|
|
| SCO Sets Up Alternative Address - Finally |
 |
|
Monday, February 02 2004 @ 09:17 AM EST
|
Their press release announces they have set up an alternate address, which is a technique
they obviously could have implemented sooner. They had a week to prepare, after all.
Of course, then they couldn't send out breathless press releases. This is the new
address: www.thescogroup.com
It will be interesting to find out if there are some disappearing documents as a
result of this whole incident. I have gotten one report that the LKP page is missing so far. Bob Mims has some interesting details. Stowell says they have a number of backup tricks they can try: "We have had a good four to five days' notice of this," Stowell said, noting Mydoom's Jan. 26 launch. "We have a lot of backup plans in place." This raises the obvious question: why didn't they implement them *before* they were forced off the internet? If you see a train headed straight toward you, the sensible next move is off the tracks. Is that too simple and obvious? Or does SCO have an agenda that requires that they get taken down periodically? The Mims piece notes: Since it first filed suit against IBM last March, SCO claims its site has been crashed by several smaller scale denial-of-service attacks -- assaults which flood a target with commands that prevent others from accessing the site.
The attacks seemed timed in conjunction with controversial SCO announcements or Linux-related legal filings. Dan Gilmore puts it bluntly: That doesn't excuse the DDOS, but it does say something about SCO's credibility, not for the first time. SCO and its senior executives have shown themselves to be willing to stretch, if not snap, the truth -- such as Darl McBride's ridiculously inaccurate meanderings about copyright law, as Larry Lessig has picked apart in some detail. (The world is still waiting for SCO to show any actual violations of copyright, meanwhile.) The pattern I've noticed is odd. Am I misremembering or has anyone else formed the impression that every time Darl gratuitously makes a public statement about SCO being attacked, within a short time, there is some kind of alleged attack? I remarked to someone that it reminds me of Bin Laden releasing videos as a signal for attacks to begin. Of course, it could all just be a remarkable coincidence. Incidentally, you might find Netcraft's report on this of interest, as well as their
FAQ and their
chart on web servers. Netcraft
noticed one detail: sco.com actually resolves to the same ip address as www.thescogroup.com.
% host sco.com
sco.com has address 216.250.128.21
% host www.thescogroup.com
www.thescogroup.com has address 216.250.128.21
The press release:
*******************************************************
SCO PROVIDES ALTERNATE COMPANY WEB SITE ACCESS AND UNITES WITH VENDORS
TO COMBAT VIRUS
SCO to provide alternate access to company Web site through www.thescogroup.com
LINDON, Utah—Feb. 2, 2004—The SCO Group, Inc. (Nasdaq: SCOX), the owner of the
UNIX ® operating system and a leading provider of UNIX-based solutions, today
announced it has put alternatives in place for individuals wanting to access its
company Web site. The company is asking customers, resellers, developers,
shareholders and all other Web site visitors to use www.thescogroup.com as the
destination for the company’s Web site through the end of Feb.12, 2004. The
company is putting this alternative Web address in place because the recently
announced Mydoom or Novarg virus creates an attack that is designed to prevent
access to www.sco.com from Feb.1–12, 2004.
“Security experts are calling Mydoom the largest virus attack ever to hit the
Internet, costing businesses and computer users around the world in excess of $1
billion in lost productivity and damage,” said Darl McBride, president and CEO,
The SCO Group, Inc. “Because one of its purposes is to interrupt access to the
www.sco.com Web site, we are taking steps to help our important stakeholders
continue to access the information, data and support that they need from this
new www.thescogroup.com Web site.”
The www.thescogroup.com Web site will provide visitors with all of the
accessibility and resources that they would normally have when visiting
www.sco.com. In addition, the company is including links that point visitors to
security vendors, including Network Associates and Symantec, that will provide
them with all of the latest information on how to download software updates and
protect their PCs against the Mydoom virus.
“Increased traffic has already begun hitting www.sco.com in the last couple of
days,” said Jeff Carlon, director of worldwide IT infrastructure, The SCO Group.
“We expect hundreds of thousands of attacks on www.sco.com because of these
viruses. Starting on Feb.1 and running through Feb.12, SCO has developed layers
of contingency plans to communicate with our valued customers, resellers,
developers, partners and shareholders. The first step of that plan is the
implementation of www.thescogroup.com.” For those having problems getting
through to SCO on the Web, customers may call their local sales office or
1-800-SCO-UNIX (726-8649) to gain assistance from a SCO representative.
Earlier this week, SCO announced that it is working with U.S. law enforcement
authorities including the U.S. Secret Service and Federal Bureau of
Investigation (FBI) to determine the identity of the perpetrators of the Mydoom
virus. The company also announced that it has offered a reward of up to a total
of $250,000 for information leading to the arrest and conviction of the
individual(s) involved with the creation of the virus. Anyone with credible
information or leads should contact their local FBI office. “We believe that
Microsoft’s $250,000 reward in addition to the $250,000 reward offered by SCO
will significantly assist the FBI in obtaining serious leads that may help catch
the perpetrators of this virus,” said McBride.
|
|
|
|
| Authored by: Anonymous on Monday, February 02 2004 @ 09:31 AM EST |
SCO Partner Alert
Mydoom or Novarg Virus Work-arounds
Mirrored availability of SCO Web site at
http://www.thescogroup.com
As you are probably aware, on Monday, January 26, a computer
virus called Mydoom (Network Associates' name) or Novarg
(Symantec's name) spread quickly across the Internet. Antivirus
companies have determined that this worm is coded such that
computers infected with the Mydoom variant are set to conduct
a distributed denial of service (DDOS) attack against www.sco.com
from February 1 - 12.
In short, the virus is activated when users open an innocent-looking
e-mail message that contains an attached program file (with a .bat,
.cmd, .exe, .pif, .scr, or .zip extension) which then accesses
the user's e-mail address book and sends itself to all of that
user's contacts. The offending e-mail message usually
arrives with a subject line such as "Test," "Hi," or
"Mail Transaction Failed."
The SCO Group boldly condemns this latest action, and is taking
several active steps to fight against acts of cyber-terrorism
such as that launched by the creator(s) of the Mydoom virus.
