to be down.
They had plenty of warning of what was going to happen and when.
Instead of gloom and doom press releases they could temporarily change their url
to www.scoxxx.com and put out press releases of the change so people who want to
visit their site can.
I don't know how practicle or even if that is possible, but I am sure if they
really wanted the site to be up, it would be up right now. I doubt SCO gets many
profitable hits on their site.
MS on the other hand does use their site for important things other than press
releases an propaganda. Although there is plenty of that there. I am sure you
will be able to connect to MS.
---
lpletch@adelphia.net[ Reply to This | # ]
|
| |
| Authored by: moogy on Sunday, February 01 2004 @ 09:00 AM EST |
I've been running Linux since 1994 and I realized that I've
missed out on all the fear and terror and my share of billions
of dollars in lost productivity from all these viri. Due to my
choice of OS I've completely missed out on an entire common
cultual phenomena. Woe is me; what I have missed.
OTOH, Linux has the unique phenomenon of an SCO
continuosly attacking it in the press with distortions,
false claims, and outright lies, while threatening legal
actions high and low, and outrageous per/cpu extortion fees.
I never wake up and check for the latest virus, nor run a
scanner. Instead, I wake up to check the latest BS/FUD from
SCO.
It's a strange and wonderful world. I don't need to worry
about one form of malicious attacks but do indeed need to
worry about another form.
---
Mike Tuxford - irc.fdfnet.net #Groklaw
First they ignore you, then they laugh at you,
then they fight you, then you win. --Gandhi
[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Sunday, February 01 2004 @ 09:05 AM EST |
Any reports possible from CAIDA? During the last attack, CAIDA reported on
significant backscatter; will the same be measurable again if SCO's ISP has
blocked traffic?
--
An interested bystander[ Reply to This | # ]
|
| |
| Authored by: belzecue on Sunday, February 01 2004 @ 09:12 AM EST |
Curious to see if my ISP was blocking access to sco.com, I checked...
I pointed my browser to sco.com and headed straight to Investor Relations, where
a crisp new press release informed me that the site was experiencing a massive
denial of service attack that had rendered it 'completely unavailable'. Wow.
Enthralled, I read on.
Apparently the site would be completely offline until the attack diminished
around Feb 12. Blimey. I read on.
Jeff Carlon, worldwide director of Information Technology infrastructure, told
me in the release that "While we expect this attack to continue throughout
the next few weeks, we have a series of contingency plans to deal with this
problem and we will begin communicating those plans on Monday morning."
Crikey!
Thank goodness they made this press release available on their site, otherwise
I'd never have known the site was completely unavailable.[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Sunday, February 01 2004 @ 09:12 AM EST |
The above-mentioned article from Yahoo is dated "Sunday February 1, 4:15 am
ET", which got me to thinking... How late/early was SCO's PR department
working in order to get this press release out (especially considering they
couldn't release it via their website)?
And then I thought... If their PR department can work all through the night,
how come their lawyers couldn't respond to IBM in such a timely manner?[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Sunday, February 01 2004 @ 09:23 AM EST |
"MCBRIDE: We came out, we found that key parts of our code -- we owned the
Unix operating system -- was showing up in this new upstart program called
Linux. These new programmers working with IBM. We found that things were
violated against our copyrights."
It appears to me, that Darl and Company
constantly position this as "fact", despite the mountain of evidence that
1) none of his precious code is in Linux and 2) there are no copyright causes of
action in SCO vs. IBM. All this is "alledgedly" the case, and for Darl &
Company to position it as fact, constantly, is sickening.
I reminds me of a
politician joke, which I will modify for Darl, "How do know when Darl is
lying?"
He is talking to the media or being quoted in a press release.
[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Sunday, February 01 2004 @ 09:28 AM EST |
Come on in. The water's fine. If you can't leap that far yet, think
about a Mac.
With all respect, I don't think so. I use Windows
as well as Linux, so I can see pros and cons of both systems. I also give
support to about 100 home users (mostly Windows, only one Linux) in my
organisation. I give support when they run into troubles, removed countless
worms, spyware and give them plenty of tips and advice.
When I started
giving support about two years ago, I was highly surprised how many Windows
users didn't even know the most essential things about their computer. Then I
realised those people looked at it in a different way as for example Linux of
Mac-users do. Using Linux for me is about freedom and flexibility. But most of
the Windows users I give support to, concentrate on how things get
done and don't want to be bothered with anything else. They don't care
about freedom, flexibility, don't even need it. They want something that works
right out of the box, are willing to change a few settings though, but no
further. So Linux will not impress them at all. They don't want to think about
KDE, Gnome,... one standard GUI is fine. They don't want to choose between
applications like OpenOffice, KOffice or browsers like Opera, Netscape,...let
alone emailclients. They will feel limited when they notice a lot of webpages
are optimised for Internet Explorer and are badly rendered in for
example Opera (my favourite). Or when they will need to tinker with their OS to
view for example their wmf- or avi-movies. So Bill Gates et al are serving them
with wat they need: one GUI, one browser, one emailclient, one mediaplayer,...
integreted, so they don't need to think about it and concentrate on what they
want to do.
Not to mention the limited hardware support
(tv-cards, printers, ADSL-modems, DVD,...) and only few preinstalled Linux
boxes. To conclude: I think the water is still too cold for most home
users. They have different needs and Linux can not reach those needs at
this moment.
Some remarks: a home partition for a user is also possible
in Windows, although it is not a standaard setup with computer vendors. Unhiding
files is also possible in Windows, but I don't think this is the solution. Far
better prevent from coming in, than to eradicate what already sneaked
in.
