CNN Misrepresenting etoy vs. etoys Battle? 200
J Hotch writes "Check out CNN's story:
eToys attacks show need for strong Web defenses.
Check out this frighteningly inaccurate description of the conflict:
"Online retailer eToys has taken legal steps to prevent a Swiss art group from using the domain name etoy.com."
This makes it sound like etoy.com was trying to muscle in on etoys.com. They don't mention that etoy.com was registered years before etoys.com was even a twinkle in some business-major's eye.
Unfortunately, they are just using the denial-of-service attacks on etoys.com as a springboard into a web security article. "
Yet they link to a better article... (Score:2)
Anybody have a CNN response address? (Score:1)
I just feel they should be sure and point out who is the original aggressor here. DoS attacks are NOT how you deal with this kind of issue, but it doesn't seem like Big Business is going to leave the little guy with any other choices.
Stupid People Strike Again.
Wha? (Score:2)
Of course it makes RTMark look bad, the way they are behaving is quite childish. They would do better to be raising money to help etoy.com's legal battle. Or informing the public about what is going on. What they are doing now is just going to hurt etoy.com and others in the same situation by raising hostility in the corporate world.
Inside Info (Score:1)
Re:Yet they link to a better article... (Score:1)
Since when (Score:1)
Monkey see, monkey do. Monkey hear, monkey say.
Let's just /. them (Score:3)
IP address (Score:2)
The group's Web site made available information, such as eToys' IP address, that would give attackers helpful ammunition to shoot eToys down.
Why do so many people not understand that IP addresses are not magic? Really, how hard is it to find the IP address that corresponds to etoys.com? If script kiddies can't figure it out, it's their ignorance.
Double standard? (Score:2)
Check out this frighteningly inaccurate description of the conflict
While you're at it, check out this story onHow to add more information (Score:3)
Please note: they screen each post for relevance, so no Mae Ling Mak Naked Drunk Petrified Spray Painted And Auctioned Off To Disney posts will get through.
The Kulturwehrmacht [onelist.com]
Slashdot misrepresents a CNN article (Score:1)
To be fair to CNN.. (Score:5)
Now, let the ranting begin:
1) The only time that I would ever advocate a DoS attack on a site is never. There is no reason to do so; sure, you might put it down for a while (etoys reported 98% instead of 100% reliability during the last few weeks), but if anything it could lead to worse things (see below). There are more effective ways to state your dislike for something.
2) CNN's not wrong; their article on the etoy/etoys things is truth. Just using a different set of words that seems to put etoys on the right side of the thing. Words are very powerful, but you can't blame CNN for misusing them.
3) I really don't like this idea of DoS attacks, especially in light of this article. Chain of events: All over e-commerce they read that a service can be put down because of DoS (they won't care why the DoS was initiated); Etoys says they have to use custom-built DoS prevention tricks to stop it; E-commerce security experts all up in arms on how to stop this; e-commerence management wonders how to easily stop it; e-commerce turns to US Government (using large bags of money) and asks them to stop it; US Government bans all TCPIP tools except port 80's. Ok, so the last one's going a bit far, but I don't doubt that this series of events can happen. Just as with the question of linking, overly long patent and trademarks, poor patents, and other junk, stuff like this only kills the net for anyone not involved in e-commerce, and even then, may take some lowend e-commerce sites down.
Moral of the story: PLEASE DONT BE A SCRIPT KIDDIE. :-P
WIRED (Score:1)
That wasn't the only dodgy part. (Score:2)
The slant was very much one of "etoys are innocent, anyone who says otherwise is guilty", regardless of any details such as facts.
Mind you, there is that old adage of "never let facts get in the way of a good story". CNN is usually one of the more reputable of a rather poor bunch, but this really doesn't reflect well on them.
So, what are you waiting for? (Score:2)
If they want to babble about crackers, fine, but they shouldn't be confusing two very different groups.