* On January 27, SCO announced that we are offering a reward of
up to a total of $250,000 for information leading to the arrest
and conviction of the individual(s) responsible for creating the
Mydoom virus.
* SCO is working closely with U.S. law enforcement authorities
including the U.S. Secret Service and the Federal Bureau of
Investigation (FBI) to determine the identity of the Mydoom
creator(s)
* SCO is launching a "mirrored" Web site (which will provide
all of the information currently available at www.sco.com) to
continue business as usual with partners and customers -
see http://www.thescogroup.com
As a valued SCO Solution Provider, your uninterrupted, successful
SCO UNIX business is important to us. If you are unable to connect
to the information or resources that you need during the targeted
dates of the Mydoom virus, please contact SCO right away by
e-mailing ukinfo@sco.com.
Thank you for your continued support,
Darl McBride
President & CEO
The SCO Group
______________________________________________________________________
This message was sent by The SCO Group using Responsys Interact.
[ Reply to This | # ]
|
- From the horse's mouth... - Authored by: belzecue on Monday, February 02 2004 @ 09:46 AM EST
- ...you get horse breath. - Authored by: rand on Monday, February 02 2004 @ 09:48 AM EST
- Spammers need the FUD - Authored by: Anonymous on Monday, February 02 2004 @ 10:01 AM EST
- How does this work? - Authored by: Anonymous on Monday, February 02 2004 @ 10:16 AM EST
- Hmm. - Authored by: Anonymous on Monday, February 02 2004 @ 10:18 AM EST
- Hmm. - Authored by: Anonymous on Monday, February 02 2004 @ 10:31 AM EST
- Hmm. - Authored by: RSC on Monday, February 02 2004 @ 08:51 PM EST
- Hmm. - Authored by: Jude on Monday, February 02 2004 @ 11:15 AM EST
- Are you sure it's the mouth? - Authored by: Anonymous on Monday, February 02 2004 @ 12:11 PM EST
- Bad news scrolls off finance sites - Authored by: Anonymous on Monday, February 02 2004 @ 01:00 PM EST
- From the horse's mouth... - Authored by: Anonymous on Monday, February 02 2004 @ 01:56 PM EST
- From the horse's mouth... - Authored by: Anonymous on Monday, February 02 2004 @ 02:51 PM EST
| |
| Authored by: Anonymous on Monday, February 02 2004 @ 09:35 AM EST |
Hey, did anyone else notice that the word "Linux" doesn't appear
anywhere in those messages?
I'm impressed that Darl resisted what so many journos haven't been -- the
temptation to say Mydoom is a tool of disgruntled Linux users.[ Reply to This | # ]
|
| |
| Authored by: belzecue on Monday, February 02 2004 @ 09:41 AM EST |
It really is mind-boggling. You cannot buy this level of publicity.
By giving SCO the global platform the likes even *they* could not have imagined,
the authors of MyDoom have done more damage to FOSS's image than anyone anywhere
-- all in a few days. Was this their intention, or did they simply fail to see
how SCO would turn it around to its own advantage? Was it what many suspect:
that spammers simply piggybacked the DDOS as an afterthought with SCO being the
first target, understandably, that popped into their heads?
Cry me a river. Next we will discover that Darl is fielding book and movie
deals.
Friday cannot come too soon.[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Monday, February 02 2004 @ 09:48 AM EST |
> It will be interesting to find out if there are some
> disappearing documents as a result of this whole incident.
Given how much Groklaw and other critics of SCO refer
directly to documents at www.sco.com, it could be said to be
suspiciously convenient to SCO, if some embarrassing files
become permanently, or even just temporarily inaccessible at
the addresses the critics use to refer to them. Hmm...
What happens if, say, IBM files on Friday a motion that has
references pointing to the SCO site (because it has been
in preparation for a longer time), but they cannot be read
by the judge because of MyDoom?
Anyone still thinking that the "Linux Community" could
somehow be behind the MyDoom worm? The attack against
www.sco.com could in fact be considered evidence of exactly
the opposite!
[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Monday, February 02 2004 @ 09:53 AM EST |
| First thing I noticed about this post was that SCO is still on the same track
(no surprise) and is still claiming to be the owner of the UNIX ® operating
system.
Lots of people say "it ain't that simple", for example:
http://news.com.
com/2010-1071_3-1015624.html?tag=fd_nc_1
[ Reply to This | # ]
|
| |
| Authored by: Alizarin on Monday, February 02 2004 @ 09:59 AM EST |
You know, Microsoft better show signs of the virus attack or SCO is going to
look like an even bigger liar then they already are.[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Monday, February 02 2004 @ 10:03 AM EST |
Their press release announces they have set up an alternate address, which is
a technique they obviously could have implemented sooner. They had a week to
prepare, after all.
Until now, Groklaw has done an excellent job on
commenting on legal claims made by SCO. Simply pointing out the details of every
statement SCO made has been enough to bang SCO on the head with a hammer. In the
reporting on the MyDoom case however, it seems that we all need to tell the
world that we would have responded much more clever and coherent if it was us
that was the target of MyDoom.
This is well below the standards that made
Groklaw famous. It may indeed be quite difficult to ensure that all pages refer
to the domain name, while at the same time making sure that it will also work
when they can ever switch back to their original domain. Maybe it is simple and
they just missed the chance. But this has very, very little to do with the real
issues we have with SCO.[ Reply to This | # ]
|
| |
| Authored by: gbl on Monday, February 02 2004 @ 10:03 AM EST |
| The following is the text of a short article in a UK free paper (Metro, Mon, Feb
2nd.)
Software giant is first to meet Mydoom
The
Mydoom Internet virus claimed its first corporate
scalp yesterday, paralysing
the website of software giant SCO with a massive data blitz. SCO, which has
angered many programmers by claiming copyright over parts of the Linux operating
system, said its site went down after it was "flooded with requests beyond
capacity". A variant of the virus has been timed to target Microsoft
tomorrow.
A "software giant" ?!?
---
If you love some
code, set it free. [ Reply to This | # ]
|
| |
| Authored by: rand on Monday, February 02 2004 @ 10:04 AM EST |
SCOG last edited the www.thescogroup.cpm record on Jan 29, 2004. Hmmm....