There is a security problem in Windows (especially IE, a tragedy they
integrated that with their OS), but from my own experience, keeping a Windows
machine virusfree is possible and isn't that difficult. Only a little bit of
insight in the machine one is working on, an up-to-date virusscanner (updates
automaticaly) and a healthy dose of common sense. It kept my machines virusfree
for as long I worked with Windows (from 1994). Most of the viruses/worms that I
removed from Windows machines came not via Windows- of IE-flaws, but via
social engineering. Someone executed an attachment he/she shouldn't.
The same with Bagle or MyDoom. It didn't use any flaw in Windows, IE or Outlook,
but someone had to execute a curious, strange named attachment together with an
unclear, unexpected emailmessage, which probably came from someone they didn't
even know and having no clue what it was all about... Putting the blame on the
OS alone is a very limited view.
By the way, there are in Windows at least
two ways to prevent execution of attachments in an emailmessage, but about
everyone I know unchecked those options... There are already things available to
secure Windows (although not as safe as Linux), but only few use those
options.
And where am I in all this? I still using Windows, but making
the leap towards Linux (played with it for many years on a spare computer). I
will not switch to another Windows version on my homecomputer anymore. Not
because of security problems, but because I have the feeling of loosing control
about my own machine when Windows numbers go up.
When I look back at my
first steps with Linux, now more than four years ago, I see an tremendious
change. Linux has truly matured and I am more than willing to make the
jump.
But I am convinced many Windows users have no choice of switching to
Linux. Not because they are dumb idiots or ignorant (as I hear sometimes on this
list), but because they have other needs which can't (yet) be filled in with
Linux.
Michel [ Reply to This | # ]
|
- The water is fine / user partition / MyDoom protection - Authored by: Anonymous on Sunday, February 01 2004 @ 09:46 AM EST
- The water is fine / user partition / MyDoom protection - Authored by: lpletch on Sunday, February 01 2004 @ 09:52 AM EST
- The water is fine / user partition / MyDoom protection - Authored by: Anonymous on Sunday, February 01 2004 @ 09:53 AM EST
- Switched to Linux a year ago. Still dual boot - Authored by: Thomas Frayne on Sunday, February 01 2004 @ 10:21 AM EST
- The water is fine / user partition / MyDoom protection - Authored by: Anonymous on Sunday, February 01 2004 @ 11:05 AM EST
- The water is fine / user partition / MyDoom protection - Authored by: Anonymous on Sunday, February 01 2004 @ 11:20 AM EST
- The water is fine / user partition / MyDoom protection - Authored by: Scriptwriter on Sunday, February 01 2004 @ 11:35 AM EST
- I-G-N-O-R-A-N-T - Authored by: Anonymous on Sunday, February 01 2004 @ 02:10 PM EST
- The water is fine / user partition / MyDoom protection - Authored by: grouch on Sunday, February 01 2004 @ 02:59 PM EST
- Service packs - Authored by: Anonymous on Sunday, February 01 2004 @ 11:20 PM EST
- The water is fine / user partition / MyDoom protection - Authored by: captainhaddock on Sunday, February 01 2004 @ 03:34 PM EST
| |
| Authored by: Anonymous on Sunday, February 01 2004 @ 09:33 AM EST |
PJ
Perhaps it would be nice to put all statements SCO made about the mydoom virus
side by side to show their inherent contradictions (like your comparison of SEC
filings). It may be a good resource to point to news reporters when they
scramble to write more SCO FUD early morning tomorrow.[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Sunday, February 01 2004 @ 09:35 AM EST |
According to this site its
14:35:10 GMT Sunday, February 1, 2004 and I'm reading this
article in the Sydney Morning Herald.
The article says "The MyDoom
internet worm has claimed its first scalp, paralysing the website of American
software firm SCO Group with a massive data blitz" ... "MyDoom infected PCs from
which it would launch a debilitating denial-of-service attack on SCO on Sunday.
The trigger was set for 1609 GMT" - which actually hasn't transpired
yet!
Seriously good journalism all round!
[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Sunday, February 01 2004 @ 09:36 AM EST |
...What about all those interviews? They told the world for days and
the SEC in an official filing that MyDoom had hit them already. Somebody must
have finally told SCO that MyDoom was timed for today.
Woops.
So now the story
is that it's ISPs that are blocking their site, and of course no one in the
media remembers what Darl and Co. said just a day or two ago, so of course there
are no followup questions. They just print whatever SCO tells
them:
A large percentage of the so called "main stream" jouralists
and analysts appear to be less than professional. Perhaps Groklaw can setup a
service for responsible reporting and analysis with research and follow-up. (for
a fee of course)[ Reply to This | # ]
|
| |
| Authored by: hughesjr on Sunday, February 01 2004 @ 09:37 AM EST |
So, the only PC's attacking right now have really stupid Windows owners ...
1. They became infected in the first place.
2. With all the press, they have ignored it all and not cleaned up their PCs.
3. They can't even set the proper time and time zone on their Windows PC's.
And their are enough of those computers to shutdown the SCO website when 16:09
GMT is still 1 hour and 32 minutes from now?
Can't news media outlets tell time?[ Reply to This | # ]
|
| |
| Authored by: belzecue on Sunday, February 01 2004 @ 10:12 AM EST |
| What's going down with Ralph Yarrow and Canopy and their Jan 30 SEC filings
here,
here, and
here?
[ Reply to This | # ]
|
| |
| Authored by: dlamming on Sunday, February 01 2004 @ 10:30 AM EST |
Ok, I finally have to say something. I support linux. I've been running
linux servers of one kind or another since 1997, and I've been using Unix
systems since I was in high school. I also don't like SCO. They are a bunch of
dirty scoundrels, and I hope IBM pounds them into the ground.
