Information Security News: Hackers cut off SCO Web site

[InfoSec News <isn () c4i org>]

Forwarded from: Sharif Torpis <faust () grift com>

http://news.com.com/2100-1002_3-5067743.html

By Martin LaMonica 
Staff Writer, CNET News.com
August 25, 2003

This weekend, a denial-of-service attack took down the Web site of The 
SCO Group, which is caught in an increasingly acrimonious row with the 
open-source community over the company's legal campaign against Linux. 

SCO's Web site was largely out of commission until Monday morning, a 
representative of the Lindon, Utah-based Unix and Linux seller said 
Monday. Performance measurement statistics from Netcraft indicated 
that the site had been down since Friday night. 

In a distributed denial-of-service (DDoS) attack, numerous computers 
simultaneously send so much data across a network that the targeted 
system slows to a crawl while trying to keep up with the traffic it's 
receiving. The SCO representative could not say where this weekend's 
strike originated. 

However, unofficial open-source spokesman Eric Raymond suggested in a 
posting Sunday to open-source news Web site NewsForge that the attack 
was launched by someone angry at comments from SCO executives 
criticizing the open-source community's role in the legal battles over 
Linux. 

SCO claims that IBM illegally inserted Unix code into its version of 
Linux and has sent letters to corporations, warning them that they may 
be violating copyright laws by using the Linux operating system. 

Raymond, president of the Open Source Initiative advocacy group, urged 
the hacker, if a member of the open-source community, to stop the 
attack, because it could do more harm than good. 

"We're the good guys. But that doesn't matter if we aren't *seen* to 
be the good guys," Raymond wrote in the Sunday posting. "We cannot 
fight our war using vandalism and trespass and the suppression of 
speech, or SCO will paint us as crackers and maybe win." 

In the posting, Raymond also made a reference to a planned 
counterattack by members of the open-source community against SCO to 
demonstrate the weakness of its legal case, but did not go into 
detail, saying "the element of surprise is part of it."

IBM shot back against SCO earlier this month with its own countersuit. 
Linux distributor Red Hat, too, has filed a suit against the company 
in an effort to clear itself from claims of copyright infringement. 

Amid the legal sparring, interactions between the open-source 
community and SCO have gotten worse. 

Last week, SCO displayed examples of the IBM source code that it says 
infringes on its intellectual property. The reaction from the 
open-source community was skeptical; open-source developer and 
advocate Bruce Perens called the examples "bogus." 

This weekend's attack follows a DDoS strike on the SCO Web site in 
May, in which an avalanche of data blocked access for several hours. 
Security experts on the Full Disclosure mailing list--a public forum 
for discussing software vulnerabilities--said last week that SCO's Web 
site appeared to be using older software that hadn't been patched with 
recent security updates. 

Kevin Finisterre, a security consultant with Secure Network Operations 
Software, said the company has had a bad history of dealing with 
security flaws. In the past, he has notified SCO of several issues 
that never were patched, he said. 

"They said they were going to take care of it," he said. "But as it 
stands today, it (SCO OpenServer) is still vulnerable." 

CNET News.com's Robert Lemos contributed to this report.


---
"Laugh while you can, monkeyboy." - Dr. Emilio Lizardo


-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.