They've had thescogroup.com available since Aug, 2002; they could have been
using it anytime, but didn't.
I've been doing some early checking, and so far, any content that used to be
under www.sco.com or www.caldera.com seems to be available at
www.thescogroup.com. With all the eyes on them, they'd be stupid to start
trying to hide stuff now.
---
The Wright brothers were not the first to fly an aircraft...they were the first
to LAND an aircraft. (IANAL and whatever)[ Reply to This | # ]
|
| |
| Authored by: TwinDX on Monday, February 02 2004 @ 10:05 AM EST |
www.thescogroup.com resolves to the IP address 216.250.128.21, which is the same
IP address as www.sco.de, uk.sco.com and sco.com. From what I recall,
www.sco.com was also on this IP address.
http://216.250.128.21/ has been working fine for ages and has had some good
response times over the past couple of days. Also if I recall correctly, from
some research by Symantec or someone, the virus didn't point to www.sco.com but
to the IP address instead (it'd already resolved it) and taking apart the virus
in a hex editor (I was bored) there was no sign of www.sco.com in plain text
whatsoever, but there was a load of Windows API names obvious there, so I doubt
any obfuscation has taken place and it really is in there as an IP address
instead (my Windows box has updated antivirus software so I can't look again to
double check).
My meandering through thoughts leads me to this:
SCO took precautions to prevent the DDoS but couldn't resist another press
release. Their server rode out the storm, and never went down (that'll be
because it's not running their shoddy OS but FreeBSD now, according to Netcraft)
- but that wouldn't make news in Darl's world - better to make out that you were
taken down by Open Source Commie Pinkos but came back fighting with the twin
spears of capitalism and proprietary software, and won.
Incidentally, earlier today BBC News carried the story but only mentioned
Microsoft in the summary - nothing about Darl's Army - and it appeared just next
to a big article about how Linux was conquering everything and how IBM's Linux
work is great =)[ Reply to This | # ]
|
| |
| Authored by: phrostie on Monday, February 02 2004 @ 10:23 AM EST |
i agree that many documents will disappear with the www.sco.com server, but the
new name does help make a distinction between sco and scog/scox.
we should concentrate on how to use this to help people understand that they are
not the Santa Cruz Organization.
they are not the OpenGroup(they don't own Unix(R))
they are the failed business formerly known as Caldera.
they did release their software under the GPL.
they did and do understand what the GPL says.
and now, they are grasping at staws as they sink down below the surface.
[sounds of bubbles]
on a side note:
i was thinking last night, if the media won't let go of the idea of mydoom being
someones idea of revenge against scog.
maybe someone should point out that a former Unixware Admin or resaler would
have more reason to hate the current scog leadership than the Linux community.
after all this is done, Linux will continue on. it will adapt and be stronger
next time.
regardless of the outcome scog and unixware are history. no one will ever
willingly do business with them again.
the TCO of the keeping laywers is too high.
---
=====
phrostie
Oh I have slipped the surly bonds of DOS
and danced the skies on Linux silvered wings.
http://www.freelists.org/webpage/cad-linux[ Reply to This | # ]
|
- nitpick - Authored by: Anonymous on Monday, February 02 2004 @ 11:08 AM EST
- Boycot SCO! :-) - Authored by: darthaggie on Monday, February 02 2004 @ 11:58 AM EST
| |
| Authored by: Anonymous on Monday, February 02 2004 @ 10:50 AM EST |
With all these conflicting reports of SCO being hit, did it ever occur to anyone
to try the following:
http://sco.com
Their site has been up and running all weekend without any slowdowns or
interruption. Maybe they thought the virus writers were stupid enough to target
a subdomain or they think people are too stupid to know that you don't need to
have "www" in the website address.
[ Reply to This | # ]
|
| |
| Authored by: AMc on Monday, February 02 2004 @ 11:04 AM EST |
Actually, this goes directly to the heart of the case against SCO Group. SCO
Group has taken the facts; a virus that will test for internet connectivity by
polling www.sco.com once, and twisted them into something along the lines of the
following:
- an attack starting before their 10k filing
- an on-going attack lasting from 29 Jan to 12 Feb
- ISP's blocking their website to 'protect' them
- their own website 'hammered' offline
- their own dns entry removed
The antivirus community has picked apart the virii, so it's activities are
documented. Yet they attempt to portray the virii as actively attacking their
webservers for nearly two weeks. Three different stories about how SCO Group
would ride out the storm, none entirely accurate. And an ongoing attempt to
imply substantial damages without a single citation or study to back it up. If
only from a business perspective, the leadership of SCO Group has reached the
point where thier lack of credibility should be chasing people away.
After the 'DDoS' attack at the end of last year, I attempted to cut through the
FUD layers to see if it was a user error or a software bug that caused it. I
couldn't get any direct answers, and finally they adopted the line of contact
the FBI for information. When I called the FBI's Salt Lake City office, the
agent I spoke to sounded as if she blurted out her coffee and laughed at the
idea that SCO Group had contacted them. I pressed that SCO Group had told me to
contact the FBI, and she laughed again and said that if there was an active
investigation she wouldn't be able to comment. She ended by suggesting I
contact SCO Group again, as she didn't know why they'd said to contact the
Bureau.
I followed this up with a phone call to the local police department. The chief
informed me that they weren't aware of any ongoing investigations, and no
special precautions had been made for the trial. The only unusual thing he
reported was a number of complaints about protesters, which were always gone by
the time a patrolman reached the SCO Group offices. He was very curious why I
was interested, as he'd had several inquiries from the United Kingdom as well (I
suspect the Register, but I didn't follow up).
I do have a letter somewhere between here and my Congressmen and Senators
offices to try to verify that as of the end of 2003 there was no active
investigations into the DDoS attacks SCO Group claimed. It became a moot point
because my employer had me retire the remaining *nixWare machines in January.
In the end, it seems that at the best SCO Group is guilty of a lack of response
to the law enforcement community about their 'problems'. At worst is entirely
subjective, but in every case continuing evidence that they play fast and lose
with the truth.