But the
windows-bashing comments recently are ridiculous. To point, I know most
Groklaw readers don't use Windows computers on the internet , not to
mention If I had to use a Windows box, I know for sure I'd not use my
computer on the internet today anyway.
You may know the stats for
groklaw visitors (assuming, of course, that the user agents report everything
correctly), but there are plenty of us who view Groklaw from Windows. Sure, the
security situation sucks. But don't assume that everyone running Windows is an
idiot. Plenty of us don't open unsoliticed attachments, or have virus scanners
running, and have firewalls up. There are advantages to running a Windows
system, just like there are advantages to running a linux system or Mac OS X.
Just because I wouldn't wish OS X on my worst enemy doesn't mean I think people
shouldn't be free to use it.
The thing is, patching a personal windows
system is easy. Yes, yes, if MS doesn't release the patch, you could be screwed.
But most people with a clue don't have problems with a windows machine.
Conversely, if you don't have a clue with a linux box, you're in trouble. I've
only been rooted once (wu-ftpd, of course, my own fault), but I know people
who've been rooted via sendmail _one day_ after the exploit was announced.
Keeping linux boxes patched is just as much as an issue as for windows.
And
lets be honest. The real problem is gonna come in the form of a day-zero
previously undicovered expolit, and then we'll all be in trouble.
Please
PJ, stick to the SCO story [ Reply to This | # ]
|
- Windows bashing - Authored by: Anonymous on Sunday, February 01 2004 @ 11:04 AM EST
- Windows bashing - Authored by: Anonymous on Sunday, February 01 2004 @ 11:28 AM EST
- Windows bashing - Authored by: Anonymous on Sunday, February 01 2004 @ 11:34 AM EST
- Windows bashing - Authored by: Anonymous on Sunday, February 01 2004 @ 11:44 AM EST
- Windows bashing- oh look at the facts, sheesh - Authored by: Anonymous on Sunday, February 01 2004 @ 12:01 PM EST
- Windows bashing: Patch FUD - Authored by: Anonymous on Sunday, February 01 2004 @ 12:38 PM EST
- Uhhhh..I'd reply but my computer is locked up... - Authored by: Anonymous on Sunday, February 01 2004 @ 12:46 PM EST
- Windows bashing - Authored by: Anonymous on Sunday, February 01 2004 @ 12:47 PM EST
- Windows bashing - Authored by: martimus on Sunday, February 01 2004 @ 12:56 PM EST
- PJ's Human, Too - Authored by: Weeble on Sunday, February 01 2004 @ 01:04 PM EST
- Windows bashing - Authored by: PeteS on Sunday, February 01 2004 @ 02:18 PM EST
- It's real simple, pay attention now... - Authored by: Anonymous on Sunday, February 01 2004 @ 02:20 PM EST
- Windows bashing - Authored by: Anonymous on Sunday, February 01 2004 @ 11:44 PM EST
| |
| Authored by: phrostie on Sunday, February 01 2004 @ 10:37 AM EST |
I know the MS Unix tools threads are several weeks old now. but i had a thought.
are there any quotes in the records from MSs fud campaign (was it last year or
before) when they were screaming, "Linux is not Compatible with
Windows"?
somehow i suspect these will be nice to have around when they start thier next
wave of Features and FUD.
maybe have a sample question section ready for member of the media.
things like, "if you are going to give away the MS unix tools for free, why
not build on tools that already exist and donate code GPLd projects like
Samba?"
---
=====
phrostie
Oh I have slipped the surly bonds of DOS
and danced the skies on Linux silvered wings.
http://www.freelists.org/webpage/cad-linux[ Reply to This | # ]
|
| |
| Authored by: brenda banks on Sunday, February 01 2004 @ 10:54 AM EST |
isnt it just amazing how the news people just DO NOT ASK any questions and
expect real answers
so i added something new to my sig
maybe news people can take a subtle hint
i admit we have a few that are doing great and with my memory i am liable to
forget one if i try to list but shankland and mcmillan are 2 excellent ones
---
br3n
irc.fdfnet.net #groklaw[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Sunday, February 01 2004 @ 11:22 AM EST |
"of course there are no followup questions. They just print whatever SCO
tells them"
apologies for being slightly off-topic, but imho, an
unquestioning press and media consolidation threatens democracy.
PR can be
highly effective with an unquestioning media.
on media
consolidation:
November 24, 2003: "In a last minute deal Senate
leaders and the White House compromised on the TV station ownership cap. It was
increased just enough to allow Viacom [CBS,UPN,MTV,VH1,BET,Blockbuster Video,CBS
Radio, Simon and Schuster ..] ] and News Corporation [Fox, NY Post, The Times of
London, Harper Collins, Knicks, Rangers, Dodgers...] to keep all their stations
(39% limit)."
This largely uncommunicated deal came about because
FOX and CBS would have been affected by this law:
July 23, 2003:
"The House voted 400-21 to approve a spending bill that included a provision
to block the FCC decision to allow major television networks to own up to
45% of the country's viewers. The Bush administration has voiced opposition to
the attempt to rescind the FCC ruling."
90% of all media in this
country is owned by 5 companies.
For continued growth these companies have a
vested interest in remaining friendly with (currently Bush's) FCC. But
continued growth of these companies threatens democracy.
Clear Channel
communications is another disturbing company... owner of >1200 radio stations
in this country, and the largest concert venues (of which each market only has a
limited number)...
http://pbs.org/now
was an excellent source of information on these topics - salon.com is another
good source.(PBS NOW is an excellent show on (at 8:30pm every Friday in New York
City, where I am, at least).[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Sunday, February 01 2004 @ 11:27 AM EST |
Fud alarm:
here
I don't know if it is a McBride statement or the auther
it says that:
"It is widely believed that supporters of Linux,
an open-source operating system and a popular alternative to the Windows
operating system, orchestrated this and previous non-virus attacks
against SCO’s website. SCO recently claimed that key parts of the Linux
operating system are covered by its Unix copyrights."