CNN feedback page (Score:1)
http://www.cnn.com/feedback/
Standard Fare for CNN (Score:1)
This looks very much as if they just sat down with eToys and wrote down everything that eToys said to write down. Further, RTMark [rtmark.com] doesn't really do much to make a case against eToys. (Though, to be fair, they may have tried, and CNN simply failed to insert that part.)
I guess this is symptomatic of the larger problem in media, in which nobody's willing to present a story with more than one side. The easiest side for CNN is to make eToys look like the good guys, and the evil hackers to be the bad guys.
I'm not sure that this can be turned around, at least not through CNN. Surely, though, we can get other news sources (Wired [wired.com], of course) to do fair coverage of this. But CNN is part of a large group of media outlets that just aren't going to be representing the interests of a small political-arts-action group when their opponent is a large e-commerce business that advertises on their networks.
Well, what did you expect? (Score:1)
But really, you would hope that someone still believe in *investigative* journalism.
I would not buy from etoys. (Score:1)
Obviously, I don't have all the facts (IANAL). However, from what I've learned from these articles, I won't purchase anything from etoys, and I will encourage others not to do so.
You do not have free license to be impolite just because you are a large company. A courteous exchange of links would have saved everyone a great deal of trouble.
Rediculous, and amusing.. (Score:2)
especially this part :
Using another method, an attacker can send malformed packets that give routers, firewalls or switches a kind of network indigestion.
Now.. I've had routers give ME indigestion, but never the other way around.. maybe someone has found some way to make them feel my pain!
//Phizzy
Their IP address is now public, God help us all (Score:2)
What sickos. Who knows what these loonies will do next.
Re:Wha? (Score:4)
That's the problem with freedom of speech (supporters? advocates? zealots?). Doing things like DoS against somebody's server just to "prove a point" will only hurt freedom more than help it, in the long run. We need "peaceful" protests -- not disruptive actions. Yes we have to fight for our freedom rights, but doing childish things like ping floods, etc., will only give a very bad image to people outside of our circle, and actually advance the cause of those who want to take away our freedom (they can point at us and say "look at this bunch of childish fanatics, don't listen to them.")
I guess this is a principle we should all learn: whether fighting for freedom of speech, advocating Linux, or whatever the noble cause may be. "Promoting" Linux by flaming MS doesn't do any good at all, as most of us know very well. Similarly, DoS'ing etoys.com just to "show them" we don't like their actions won't do much except confirm, in the minds of the unknowing, that we are just a bunch of fanatics that should be ignored. What we need is to protest in a non-disruptive way. If enough of us drop a (polite!) note to etoys.com or to a congressman or whoever's in the position to take action, or raise some legal funds, and take some other means of non-disruptive action against this trend, we might actually make an effect.
Remember, if we lower ourselves to the opponent's level, we lose. Unfortunately it only takes a small percentage of us to behave in a childish way and people jump to the conclusion we're all like that.
Right vs. Wrong (Score:5)
I recieved one of RTMark's e-mails; they clearly got my e-mail address off of /. because I responded to the earlier story [slashdot.org] about this. So, since I piped in with support of etoy (my post included simply options of other toy retailers to use, and my angle was that these other options are actually cheaper than eToys)
So, let's see... RTMark takes it upon themselves to harvest my e-mail address, send me Spam, and tries to enlist the spam's recipients to engage in an illegal DOS attack against eToys -- and they're the good guys?
The news article may not have been complete, (gee, Slashdot's never done that...) but they did get it right: this is an illegal attack that does nothing except make legitimate advocates for etoy look bad.
Over sensational article (Score:1)
Why run such a big article (it's at the top of their page with the main headlines) about "hackers" when all they've done is reduce the availability of the eToys' web site by a huge and crippling 2%!!!? These "hackers" have been fairly inaffective according to this article.