[ Reply to This | # ]
|
| |
| Authored by: Chris Cogdon on Monday, February 02 2004 @ 11:11 AM EST |
Have a look at the new sco website. The computer sitting on the desk is in fact
an Apple Macintosh iBook.
Yes, we all know this kind of gaffe crops up regularly in Microsoft advertising
copy, too, as they use stock photography rather than create their own. It's
still amusing to see it crop up in SCO advertising, too :)
[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Monday, February 02 2004 @ 11:13 AM EST |
http://www.sltrib.com/2004/Feb/02022004/utah/134908.asp
Pointing fingers: "We remain suspicious" of the open source community,
Stowell said. "And we are a little disappointed there haven't been leaders
within that community and the Linux industry who have not come out and more
publicly condemned this." [ Reply to This | # ]
|
| |
| Authored by: phrostie on Monday, February 02 2004 @ 11:29 AM EST |
i did not try very many, but did come up with one dead link.
the Linux Kernel Personality (Product & Services > UNIX > Linux Kernel
Personality) takes you to a dead page.
so it seems that not everything was moved to the new site.
---
=====
phrostie
Oh I have slipped the surly bonds of DOS
and danced the skies on Linux silvered wings.
http://www.freelists.org/webpage/cad-linux[ Reply to This | # ]
|
| |
| Authored by: bbaston on Monday, February 02 2004 @ 11:31 AM EST |
A client converting to Linux from Windows (:D) asked me an interesting question,
paraphrased as, "Do all these announcements mean SCO Unix can get
viruses?"
Point being, at least one business manager now has the impression that Unix is
under viri attack too. I'm sure Darl didn't even think of that spin against
himself!
---
Ben B
-------------
IMBW, IANAL2, IMHO, IAVO,
imaybewrong, iamnotalawyertoo, inmyhumbleopinion, iamveryold,[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Monday, February 02 2004 @ 11:40 AM EST |
On Google News I saw the following reference to an article
(which appears to be slashdotted ..?)
http://www.informationweek.com/story/showArticle.jhtml?articleID=17601394
I Quoth from Google News:
Information Week - 14 minutes ago
A variant of the virus has a cryptic message in which the author appears to
apologize for creating the infection. By Antone Gonsalves, TechWeb News. ...
Has anyone read this article?[ Reply to This | # ]
|
| |
| Authored by: jlp on Monday, February 02 2004 @ 11:41 AM EST |
Just before the last alledged DDoS I had been looking at the sco web site and
success stories.
I cached 10 of the best success stories I could find on their site (all
pertaining to Caldera Openlinux). After the DDoS those success stories
disappeared.
I have been checking periodically to see if they would come back, but they have
not.
One story dealt with sco placing openlinux on a bunch of used computers at a
software company could telecomute and work at home.
I just thought that it was interesting.
---
Argue for your limitations; And sure enough they are![ Reply to This | # ]
|
| |
| Authored by: TwinDX on Monday, February 02 2004 @ 11:56 AM EST |
I'm used to being corrected =) I am a C+ techy bod at best, no higher. I know
for a fact that the GET command wasn't visable in the editor so it must've been
obfuscated in some way. Maybe I was using a Greek font =)[ Reply to This | # ]
|
| |
| Authored by: TwinDX on Monday, February 02 2004 @ 12:01 PM EST |
Bah. I broke Geeklog. This should've been way up there as a reply to a followup
to my earlier post.
Sorry all.
Steve[ Reply to This | # ]
|
| |
| Authored by: rjamestaylor on Monday, February 02 2004 @ 12:16 PM EST |
I don't understand why SCO found it necessary to set up a "mirror" site with the
new domain name. A mirror is used to duplicate the contents of one web server on
another by different entities or for the purpose of load balancing. All SCO had
to do was rename *.12 (the IP Address of the www.sco.com server, IIRC) from
www.sco.com to www.thescogroup.com and the "attack" would have been effectively
thwarted. For good measure SCO could have moved the primary web server IP
address to something other than *.12 to compensate for stale DNS cacheing
(*cough*AT&T Worldnet*cough*). Making such a change (assuming relative
internal links on web pages) would require 2 changes: DNS Zonefile A
record Apache httpd.conf ServerName
(One could also change the
hostname if one was anal about such things.) Regardless, no content need be
copied, no "mirroring" required. Just change the name and maybe IP address of
the exact same server with the exact same content; maybe a note to explain the
name change, but hardly any other content change required.My suspicions are
further raised by reports of "missing" documents by regular visitors to sco.com.
Something stinks here. ---
SCO delenda est! Salt their fields! [ Reply to This | # ]
|
| |
| Authored by: TechnoCat on Monday, February 02 2004 @ 12:41 PM EST |
The SCO Group boldly condemns this latest
action
Oooh, they're going out on a limb there boldly
condemning the virus! Who, using their vernacular, has been meekly
condemning it? It's almost as if they have a list of adjectives and verbs they
want to use each month for quote purposes. Imagine later...
The
SCO Group was recognized in January for taking "bold" steps against viruses and
trojan horses. [ Reply to This | # ]
|
- Boldly? - Authored by: Anonymous on Monday, February 02 2004 @ 12:45 PM EST
- Boldly? - Authored by: sbungay on Monday, February 02 2004 @ 12:58 PM EST
- Baldly? - Authored by: Anonymous on Monday, February 02 2004 @ 04:33 PM EST
| |
| Authored by: rjamestaylor on Monday, February 02 2004 @ 12:52 PM EST |
Source
The SCO Group, Inc.
will use www.thescogroup.com as an alternate web site while www.sco.com remains
under a denial of service attack from machines infected with the My Doom worm,
the company said this morning. The URL is expected to serve as an interm site
for SCO through Feb. 12, when the DDoS is expected to conclude. "SCO has
developed layers of contingency plans to communicate with our valued customers,
resellers, developers, partners and shareholders," asid Jeff Carlon, the
company's director of worldwide IT infrastructure, who called the new domain
"the first step" in its planning.
sco.com actually resolves to the same ip
address as www.thescogroup.com.
% host sco.com
sco.com has address
216.250.128.21
% host www.thescogroup.com
www.thescogroup.com has address
216.250.128.21
%
Performance data on www.thescogroup.com is available now.