I send them a
email complaining about the story[ Reply to This | # ]
|
| |
| Authored by: minkwe on Sunday, February 01 2004 @ 11:36 AM EST |
| SCO says Worm has hit already according to this reuters article
Also, according to
netcraft it appears SCO has switched from Linux to OpenBSD on their webserver.
This tells me that they just can't wait for their site to be DDOSED. As you can
see from this benchmark article,
OpenBSD does not scale well at all and is not recommended for network servers.
The article concludes that:
"OpenBSD 3.4 was a real stinker
in these tests. The installation routine sucks, the disk performance sucks, the
kernel was unstable, and in the network scalability department it was even
outperformed by it's father, NetBSD. ... If you are using OpenBSD, you should
move away now.
"
---
SCO's lawsuit is a little like
locking the door on Martin Luther King Jr.'s jail cell and expecting to stop the
civil rights movement. [C|net] [ Reply to This | # ]
|
- Open BSD. . . - Authored by: Anonymous on Sunday, February 01 2004 @ 12:08 PM EST
- OT: Open BSD. . . - Authored by: Anonymous on Sunday, February 01 2004 @ 12:24 PM EST
| |
| Authored by: Anonymous on Sunday, February 01 2004 @ 12:06 PM EST |
Has anyone noticed how the media has basically left M$ untouched by this? In
other words why hasn't any reporter hammered on M$ about their closed source OS?
Indeed, this worm and/or trojan is spread by computer users utilizing M$
widows. Hence, the worm is spread by M$ insecurities. If fewer users were
using windows the amount of damage would be less.
This could be a real PR coup. It makes M$ look bad, which really is not all
that difficult to do, and makes GNU/Linux look good, which is very easy to do.
Additionally is the issue of the mass number of untrained computer users. Less
than twenty years ago a person who bought a computer was automatically
'enrolled', if you will, in a 'how to use this contraption' class. These
classes would normally be held two evening a week for a couple of weeks or so.
The cost of the classes was built into the cost of the computer system purchase
price. I don't know of any 'classes' for new computer users anymore.
In total, we have a highly popular OS (windows) that comes with security holes
big enough to drive a tank through and millions of computer users running that
OS who have no clue. A very unhealthy situation, to be sure. And, I don't see
that situation changing either.
ISP's can do more, to a degree. They could install a mail server anti virus
program. However, the cost of said program would lead to an increase in monthly
user recurring costs. Dependent upon the increase, that cost might possibly be
worth it.
Lastly, since this worm/trojan is being propogated by M$ insecurities, why
hasn't Caldera announced they intend to sue M$?
krp[ Reply to This | # ]
|
- Fasinating. . . - Authored by: Anonymous on Sunday, February 01 2004 @ 12:38 PM EST
| |
| Authored by: hughesjr on Sunday, February 01 2004 @ 12:29 PM EST |
I am a very happy camper .... my home network(4 linux and 4 Windows computers)
and the corporate network I manage (2 UNIX, 14 Linux and 400 Windows PCs) are
not sending any traffic to www.sco.com. Yipeee![ Reply to This | # ]
|
| |
| Authored by: Anonymous on Sunday, February 01 2004 @ 12:33 PM EST |
One wonders if a /. effect is happening :-)
Now there is a minor irony if the majority of people
visiting the SCO site online are linux lovers.
One wonders if SCO read their logs. One wonders if they
would like to put their contents in statistical form in
the public domain to prove any statements they wish to
make about web traffic today.
Then there may be a question to be answered that looks
like this 'if you keep rebuilding your web server and
changing the version of software how will you ever become
expert at it?'
[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Sunday, February 01 2004 @ 12:33 PM EST |
| We may never know for sure who is behind it.
However it's just as plausible to
suspect SCOX (or related interest)
is behind it as a disgruntled Linux
advocate.
I find it suspicious that this MyDoom worm benefits
SCOX:
- It launches a DDOS attack from Feb 1 - 12. Given that Feb 6
is a significant day in their case against IBM not likely to go well this worm
creates a PR diversion.
- SCOX can claim again that they are under attack in
a Linux War and again blame Linux advocates
- All SCOX needs to do is
to look at their web log of what IPs are hitting them repeatedly and they know
which machines are infected and available for zombie control. These zombies can
be used for further spam and worm attacks.
[ Reply to This | # ]
|
| |
| Authored by: MacUser on Sunday, February 01 2004 @ 12:39 PM EST |
I got through to a more senior techie, who knew exactly what the story
was. But what intrigued me is that the clueless individual leapt to the
conclusion that Linux was the *victim* not the perp. There's hope yet,
even for journalists:)[ Reply to This | # ]
|
- Sorry! - Authored by: MacUser on Sunday, February 01 2004 @ 12:42 PM EST
| |
| Authored by: zjimward on Sunday, February 01 2004 @ 12:47 PM EST |
SCO's right about the digital age being like the wild west. Just like the dime
novels of the old west SCO uses the media to paint it's picture of the truth. By
over dramatizing the known they make what is nothing but a coincident appear to
be a terroristic attack. Those who believe in the principles behind open source
believe in the law. They believe in the rights given by freedom itself to share
ideas. They believe SCO is wrong and when the evidience is shown in court that
it will reveal that Linux is truly free of SCO's IP. SCO is using the media as a
cheap tabloid to win it's case in the court of popular opinion.