Bah!
c001, 17s 31337!! (Score:1)
Re:Let's just /. them (Score:1)
Corporate Spin Control (Score:2)
While the article is correct in what it does say, omitting important info about the case leaves people people with the implicit assumption that etoy, and by extension "art groups" and "Internet activists", are automatically untrustworthy.
What I wonder is whether CNN has some vested interest in seeing Etoys win (Do they receive advertising revenue? Do they own stock in the company?), or it could just be old fashioned promotion of the money-making-above-all-else doctrine.
Not responding to ping requests! (Score:1)
How does one even disable that? I didn't realize it was a controllable behavior.
If you want to castigate CNN.com (Score:1)
http://www.cnn.com/feedback/ [cnn.com]
Please, keep your letters calm, to the point, and refrain from exhibiting the lower reaches of your vocabulary.
Chas - The one, the only.
THANK GOD!!!
Re:Since when (Score:1)
Another thought - why would a small group - other than p0rn0 or 'e-squatters' - want a letter off address? I think eToys should be more sensative.
About the 98% - I truely wonder how this is derived? In seconds of downtime?
Those crazy hackers at RTMark... (Score:1)
Quick, somebody stop these guys...
I'm not particularly pro-DoS attacks, but given that the courts are incapable or unwilling to understand the dynamics of domain name disputes, it appears there's little recourse for etoy. eToys deserves everything they get.
Re:Oh no! They're using Linux! (Score:3)
No wonder they have such excellent availability!
not totally true... (Score:1)
<sarcasm> Thanks guys.</sarcasm>
etoy.com a bunch of script kiddies? (Score:4)
Not to mention they mention the "unix-based" Tribal Flood Network. As if they are trying to group anyone that uses a non-MS OS into the "script kiddie" catagory that trys to take down "legit" e-commerce sites like etoys.com.
Which makes me wonder if Ted Turner has some sort of interest in etoys.com. I've seen CNN spin the hell out of other stories that were against a Turner company. Turner uses CNN to promote all of his ideas. It's not called the Clinton News Netowrk for nothing.
Just my $.02, but NEVER rely on CNN when they put too much of a negative spin on one thing and positive spin on another in the same story. CNN projects it's financial and politcal ideas in it's "unbiased" stories more then any other news organization I've seen.
I know what really happened. Other news groups reported on what really happened. I take CNN at face value, so the story didn't really surprise me.
man... (Score:1)
Re:Double standard? (Score:1)
Ah the irony of it all... (Score:2)
Slashdot misrepresenting the misrepresentation? (Score:2)
I don't see any problem whatsoever.
Furthermore, nowhere in this article does it say anything about who is at fault in the etoys.com - etoy.com issue. So, it does not lay any foundation, whatsoever, that could be used for any misrepresentation of any kind.
With that in mind, it's easy to see that the poster is obviously reading way too much into this one sentence.
I fail to even see how this story even made it up on Slashdot.
What a big surprise (Score:1)
Well.. (Score:2)
a) Most sites can already go to their upstream providers and make such requests, which would have largely the same effect.
b) Despite filtering everything else, I, and many others, could, (and have, to varying degrees) written programs to send TCP fragments (e.g., SIN, FIN, RST) at excessive rates. Furthermore, these types of attacks are, in many ways, more potent than a trivial ping attack against a reasonably configured site.
Re:Not responding to ping requests! (Score:1)
Dive Gear [divingdeals.com]
s/SIN/SYN/g (Score:1)
Re:Let's just /. them (Score:3)
At it's peak, Slashdot would probably only add a few percentage points of volume to eToy's site. For your average, low-budget, low-availability server, this results in a temporary loss of responsiveness, AKA "Slashdot Effect."
For a redundant, possibly clustered dedicated site with fine-tuned web servers, this will have no perceivable impact at all.
CNN is a megaphone for etoys' propaganda (Score:1)
Tools? (Score:1)
Contacting the author (Score:3)
Please, no flames.