---
SCO delenda est! Salt their fields! [ Reply to This | # ]
|
| |
| Authored by: GrueMaster on Monday, February 02 2004 @ 12:54 PM EST |
| Bear with me here, but if you follow this obfuscated logic to conclusion, then
SCO does own a chunk of linux (however, the GPL will ultimately triumph).
If
SCO's claims of IBM's code is derived works from Unix (added to Unix & Linux
simultaniously by IBM), and SCO's licensing contract regarding derived works
does stand up, then, (in a round about way) all code added by IBM that
also is added to Unix (AIX) would in fact be owned by SCO. Kind
of like a writer publishing an article in a magazine. Some magazines claim
copyright of the writer's articles, even if the writer is freelance. It all
depends on the contracts (which is what the lawsuit is esentially
about).
But, as pointed out here and in multiple other sites now,
SCO actually contributed a lot of this code, either directly, or
from IBM through them.
Just trying to follow the logic behind the
madness.
GrueMaster
"Get your facts first, and then you can distort them
as much as you please."
Mark Twain (1835 - 1910) [ Reply to This | # ]
|
| |
| Authored by: lpletch on Monday, February 02 2004 @ 01:01 PM EST |
| Some news from everyones favorite Columnist/Anal yst
"You won't
hear of these firms by name because they are afraid that if they were to go
public, they would be attacked mercilessly by the Linux community. For these
companies, freedom of speech is now a distant memory denied to them by these
Linux thugs."
Rob
Enderle
---
lpletch@adelphia.net [ Reply to This | # ]
|
- OT --Everyones Favorite....? - Authored by: PJ on Monday, February 02 2004 @ 01:15 PM EST
- OT --Everyones Favorite....? - Authored by: knala on Monday, February 02 2004 @ 01:20 PM EST
- OT --Everyones Favorite....? - Authored by: Jude on Monday, February 02 2004 @ 01:22 PM EST
- OT --Everyones Favorite....? - Authored by: Tim Ransom on Monday, February 02 2004 @ 01:51 PM EST
- Use the corrections form! - Authored by: Anonymous on Monday, February 02 2004 @ 02:35 PM EST
- Robbie's getting hysterical -- a good sign - Authored by: Anonymous on Monday, February 02 2004 @ 03:08 PM EST
- Free speech? - Authored by: Anonymous on Monday, February 02 2004 @ 03:12 PM EST
- OT --Everyones Favorite....? - Authored by: meat straw on Monday, February 02 2004 @ 04:04 PM EST
- Enderle is good for Linux - Authored by: Anonymous on Monday, February 02 2004 @ 04:06 PM EST
- Quick laugh for everyone - Authored by: Turing_Machine on Monday, February 02 2004 @ 04:22 PM EST
- What does the discriminating *** rely on? - Authored by: rand on Monday, February 02 2004 @ 05:37 PM EST
| |
| Authored by: shareme on Monday, February 02 2004 @ 01:17 PM EST |
the obvious question for Darl and CSo is if MyDoom is DDOs the ip addreess of
sco.com, then oh why oh wisen truthfull Darl have you seen fit to take down the
site with ip address of caldera.com?
Could it be you are in fact lying about being DDosed by the virus?
---
Sharing and thinking is only a crime in those societies where freedom doesn't
exist.[ Reply to This | # ]
|
| |
| Authored by: Tim Ransom on Monday, February 02 2004 @ 01:18 PM EST |
into the lightbulb of discredited PR flacks continues
unabated.
Try and find the cached version on Google - maybe if technewsworld
stops getting hits from this clown, they will purchase their 'news' from a
different PR mill. [ Reply to This | # ]
|
| |
| Authored by: Anonymous on Monday, February 02 2004 @ 01:50 PM EST |
They managed to get themselves a front page story on the
London Evening Standard today.
http://www.thisislondon.co.uk/news/articles/8920595?source=Evening%20Standard
The Evening Standard are not known for their tech
coverage. They are more likely to cover problems with the
London Underground and rants about the congestion charge. [ Reply to This | # ]
|
| |
| Authored by: Anonymous on Monday, February 02 2004 @ 02:16 PM EST |
I noticed over the past month or two PJ, and Groklaw frequenters in general
getting out of hand with conspiracy theories. I think the biggest problem is a
good deal of the crowd here aren't programmers and network admins and frankly
don't understand the technical nature of what happens.
Many just
regurgitate what others have said. The fact is, even though I'm no fan of SCO,
they have plenty reason to have waited until the last minute to change to
www.thescogroup.com. You have to consider, no one knows if the address of the
web site could be changed dynamically (the address in the virus that is). The
virus does setup back doors on your computer, so it is a possibility. If
they had changed it over late last week, the virus could have been modified to
reflect the changes.
Also, the reason on waiting until Monday rather
than changing it Sunday night. SCO does not work holidays and weekends. We saw
that with the holidays in december (delaying the IBM case). Everyone has this
mapped out to be some SCO scheme. I see it as nothing more than incompetitence.
SCO and their network engineers aren't the smartest people. I don't
think they are capable of some massive conspiracy as many of you believe.
You guys need to leave your tin foil hats behind.[ Reply to This | # ]
|
- Groklaw and PJ getting a little out of hand.... - Authored by: Anonymous on Monday, February 02 2004 @ 02:30 PM EST
- No - Authored by: Nick on Monday, February 02 2004 @ 02:34 PM EST
- Anonymous Cowards should have IP addresses published - Authored by: rjamestaylor on Monday, February 02 2004 @ 02:56 PM EST
- Groklaw and PJ getting a little out of hand.... - Authored by: Jude on Monday, February 02 2004 @ 03:11 PM EST
- Groklaw and PJ getting a little out of hand.... - Authored by: blacklight on Monday, February 02 2004 @ 03:21 PM EST
- Thanks - Authored by: Anonymous on Monday, February 02 2004 @ 03:24 PM EST
- Groklaw and PJ getting a little out of hand.... - Authored by: PJ on Monday, February 02 2004 @ 03:32 PM EST
- I would be without a job... - Authored by: meat straw on Monday, February 02 2004 @ 03:59 PM EST
- ? You're serious aren't you ? - Authored by: cybervegan on Monday, February 02 2004 @ 04:21 PM EST
- Are you sure? - Authored by: RedBarchetta on Monday, February 02 2004 @ 04:54 PM EST
- Groklaw and PJ getting a little out of hand.... - Authored by: Whiplash on Monday, February 02 2004 @ 06:37 PM EST
- Please log in before posting this type of comment - Authored by: Ed Freesmeyer on Monday, February 02 2004 @ 07:27 PM EST
- Tin-foil hats and SCO incompetence - Authored by: Alastair on Monday, February 02 2004 @ 08:34 PM EST
- Daryl is YOUR conspiracy theorist: he says its those Linux people! See the irony! - Authored by: Anonymous on Tuesday, February 03 2004 @ 12:18 AM EST
| |
| Authored by: phrostie on Monday, February 02 2004 @ 02:32 PM EST |
[CnP] from linuxtoday
"Shares in Red Hat Inc. are seen as overvalued by some investors, as the
leading distributor of free Linux software faces a deep-pocketed rival,
according to an article in the latest edition of Barron's...