[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Sunday, February 01 2004 @ 12:53 PM EST |
Date: Fri, 30 Jan 2004 14:48:51 -0800
From: ITG <THEIR ADDRESS DELETED>
To: (MY ADDRESS DELETED)
Subject: VIRUS UPDATE: Jan. 30
Mime-Version: 1.0
x-priority: 1
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
** High Priority **
VIRUS UPDATE: Jan. 30
As of today, Friday, Jan. 30, 2004, computers on the OHSU network will be
blocked from accessing the Web site
http://www.sco.com/
The reason for this decision is because computers infected with the MyDoom virus
are set to begin a denial-of-service attack against SCO's Web site beginning on
Sunday morning, Feb. 1, at 12:01 a.m. To mitigate this attack from machines
inside OHSU's network, ITG is diverting all traffic for
http://www.sco.com/ to 127.0.0.1 (known as a loopback address). This will
prevent infected computers from sending traffic to the network that is targeted
for SCO. OHSU will maintain this position through Feb. 12, when the attack is
designed to end.
For similar reasons, ITG will be blocking all Microsoft Web sites beginning on
Monday, Feb. 2, at 5 p.m. This block will be maintained for 24 hours. ITG will
monitor traffic and will determine if the block can be lifted Tuesday
afternoon.
In addition, the block on messages with specific subject lines has been lifted.
This includes subjects that begin with:
test, hello, hi, status and others.
ITG is in the final stages of cleanup for the MyDoom virus. If you have
questions, please first check the HelpDesk Web site for the latest status report
at http://helpdesk.ohsu.edu
Please also note: ITG is unable to block attachments that come through various
Internet Service Providers, such as Yahoo or Comcast, and many employees access
mail from remote accounts via the OHSU network. Therefore you should ALWAYS use
caution before opening attachments unless you were expecting to receive the
attachment or you are
reasonably certain the attachment is something that is valid.
-----------------
I don't know if the above strategy makes any sense.[ Reply to This | # ]
|
| |
| Authored by: Stefan on Sunday, February 01 2004 @ 12:54 PM EST |
Referring to my suggestion a couple of days ago I still think it makes sense to
have ready written "press kits". Specially in a situation like this,
or every time SCO counters a dip in stock evaluation with a press release.
So if I see some misinformed newspaper story I can come here and copy&paste
a reply into an email to that newspaper or website. Getting the reply from here
would have the advantages of getting a well written, well informed and hopefully
unbiased reply with far greater impact than flame mail. Maybe even written by
somebody with english as their first language. I don't understand the finer
points of english "legalese" myself.
I think the media have changed their attitude to SCO. They are more sceptical
now and I think we can use that to our benefit. SCO have played this in the
media for 10 months, I think it's our turn now...[ Reply to This | # ]
|
| |
| Authored by: Chris Cogdon on Sunday, February 01 2004 @ 01:10 PM EST |
| Well, looks like SCO has removed www.sco.com from the DNS, which was in
fact one of Netcraft's suggestions.
I've confirmed this with queries from
several machines i have access to. That will mitigate it somewhat, I guess,
except in the case where the DDoS zombie has already obtained the target IP
address. [ Reply to This | # ]
|
| |
| Authored by: inode_buddha on Sunday, February 01 2004 @ 01:16 PM EST |
In response to PJ's article WRT virus damage: I've never had one on Linux. So
that's 7 years and counting. My Dad got Sircam when it came out because his
Norton AV wasn't updated, etc. And it sprayed the contents of his 401(k) and
company stock out to a few hundred strangers via his cable modem. That was when
he suddenly became aware of the liability disclaimer attatched to his EULA's...
---
"Truly, if Te is strong in one, all one needs to do is sit on one's ass, and the
corpse of one's enemy shall be carried past shortly." (seen on USENET)[ Reply to This | # ]
|
| |
| Authored by: davcefai on Sunday, February 01 2004 @ 01:40 PM EST |
It seems that a possible strategy by the My Doom author(s) has worked.
The SCOX PR machine has swamped the media who are concentrating on the DDOS
attack. Hardly anyone mentions the other behaviours of the worms.
The writers' social engineering skills are pretty good. They have quietly gained
a huge number of zombies and spam relays, relying on Darl's big mouth to push
this into the background.
[ Reply to This | # ]
|
- Strategy - Authored by: Anonymous on Sunday, February 01 2004 @ 02:23 PM EST
| |
| Authored by: sjohnson on Sunday, February 01 2004 @ 02:07 PM EST |
| It's probably true that some network have taken steps to negate the DDos. But
The SCO Group itself was very ready to deal with a Denial of Service Attack.
Part of my job is being the DNS Administrator for very large State network.
Last week I spent a great deal of time reseaching the Mydoom.A virus. I was
looking into ways of minimizing the DDoS against www.sco.com. One of the options
I was looking was inserting a sco.com domain on all of public DNS server on our
network. A last resort type of thing.
In looking to craft the sco.com DNS
zone, I notice that most of the DNS records had a time-to-live (TTL) of 60
seconds.
The SCO Groups network admins can shift or delete any record in short
order. The changes would propogate over the Internet very quickly.
In notice
that The SCO Group uses the year, month, date, sequence # format for the
sco.com's serial number. The serial number is 2004020103 which generally means
that there have been 3 DNS updates for today. And as others have posted one of
the changes was removing the www.sco.com record. The viruses didn't have a
target to attack. DDoS avoided.
And FYI, DNS servers for a domain are
divided into one primary server and the rest are secondary servers. The primary
server has the master copy of the DNS information. THe scondary servers have
copies of the DNS data obtained from the master server.
There is a special
DNS records type called Start of Authority (SOA). The SOA record determines how
the secondary servers interact with the primary server. The serial number I
spoke of earlier is a part of the SOA record.