Ellen Messmer
Senior Editor, Enterprise Applications
emessmer@nww.com
(202) 879-6752
Fax: (202) 347-2365
Network World
1331 Pennsylvania Ave., Suite 505
Washington, DC 20004
Nonviolent Protest (Score:1)
Re:To be fair to CNN.. (Score:1)
Most of what you said about DOS attacks I agree with. Heck I'll agree to everything you said about DOS. But this:
>2) CNN's not wrong; their article on the > etoy/etoys things is truth. Just using a
> different set of words that seems to put etoys > on the right side of the thing. Words
> are very powerful, but you can't blame CNN for > misusing them.
I agree that different wording can and will change the appearance of who or what is in the wrong in any given situation. But I do blame CNN when they misuse words. Be it intentional or unintentional.
CNN is a news agency, the public expects them to present fair unbiased reporting on a wide variety of subjects. When CNN misuses words to take sides in an ongoing argument they abuse their power as the press. Because CNN is very infulential and has this power they must be carefull not to abuse it. It's basic good journalism.
However, this entire article was very "fluffly" IMHO. Very low S/N ratio and not aimed towards anyone with any kind of technical knowledge. Which IMHO makes it even more damaging in that it will infuence people who don't have enough background information to form their own fair beliefs.
Oh, well I guess I should just shut up and stick to my policy of disregarding anything even remotely technical that CNN tries to do.
etoy not the topic (Score:2)
The net result is that now a lot of people think etoy is some cyber-squatting (what an unfortunate term) semi-terrorist bunch of geeks. Many will never even know that it had anything to do with art.
Re:Let's just /. them (Score:1)
1st Law of Mass Media / How the Grinch Stole eToys (Score:3)
The 1st Law of Mass Media is "Give the people what they want." It appears CNN is doing exactly that... after all, it is Christmas, and (by the way, this has nothing to do with my opinion on the subject [I support eToy], just my perception of how CNN is handling it):
There may be other parallels, these were just readily apparent. Remember what ESR likes to talk about with regard to technology in the media: people only pay attention to tech stories with protagonists. In this case, they've got a protagonist (the Whos down at eToys) and a story that they more-or-less already know (or at least think they do)... what more could John Q. Public ask for?
This is my opinion and my opinion only. Incidentally, IANAL.
Re:To be fair to CNN.. (Score:2)
Thanks!
As you'll see from that article, it's originally from Network World, not CNN (hey, click on www.nwfusion.com/news/1999/1220eto ys.html [nwfusion.com] for both the article and our own links).
Our audience consists mainly of network managers at large companies, i.e., the kind of people who worry (or who should worry) about things like DoS attacks. If you keep reading the article, you'll see we used the etoys case as a hook on which to base a more general article on the issue.
-- Adam
Adam Gaffin
Online Editor, Network World
Anarchy (Score:2)
DoS attacks are the network equivalent to violence. They're intended to "wipe 'em out," as surely as a bullet to the head.
And put in those terms, it's downright scary. What we have are a bunch of self-righteous hoodlums who put their own *OPINION* of what's right and wrong well above the ability of others to continue to exist.
Yah, I'm using hyperbole. It's not really that extreme. No one is likely to die from this.
But the comparisons can be drawn, and perhaps indicate the biggest flaw with anarchic thought. Some right bastard is always gonna be more than willing to go to the extreme, rather than approach a solution from a non-violent direction.
Inneresting bit of thought, IMHO, anyway.
Hello Kettle... (Score:3)
newsbites and "reporting" (Score:1)
eCrap.com (Score:1)
The whole nature of the web is way too American. Far from being an international phenom, the web is just an extension of Americana. Not a bad thing, except when American biz interests start to clash with the rest of the world.
Attn: moderator - score as a 5, my karma needs an upgrade !!!
Re:Anarchy (Score:1)
And then there are the anarchists who seem to desire a violent overthrow of government. They're likely to be the 'right bastards' the others are concerned about...