"Red Hat shares have quadrupled in the past year, and at $20, a level
reached two weeks ago, Red Hat shares trade for 105 times next fiscal year's
estimated earnings, and 'more than four times the most bullish estimate on the
total addressable market for its primary product three years out,' Barron's
said..."
http://www.boston.com/business/technology/articles/2004/02/01/red_hat_shares_see
n_overvalued__barrons/
so how can they claim that a company that has no marketable product and has run
off all it customers is worth 45USD, but a company that has good products and a
growing customer base is overvalued at 20USD.
---
=====
phrostie
Oh I have slipped the surly bonds of DOS
and danced the skies on Linux silvered wings.
http://www.freelists.org/webpage/cad-linux[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Monday, February 02 2004 @ 02:32 PM EST |
http://www.technewsworld.com/perl/story/32745.html
"Some Linux advocates are saying they would load this virus
"gladly" just so they could harm strangers who did nothing more than
work for SCO or run an OS they don't like. The words "civil liability"
come to mind, and this is one of the few instances in which I hope the legal
community sees blood in the water and does something meaningful with
class-action litigation. We are talking about billions of dollars in
damages."
Unbelieveble this Enderle-guy! And yeah "the legal community" should
do something against such a low attempt to link a community to
"terrorism" and other very bad stuff, just because a few underaged
kids (or depressed personalities) say some stupid stuff on messageboards.
By the way Sir Enderle, i'm not part of that community, i aim a full time
windows-user and still know the difference between right and wrong and you Sir
(and Sco) are very wrong and act both in a very bad and low way.
Sorry for my bad english! I'm Dutch![ Reply to This | # ]
|
| |
| Authored by: Anonymous on Monday, February 02 2004 @ 02:37 PM EST |
Some people complain about some misbehaviour with linux 'Zealots'. But if you
look at people like McBride , Elderele or other I think it is not to bad.[ Reply to This | # ]
|
| |
| Authored by: sjgibbs on Monday, February 02 2004 @ 02:39 PM EST |
Coverage of the MyDoom malware on ITV left alone the SCO contraversy and
covered Microsoft as if it were the bigger, or more newsworthy, problem. S.C.O
got a brief mention at the end, as well as an anonymous reference near the
beggining.
Where it mentioned the web site outage, I felt the peice
could have been worded more accurately ("failed to dogde"?) without getting
bogged down in politics, and describing SCOG as a "software company" is a bit
generous too ;-)
Overall though, I liked the piece, it was short and to
the point focussing on what users should do to avoid being gotten at.
As
we know SCO are grandstanding on this and deliberately allowing the site to
suffer for publicy. Unfortunately they have enjoyed some sucess at this, malware
normally does get TV time in the UK, but having SCO mentioned without the proper
qualifications is A Bad Thing (tm).
The equivalent article online
definately should have had an opposing expert giving an opinion, but Blake
Stowell's quote is interesting.
In other news the home office is considering draconian anti terror laws that
will endanger civil liberties. Ho hum...
SJG [ Reply to This | # ]
|
| |
| Authored by: pooky on Monday, February 02 2004 @ 02:43 PM EST |
I just love the new site, expecially the ALT text on the main graphic:
alt="SCO Keeps One Step Ahead of the Virus"
And the message delivered inthe graphic:
"An alternate Websitethat unites vendors to combat virus"
It's nice and slow to boot. If they were really serious about being one step
ahead of the virus, they would have had this already prestaged at an alternate
IP or preferably an alternate provider and it would have been on-line right
before the start of the attack.
-pooky
---
Veni, vidi, velcro.
"I came, I saw, I stuck around."
[ Reply to This | # ]
|
| |
| Authored by: k12linux on Monday, February 02 2004 @ 03:53 PM EST |
Come on guys... this was brilliant of SCO to handle things this way!
1 - various outages (regardless of fault) make them even more ravaged victims of
the linux horde
2 - damages continue to skyrocket as customers can not get to sections of SCO's
"emergency" site (never mind it hints at incompitence, or the fact
that nobody is likely to try to buy from them)
3 - No way to tell if the virus would have actually done any damage since the
attack won't actually go out now
4 - To any journalist who hasn't seen the latest press releases, www.sco.com
STILL appears to be down due to an attack.
---
- k12linux[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Monday, February 02 2004 @ 04:36 PM EST |
IANASA (Not A SysAdmin) but by simply changing the DNS name (but leaving
itpointing to the same IP address) doesn't that mean that any attack affecting
sco.com should affect thescogroup.com since the attacks would be hitting the
same machine (or load-balancer or whatever)? If that is the case, then why are
we seeing stable uptimes on thescogroup.com but failures on sco.com?
Also, since the netcraft results that I've seen seem to only report errors or
successes, what is keeping SCO from simply having their web server drop
connections periodically to convey the results of a DDOS? To rephrase, do we
actually have proof that hundreds of thousands of connection requests are
hitting sco.com or are we just seeing that the site is down and thus "must
be under attack"?[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Monday, February 02 2004 @ 04:39 PM EST |
I was wondering if anyone was going to try and record the broadcast of the
speech tonight - it might be useful for making a transcript. I realize thay have
these lectures archived on the website, but I dont know how long it will take
for them to make it available, or if it will be made available at all. (Notice
not all of the featured speakers are recorded for the archives.)