The serial number is one
mechanism that a secondary server uses to check for updates to DNS data. The
secondary server periodically poll the primary server's SOA record. If the
serial number on the primary server is bigger then the serial number of the
secondary server, there is newer data on the primary server. The secondary
servers download a new copy of the domain data. [ Reply to This | # ]
|
| |
| Authored by: grouch on Sunday, February 01 2004 @ 02:08 PM EST |
Viruses incubate in Microsoft Windows.
Linux, FreeBSD (et.al.), Unix == anti-virus.
Anti-virus companies rake in tons of money as co-parasites leaching on MS
Windows users, alongside Microsoft.
From this:
1. Why would anyone expect anti-virus companies to provide information about a
cure for the problem rather than just a temporary relief from the symptoms? They
sell symptomatic relief; a cure puts them out of a job.
2. Following the (apparent) norm of reporting without facts,
which of the following is more plausible:
2.a. Linux users, who suffer no ill effects from the 50,000+ MS Windows viruses,
except for noticing a temporary slowdown on the Internet, spend all their time
in their moldy dungeons by the light of green-screen monitors hacking away to
create malware to randomly delete Grandma's JPEGs of her last visit with the
grandchildren, by ransacking her hopelessly flawed Outhouse Express.
2.b. The various and sundry worms and viruses are the latest rounds in the
ongoing fight by Anti-Virus companies and Microsoft against MS Windows users, in
an attempt to both justify these companies' existence and extract more money
from their victims.
3. The big crowd pursuing the easy dollar will always make more noise than the
comparatively small group pursuing truth and integrity. Microsoft, the
anti-virus industry they spawned, and a whole horde of pseudo-tech, pseudo-news
leaches riding their coat-tails, will continue to squeeze, cajol, threaten and
scare their victims into forking over money.
4. If you're a Linux or FreeBSD user, do your friends and family a favor: rescue
them from the terrorism perpetrated by those listed in 3. above.
4.a. Set up a simple, customized personal computer, based on what you can
maintain, for them. It won't take them long to learn to expand it if they so
choose; there are no armed Federal Marshals lurking in the shadows to prevent
them from learning and sharing.
4.b. Set up a simple firewall using an old PC. This will further reduce the
aggravations your friends and family suffer from those who attempt to profit
from the above terrorism.
Your friends and family are almost certainly innocent victims and certainly
deserve to be free:
1. Free from fear of inadvertent mouse clicks crashing their computers,
2. Free from fear of buggy "apps" destroying their data,
3. Free from fear of email attachments eating their files,
4. Free from fear of clicking a link that formats their drive or BSODs their
system or sets porn-sites as their home page,
5. Free from fear of downloads that give control of their computer to some
unknown, distant stranger with malicious intent,
6. Free from fear of websites that seize control of their computer through
Internet Explorer's "integration",
7. Free from fear of "Service Packs" that wreck.
[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Sunday, February 01 2004 @ 02:23 PM EST |
I just did a traceroute to see if/where SCO was being blocked. But instead of
using the standard traceroute port, I used port 80, so it'd look more like an
HTTP request.
~> traceroute -p 80 216.250.128.12
traceroute to 216.250.128.12 (216.250.128.12), 30 hops max, 38 byte packets
1 gw (192.168.1.1) 0.965 ms 0.521 ms 0.486 ms
2 InetAncHEgw-1.gci.net (24.237.0.1) 26.573 ms 11.078 ms 19.158 ms
3 33-128-165-209.gci.net (209.165.128.33) 19.677 ms 10.944 ms 11.962 ms
4 9-128-165-209.gci.net (209.165.128.9) 14.427 ms 10.858 ms 14.316 ms
5 202-129-165-209.gci.net (209.165.129.202) 42.508 ms 38.694 ms 44.714 ms
6 213-129-165-209.gci.net (209.165.129.213) 38.231 ms 50.221 ms 43.976 ms
7 bpr1-so-6-1-0.SeattleSwitchDesign.cw.net (208.173.49.5) 71.107 ms 52.888
ms 45.384 ms
8 acr1-so-6-0-0.Seattle.cw.net (208.172.83.186) 52.390 ms 51.111 ms 43.966
ms
9 dcr2-loopback.SantaClara.cw.net (208.172.146.100) 57.107 ms 71.018 ms
72.070 ms
10 bpr2-as0-0.PaloAltoPaix.cw.net (208.172.147.66) 68.002 ms 84.310 ms
69.323 ms
11 xo-communication-telc-audit.PaloAltoPaix.cw.net (206.24.241.6) 82.855 ms !H
* 73.111 ms !H
Huh. Host not available. Funny that. I guess MY ISP doesn't block SCO. Maybe
SCO's ISP is blocking them.
Oh, damn. Wait. traceroute uses UDP. Hmm.. Lemme check
tcptraceroute..