Re:Wha? (Score:1)
Looks like it worked. I probably never would have heard about it if it wasn't posted here. How fqar do you think they would have gotten if they just issued a press release, or tried to get CNN to publish a clarification?
Stock Price (Score:2)
quote.yahoo.com/q?s=etys [yahoo.com]
Not surprising, just annoying (Score:3)
There are many, many things that annoyed me about this CNN article. Here's a short list:
1) They did not mention that etoy.com was registered two YEARS before eToys.com. The wording makes it sound like etoy.com was just playing off the popularity of eToys.com, which is not the case.
2) CRACKERS, not HACKERS! For crying out loud! How many times can they get this wrong? Isn't there something we could do to get these reporters a clue? crackers Crackers CRACKERS!
3) OK, so someone posted eToys.com's IP address on the web. Oh nooo, Mr. Bill! God FORBID anyone should do that! As we all know, nameservers don't do that kind of thing every day. IPs are not meant to be seen by the general public! All them thar numbers and dots, those could mean *anything*!
Oh, and as for those "proprietary" defenses being used by eToys: why am I not surprised that these people would take from the Open Source community and then not even be willing to disclose new (if they are new) ways of warding off attackers? Yeah, OK, I understand that this might make them more vulnerable, but then again.... well, we all know the good arguments for sharing information, so I won't rehash those.
All in all, it's no more than I expected from CNN - but I would like to see the bar raised on these types of "mainstream technical" articles.
Re:Wha? (Score:1)
Maybe the should go out a sacrifice a few babies...
Re:IP address (Score:1)
Name: etoys.com
Address: 204.71.184.182
Name: www.etoys.com
Address: 204.71.184.166
Gee that was hard!
-M
Re:To be fair to CNN.. (Score:2)
It would have been more representational to have provided a little more context on the issue. While I vehemently disagree with what the crackers and script kiddies are doing, this is clearly a problem which etoys.com brought upon themselves with their unwarrented attack on etoy.com . Network managers at large company, who should be worrying about such things, need to know the context lest they, or their legal departments, step into the same wasps' nests.
Re:Right vs. Wrong (Score:1)
What the News is All About (Score:4)
It exists to sell your eyeballs to advertisers.
The more eyeballs, the more dollars revenue.
Facts just scare the audience away.
Adopt this cynical (and realistic) understanding of the news media, and it'll serve you well.
Here you go - let them know (Score:2)
This is the address I used. The form is cramped, but I told them what was on my mind. Remember it's best to offer POLITE constructive criticism.
Contact the author? (Score:2)
Be polite, people - it IS possible to be firm but polite, and your recipient will be more likely to listen to you instead of tuning you out.
Re:Slashdot misrepresenting the misrepresentation? (Score:2)
The solution to this type of article is the same as the solution to _any_ sort of article like this - MORE REGULAR PEOPLE NEED TO BE INVOLVED!
The more "normal" people who contact x news agency, the greater the change in how x news agency will report the story. This is true of almost any news agency and almost any news story.
Re:Wha? (Score:2)
> (supporters? advocates? zealots?). Doing things
> like DoS against somebody's server just to
> "prove a point" will only hurt freedom more than
> help it, in the long run.
The problem is a very vocal minority can ruin
things for a silent majority. It happens all the
time.
Look at Seattle. A small group, perhaps of 15
people...certainly less than 1/2 of 1% of all the
people at the protest, were violent. They broke
store windows and did other violent things. This
made the entire body of protestors look bad.
Then again...some could argue that it may have
been a desired effect...there was an Anarchist
Doctrine at the turn of the century whereby places
would be bombed etc in an effort to make the
government over-react in response - the end result
being resentment towards the government response
(looked at in that light...it worked brilliently
for an excellent movie that adresses this...see
The Seige where Denzel Washington says "They Have
already won")
In any case...it is almost always a minority who
get noticed. In this case, since there is no
resonse from the other side really (other than
pointing out his childish antics) it makes the
whole of etoy supporters look like a bunch of
snotty kids.