If anyone is interested, I will try and record it just to be safe, even if I
have to do a cheap digital camcorder job of my terminal.
If a recording isn't made available, you can reply to this post and I can see
about getting a copy for you so we can all review the lecture.
Mike A.[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Monday, February 02 2004 @ 05:05 PM EST |
Has anyone else noticed that the virus propagation seems to have died out today?
Was it set to quit spreading when the DDOS began? Checking ye ol' Symantec
system center consol, we don't seem to have received any contaminated e-mails
since early this AM.[ Reply to This | # ]
|
| |
| Authored by: k12linux on Monday, February 02 2004 @ 05:28 PM EST |
| I was curious (and a bit bored) so I decided to run a test. I have a copy of
Win2000 that lives in a vmWare session under Linux. It has no access to the
outside world (or my network) other than what I allow. It's also set up so I
can simply "undo" any changes. To me this seemed like a good testbed.
I set
up a fake DNS server and added records for www.sco.com and mail.sco.com. I
pointed mail.sco.com to a bogus mail server and pointed www.sco.com to a
temporary web server. I started up ethereal on my Linux box and started tcpdump
watching for any 'sco' traffic. Then I infected the system with
MyDoom.A.
It took a few seconds (looking at the hard drive and registry I
would guess) and then started doing name resolution. It looks to me that it
grabbed every string which even remotely could be a domain name including things
like "PUBLIC/ding.wav" and then started doing hostname lookups on variations of
the domain prefixing them with various machine names. (smtp., mx., gate., gt.,
gw., mx.gw., relay., mx1... to name a few.)
Oddly it tried to do a simple
host resolution instead of doing a mail server query. (ie: Instead of just
asking for the mail server for novell.com, it tried nx.novell.com,
mxs.novell.com, gate.novell.com, etc.) Also interesting (IMHO) was that it
seemed to try to resolve the names any way possible. It queried WINS, Novell
NDS, DNS, and even sent netbios broadcasts out on the network. I also thought
it was odd that it tried repeatedly to resolve the same unresolvable names...
literaly hundreds of times.
Step 2 - Set system timezone to GMT and time to
11:59pm on 2/1.
And.... nothing. It just kept trying to resolve host names.
After looking up the details on the worm, this shouldn't have been a surprise.
It wasn't scheduled to "attack" until Feb 2 at 4:09pm GMT. Doh!
Step 2 (2nd
try) - Set the system time to 4:08pm on Feb 2nd.
The clock struck 16:09pm
GMT and... again nothing new, and specifically no DNS query or http GET for
www.sco.com. Ok.. well.. maybe the virus only checks the time when it is first
loaded? So I rebooted. Nothing for www.sco.com.
Ok, I had expected to at
least see it attempt to pull a page from www.sco.com. But.. no... nothing. It
never even tried to resolve www.sco.com to an IP address. I even tried a bunch
of other dates/times and system reboots... nothing ever made it so much as query
for www.sco.com and nothing made a request to my web server.
If someone
can point out something that I'm missing or that I did wrong I'd be happy to
retest. Short of that, however, the whole SCO attack seems to be a non-event.
---
- k12linux [ Reply to This | # ]
|
| |
| Authored by: WhiteFang on Monday, February 02 2004 @ 05:54 PM EST |
I was refreshing the screen and saw this as the title:
SCO Sets Up Alternative Universe - Finally.
Must ... get ... sleep.[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Monday, February 02 2004 @ 06:11 PM EST |
Some list of news about MyDoom:
Most of the news site just report the fact that
SCO is attact.
SOme of the news site add some poletics and write some negative
things about the linux comunity.
PCWorld
and
Linuxworld.com.au
SCO believes the latest DDoS attack and several that
preceded it are the work of open-source advocates who have been critical of the
$3 billion legal fight against IBM and Linux that SCO launched last
March
EE
Times
Laura Didio:"The open-source and Linux community in 2004 is going
to have to distance themselves from the questionable tactics of this fringe
element of Linux extremists. If they don't, it's going to hurt them more than
SCO can."
I've been threatened and other analysts have been threatened,
as well," Enderle said
CBS<
br>
Proberly the best article so far...
Only mistaken said SCO is 'Santa Cruz
operation'
thecarol
inachannel
This is a news site wich only mention the attack. No anti
linux and no MCBride et al... There are many of them
NyTimes
Blake Stowell, the director for public relations at SCO, declined to
give details of those preparations, saying that his information technology
department "would hang me in effigy if I divulged what we had in place or didn't
have in place.
[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Monday, February 02 2004 @ 06:40 PM EST |
| I noticed in the BBC's article "Mydoom cripples US
firm's website" that they initially said SCO owned the UNIX operating
system.
I sent this email to the editor
Re. the MyDoom virus
attacking SCO's web site. In your article you say
that SCO owns the UNIX
operating system. This is not true. UNIX is a
standard, and SCO owns an
operating system that has been certified as
conforming to that standard. Other
companies like Sun, IBM, and HP all
have their own versions of UNIX. SCO want
people to think they own
UNIX
(which is a registered trademark of the Open
Group by the way) so that
they believe SCO have a chance in the case against
IBM and so buy SCO
shares, which currently have a value far above what they are
really
worth. This is a far more interesting story in my opinion. If you
watch
what's happening you'll see another Enron is in the making
with
SCO.
I got a reply from the BBC technology editor saying that
whilst the error was small and not likely to mean much to the lay reader, they
wished to be accurate and have ammended the story accordingly, which you can see
at the link above. The fix isn't entirely correct as the BBC now say SCO is the
company "which owns the source code of the Unix operating system" but at
least it shows they're willing to listen.
9 out of 10 this time for the BBC.[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Monday, February 02 2004 @ 06:48 PM EST |
i doubt that a respected member of the linux community or even a self
respecting
programmer would release a script kiddie to launch DoS. I for one am trying to
figure out where to download that MyDoom, but so far i could not find one. I
guess only the media and those security experts are the only ones who have
access to that virus, would you think thats a bit odd.