~> tcptraceroute 216.250.128.12 80
Selected device eth0, address 192.168.1.3, port 37296 for outgoing packets
Tracing the path to 216.250.128.12 on TCP port 80, 30 hops max
1 192.168.1.1 (192.168.1.1) 0.575 ms 0.484 ms 0.480 ms
2 InetAncHEgw-1.gci.net (24.237.0.1) 41.046 ms 14.891 ms 20.176 ms
3 33-128-165-209.gci.net (209.165.128.33) 12.982 ms 8.880 ms 9.058 ms
4 9-128-165-209.gci.net (209.165.128.9) 14.755 ms 12.180 ms 13.231 ms
5 202-129-165-209.gci.net (209.165.129.202) 41.609 ms 53.417 ms 44.210 ms
6 213-129-165-209.gci.net (209.165.129.213) 40.103 ms 41.884 ms 54.130 ms
7 bpr1-so-6-1-0.SeattleSwitchDesign.cw.net (208.173.49.5) 45.355 ms 51.269
ms 42.497 ms
8 acr1-so-6-0-0.Seattle.cw.net (208.172.83.186) 52.208 ms 49.653 ms 37.155
ms
9 dcr2-loopback.SantaClara.cw.net (208.172.146.100) 64.003 ms 68.512 ms
65.965 ms
10 bpr2-as0-0.PaloAltoPaix.cw.net (208.172.147.66) 75.830 ms 71.729 ms
69.482 ms
11 xo-communication-telc-audit.PaloAltoPaix.cw.net (206.24.241.6) 71.050 ms !H
* 72.088 ms !H
Oh, looky. No accessy. Silly Darl, FUD is for losers.[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Sunday, February 01 2004 @ 02:41 PM EST |
iirc, disassembly of the worm code showed that **one** connection to sco.com was
used, and only to check whether a live internet connection existed. There was no
actual DOS attack, only the appearance of one (a likely red herring, to deflect
attention from the real payload).[ Reply to This | # ]
|
| |
| Authored by: rand on Sunday, February 01 2004 @ 02:57 PM EST |
I'm no expert, but this looks to me like SCO has removed their own DNS entries:
-------------------------------------------------------
http://www.dnsstuff.com/tools/lookup.ch?name=www.sco.com&type=ALL
--------------------------------------------------------
How I am searching:
Searching for ALL record for www.sco.com at h.root-servers.net: Got referral to
i.gtld-servers.net. [took 53 ms]
Searching for ALL record for www.sco.com at i.gtld-servers.net.: Got referral
to nsca.sco.com. [took 150 ms]
Searching for ALL record for www.sco.com at nsca.sco.com.: Reports that no ALL
records exist. [took 99 ms]
Answer:
No ALL records exist for www.sco.com. [Neg TTL=1800 seconds]
Details:
nsca.sco.com. (an authoritative nameserver for sco.com.) says that there are no
ALL records for www.sco.com.
The E-mail address in charge of the sco.com. zone is: hostmaster@caldera.com.
----------------------------------------------------
c7ns1.center7.com. (an authoritative nameserver for sco.com.) says that there
are no AAAA records for www.sco.com.
----------------------------------------------------
nsca.sco.com. (an authoritative nameserver for sco.com.) says that there are no
A records for www.sco.com.
----------------------------------------------------
ns2.calderasystems.com. (an authoritative nameserver for sco.com.) says that
there are no MX records for www.sco.com.
----------------------------------------------------
etc., etc., for all record types.
but this works:
----------------------------------------------------
http://www.dnsstuff.com/tools/lookup.ch?name=www.caldera.com&type=ALL
----------------------------------------------------
Domain Type Class TTL Answer
www.caldera.com. A IN 60 216.250.128.12
caldera.com. NS IN 21600 ns.calderasystems.com.
caldera.com. NS IN 21600 ns2.calderasystems.com.
caldera.com. NS IN 21600 c7ns1.center7.com.
ns.calderasystems.com. A IN 3600 216.250.130.1
ns2.calderasystems.com. A IN 3600 216.250.130.5
c7ns1.center7.com. A IN 9707 216.250.142.20
----------------------------------------------------
as does this:
----------------------------------------------------
http://www.dnsstuff.com/tools/lookup.ch?name=www.calderasystems.com&type=ALL
----------------------------------------------------
Domain Type Class TTL Answer
www.calderasystems.com. A IN 60 216.250.128.12
calderasystems.com. NS IN 3600 ns.calderasystems.com.
calderasystems.com. NS IN 3600 ns2.calderasystems.com.
ns.calderasystems.com. A IN 3600 216.250.130.1
ns2.calderasystems.com. A IN 3600 216.250.130.5
----------------------------------------------------
---
The Wright brothers were not the first to fly an aircraft...they were the first
to LAND an aircraft. (IANAL and whatever)[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Sunday, February 01 2004 @ 03:27 PM EST |
There are now no DNS pointers to www.sco.com, and
only a
SOA
(state of authority) record is returned using 'dig.'
tetra:~ # traceroute www.sco.com
www.sco.com: Name or service
not known
tetra:~ # dig www.sco.com
; > DiG
9.2.2 > www.sco.com
;; global options: printcmd
;; Got
answer:
;; ->>HEADER
;; flags: qr rd ra; QUERY: 1, ANSWER:
0, AUTHORITY: 1,
ADDITIONAL: 0
;; QUESTION
SECTION:
;www.sco.com. IN A
;; AUTHORITY SECTION:
sco.com. 775 IN SOA
ns.calderasystems.com. hostmaster.caldera.com. 2004020103
3600
900 604800 1800
;; Query time: 66 msec
;; SERVER:
151.164.1.8#53(151.164.1.8)
;; WHEN: Sun Feb 1 12:24:24 2004
;; MSG SIZE rcvd: 102
Watch what happens
Monday - Darl McBride will claim that
his site was "unreachable" because
of the attacks. No,
the site was unreachable because they removed all DNS
pointers to www.sco.com!
Here's a simple analogy: you
can't get to Clownville if
the map doesn't show the road leading to it.
[ Reply to This | # ]
|
| |
| Authored by: Tim Ransom on Sunday, February 01 2004 @ 03:30 PM EST |
Balbutient Blake wasn't kidding when he said:
"I think
people will see some creative thinking on our part, on how we address
this,"
No doubt. The following
would make a weasel blush:
"Our company has had to fight for our
intellectual property rights the last 10 months or so in the industry. We've
tried to assert our intellectual property rights, and we've tried to do it in a
legal and forthright way. In response, we receive these types of activities by
individuals who have no desire to keep their activities within the bounds of the
law," Stowell said.
Bad, bad ISPs!!!
Maybe he thinks if he
spins fast enough, noone will see him.
Thanks again,[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Sunday, February 01 2004 @ 03:53 PM EST |
would someone please post or provide a link to a picture of mcbride. wondering
what he looks like?[ Reply to This | # ]
|
| |
| Authored by: DBLR on Sunday, February 01 2004 @ 04:42 PM EST |
I came across this docsrv web page and see
that it is working.
So does this mean that it is on a different server or
could it be
that not all of SCOG was knocked off line?
Charles [ Reply to This | # ]
|
| |
| Authored by: pooky on Sunday, February 01 2004 @ 05:04 PM EST |
From RoadRunner www.sco.com appears not to be resolvable in DNS. I get a
referrer to ns.calderasystems.com, but that nameserver isn't returning
resolution for www.sco.com. It appears that SCO has removed everyone's ability
to perform a DNS lookup on this site.
I guess this could be a defensive measure against the worm to protect the other
systems utilizing the same physical uplink and keep them running.
Just noticed that www.caledera.com is also not resolvable... Could this be yet
more SCO maintenance gone horribly wrong?
-pooky
---
Veni, vidi, velcro.
"I came, I saw, I stuck around."
[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Sunday, February 01 2004 @ 08:06 PM EST |
http://dailynews.att.net/cgi-bin/news?e=pri&dt=040201&am
p;cat=news&st=newstechwormdc
Reuters has picked up the
story...unfortunately, they have copped an attitude.
The following is the
only paragraph that even comes close to explaining why someone might want
to attack SCO Group.
SCO has drawn the ire of the
so-called "open source" programming community who object to the
company's claim that it has copyright control over key pieces of the Linux
operating system.
You can almost hear the venom drip off the reporters
fangs as they say "so-called".
[ Reply to This | # ]
|
| |
| Authored by: Observer on Sunday, February 01 2004 @ 11:16 PM EST |
| Uh... how does an Operating System attack a company?? It's just a
collection of software code.
Or, if you mean it is the people behind
the OS, then if a person using Windows attacks your servers, then does it mean
that Microsoft is attacking your company? [ Reply to This | # ]
|
| |
| Authored by: crs17 on Monday, February 02 2004 @ 04:05 AM EST |
Just to try something different, since I couldn't get to www.sco.com, I tried
www.scosource.com. It works!
The bad news is that its title is "Simon's Comic Online Source". The
good news is that the third link is to "Learn how to insult in many
languages (insultmonger.com)"
Perhaps this site belongs to our SCO after all![ Reply to This | # ]
|
| |
| Authored by: Sri Lumpa on Monday, February 02 2004 @ 10:11 AM EST |
PJ wrote:
Did he just say that SCO could avoid all their troubles
if they would secure their systems instead of sitting back? Why, yes. Yes, he
did.
It's even worse than that. Bill Gates also
said:
A high volume system like [Windows] that has been thoroughly
tested will be by far the most secure
If you combine both you get
the meaning of what Bill Gates is implying:
SCO should secure
their systems by switching to Windows
Didn't anybody tell him
that it is a Windows virus?
Had I seen Mr Gates helpful advice sooner
I would immediately have secured my computer by installing Windows on it before
checking my e-mails in peace, knowing that clicking on an attachment would be
harmless (not like that insecure Linux thing) and would in no way be able to
harm SCO's website.
As it is, given that I am still running Linux I am
quaking in fear that my misguided choice of OS might as we speak be harming an
innocent company that only tries to make an honest buck in a cruel
world.
---
I do not suffer from insanity; I enjoy every minute
of it. [ Reply to This | # ]
|
| |
| Authored by: tz on Monday, February 02 2004 @ 11:05 AM EST |
What Gates says is technically true: "A high volume system like [Windows]
that has been thoroughly tested will be by far the most secure".
It will (actually "could") be. It isn't yet, and probably won't be.
1. Windows (and it's internal component Internet Explorer - remember to type,
not click those URLS) has not been "thoroughly tested". It is in the
process, but most of that testing is being done by Phillipine Teenagers with too
much time on their hands or the Russian Spam Mafia.
2. When a test finds a problem, you need to Fix it. Correctly. Quickly. Not
deny until a sploit is released then complain about the sploit and wring your
hands for a few weeks until the next round of patches. Of course dropping
support after a few years and not fixing newly found problems (W95, O95, NT4,
O97, W98) means these never "will be secure". Maybe W2010 just before
they retire it will be as secure as Linux is now. But why wait?
3. Windows is fundamentally flawed since it is a monolith. A bug in IE, or I
guess WMP, or any other thing that under Linux, BSD, or commercial UNIX would
affect userland instead affects the core. It also leaves everything open and if
you spend a lot of effort you might be able to close half the doors. It would
be prohibitively expensive, even for M$ to actually "thoroughly test"
Windows to make it secure. The tests reveal that is should be scrapped and
rebuild in a modular form. Yea, like any of the Unicies. Of course that is
probably why MS keeps scrapping their old stuff as in my previous point. Apple
built on BSD and has gained the same benefits of doing things the right way
structurally (with a lot of elegance).
Linux and its applications are probably the most thoroughly tested and reviewed
code in common use (The only things more thoroughly tested would be mission
critical systems like medical devices). It runs on different architectures and
with all kinds of variants with people doing or trying stupid things. Problems
are quickly fixed. And a flaw in your current mailer doesn't (or at least
shouldn't at this point - upgrade!) allow them to access your hardware directly.
The 0.99 version was not bad, and every patch built and enhanced things. It
has been over a decade of continuous improvement. The base becomes more solid
as taller stacks of applications are built on it.
How many more worms and viri will we have this year?
[ Reply to This | # ]
|
|
|
|
|