Due to this immense publicity, SCO and Microsoft have placed a bounty prize of
$250,000 to the author of the virus. But as you can all see SCO brought down
their site and change the DNS and everything to thescogroup.com. to me thats
one
of the most intelligent thing that the company has done however if they are
willing to put a bounty of 250000 bux for the author wouldnt they get more info
at the net traffic that MyDoom would cause on their site?
And now one of the media spin offs claims that the author apologizes for this
virus and the reason for him to do this is that he is getting paid. hah how
pathetic.
In addition to that some spinoffs claims that Microsoft server is next haha.
Damn those media whores.
Reading these new spin offs to the MyDoom virus makes me remember the the
microsoft counter-advertisements against linux a month ago. someone in my head
saying it is a plot to bring linux down.[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Monday, February 02 2004 @ 06:50 PM EST |
The www.sco.com DNS record has been deleted, sco.com points to the same place as
the new domain name:
~$ host www.sco.com
Host www.sco.com not found: 3(NXDOMAIN)
~$ host www.thescogroup.com
www.thescogroup.com has address 216.250.128.21
~$ host sco.com
sco.com has address 216.250.128.21[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Monday, February 02 2004 @ 07:01 PM EST |
| its just a matter of time to see if the hype lives up to its words [ Reply to This | # ]
|
| |
| Authored by: Anonymous on Monday, February 02 2004 @ 07:50 PM EST |
I wonder about the missing files.
It seems to me that, whether or not SCO orchestrated these attacks, I wonder if
they're not using them as excuses to retract information previously available
which might embarass them now? Perhaps that was the plan all along? (Then
again, it could just as well be a recent idea to capitalize on the situation;
something I must admit they've always been good at, even though I deplore many
of their actions, such as never showing any actual evidence, so far as we know,
even to the defendants...)[ Reply to This | # ]
|
| |
| Authored by: entre on Monday, February 02 2004 @ 07:56 PM EST |
Hollywood Cracks on Code: The DVD Copy Control Association has dropped its
3-year-old suit against several folks who published the source code of DeCSS,
which lets users bypass DVD copy protection. Presumably the group decided it was
hard to prove the defendants revealed trade secrets when anyone can buy the code
silk-screened on a T-shirt. Now I know how to end the SCO lawsuits: Put Unix
code on a really big shirt, then convince Ruben Studdard to wear it.
From an article by
ROBERT X. CRINGELY
Monday, February 2, 2004
Infoworld
[ Reply to This | # ]
|
| |
| Authored by: nhm on Monday, February 02 2004 @ 08:10 PM EST |
A couple of questions here, as I'm rather new to posting on groklaw, but long
time lurker! (Dang, that sounds like a call-in show.. Ask Prof. PJ... )
In anycase, my questions:
1) It seems that Darls inflaminitory press releases directed at Linux has
invited retribution. Now this retribution should in all honestly be limited to
contrasting press releases (and why has little of this happened?) Not DDoS
attacks. Not to mention the virtual egging on of IBM, Red Hat, and Novell. Why
have none of the three requested an injunction to prevent him from continuing
his tirads? I realize that he has a right to make his opinion, but I also
remember these two things called libel and slander... I further realize the
many people here (myself included) have many of them posted on the office wall
for when I need some humor in the day.
2) Has FSF and other Open Source organizations been fairly silent on the PR
releases or I am simply not finding much out side their websites and a few close
allies?
I honestly don't believe this attack is by a "normal" open source
supporter, as this obviously is the action of a "third party" such as
spammers (an almost certain conclusion given the evidence...
---
I'm old enough to know better, but young enough to still enjoy it.[ Reply to This | # ]
|
| |
| Authored by: KevinR on Monday, February 02 2004 @ 08:24 PM EST |
The Evening Echo, the local paper in South Essex - to the East of London, UK -
carried a short entry on its single National and World News page. So the
story is being pushed fairly high by the UK Wire Services - probably PA but
could be Reuters.
A COMPUTER virus that targeted a small Utah
software company performed as its perpatrators promised...
I was
especially fond of the word small. The words UNIX and Linux never
appear in the story. The main emphasis is before a similar virus...attack
Microsoft Corp.
The story got about 2 column inches.
[ Reply to This | # ]
|
| |
| Authored by: Alastair on Monday, February 02 2004 @ 08:51 PM EST |
Does anyone else find it amusing that the “Linux
community” is
being blamed for the development of a piece of
Windows
malware?
I'd bet good money that it was compiled with Microsoft's C
compiler (or
maybe it's even written in Visual Basic), which are tools that you
have to pay
(a lot) for. Many programmers are members of the “Linux
community” in the first instance because they can't afford (or don't
want to pay for) Microsoft's expensive software. I actually own some Microsoft
development tools (VB and Visual C++), but I prefer developing on UN*X
(actually these days, Mac OS X), so they don't see much use.
So:
- Many of us don't own the tools that were almost certainly used
to build
MyDoom.
- Those of us that do prefer spending time writing
software on UN*X
systems to working with Microsoft's OS.
- Those people
most able to claim membership of “the Linux
community” (Linus or
Alan Cox, for instance) would certainly rather spend their time
improving the FOSS programs for which they are
responsible.
Basically, writing MyDoom would be a waste of time
that could be better
spent doing other things, as well as, quite probably, a
waste of money. Unless
you were going to use it to send spam (which the Linux
community is active
against) or harvest credit card numbers, bank account
details and
passwords (again, the Linux community is law abiding, so wouldn't
do
this).
The Linux community isn't responsible for this. Some idiot in
Russia is,
by the sound of things. And I'd be surprised if he isn't running
Microsoft
software, not FOSS. [ Reply to This | # ]
|
| |
| Authored by: Alastair on Monday, February 02 2004 @ 09:14 PM EST |
It's also interesting that CNET is reporting
here
that many security
experts are making comments about how MyDoom
illustrates a need to improve the
security of corporate networks.
Given that it executes only when a user
is stupid enough to run it, I
would say that it illustrates a need to better
educate users, rather than trying
to coerce corporations into buying yet more
software that they probably don't
need. [ Reply to This | # ]
|
|
|
|
|