Those who really advocate "Free Speach" would
recognize that etoys.com has a right to their
free speach and would attempt to speak louder
rather than annoy and silence them. (much the
reasoning behind the ACLU regularly defending the
Ku Klux Klan in court when they are not allowed by
cities to hold parades,...then turning around and
fighting for the rights of minorites in other
cases)
CNN doesn't write the content (Score:2)
Ellen Messmer
Senior Editor, Enterprise Applications
emessmer@nww.com
(202) 879-6752
Fax: (202) 347-2365
Network World
1331 Pennsylvania Ave., Suite 505
Washington, DC 20004
Personally, I find this to be typical sloppy trade rag journalism. I don't think IDG has an private agenda (like the microsoft loving ZDNET). They just slapped a story together and pushed it out without understanding all the background.
A good solution would be to educate Ms. Messmer is a calm, controlled manner, but somehow I don't see that happening with the
-Twid
Script kiddies - a national resource (Score:2)
There's another spin I want to put on this - and that is that these script kiddies are performing an invaluable job - exposing security holes without doing *too much* damage. What's worse - a defaced webpage (graffiti) or industrial espionage. Which method would you like to have done to your web server? I prefer the former - atleast I know when it happened, and it's easy to clean up.
Microsoft would never have released any security patches to SMB filesharing, or the SAM database "syskey" in SP6a or a plethora of other fixes if it wasn't for the pervasiveness of these "script kiddies". Conventional methods of writing to Microsoft failed - read any bugtraq posting about M$ and it'll go something like this: "I wrote to them a month ago and never heard anything, so I'm posting this really easy way to compromise any M$ OS to the public. Thanks Microsoft.
I'm reminded of a quote from Southpark: "Blame Canada! Blame Canada!" It's true, a hundred times over. We'll just shovel the blame around - it's the script kiddies fault (our root password was aadvark, but that's not OUR fault!) - it's the governments fault - it's Microsoft's fault... how about "It's your fault." They point the finger at the admin, the admin points the finger at the vendor, and all the user gets is the finger. Thank god for script kiddies - they crack security enough to get it fixed, and they have the intelligence of lobotomized flatworms - ie: they can't do much real damage. Look at it another way: if they really were a threat, don't you think the FBI would be more active in trying to catch them?
Pleeeeze? (Score:4)
I am usually not in favor of incitement to riots, but this position goes a bit too far the other way. Peaceful and non-disruptive protests make sense only when the imbalance of power between the two sides isn't too great. If your position on the totem pole is several feet below its bottom, then all the non-disruptive protests in the world aren't going to do you and your cause any good. At best you'll politely told to fuck off and not bother important gentlemen busy with their important matters.
The proper criterion for protest is not how disruptive it is, but rather how effective it is in achieving its aims. Sometimes the best way is to be very, very polite. Other times, being polite is useless but being obnoxious and irritating works wonders. It all depends.
I am not in favor of ping-flooding etoys' servers -- this attack is ineffective and is not likely to make etoys see the light. The management will just tell their tech people to fix it, and fix it they will, it's not hard at all. On the other hand, I am also not in favor of wringing one's hand lamenting the horrible state of affairs and writing whiny letters to congresscritters. If you want to do something, do something effective instead of pissing in the wind.
Kaa
That's because CNN is sensationalist (Score:2)
When is CNN going to do any actual reporting, rather than following up on press releases by contacting the obviously biased three letter agencies? Many stories I have seen where I knew some background, they have screwed up. There are exceptions, where adventurous reporters really mingled with the communities involved. But that's rare. I get to see CNN Headline News rehash what looks like government and sponsor approved spineless news.
Further, they have to sensationalize on any blood and guts violence and terrorist related thing and hype it up like the world is going to blow at midnight, December 31st.
Maybe some good old fashioned news reporting and none of their constant speculative biased editorials would be a welcome change. Why don't they pick up local news events from city television stations that are always interesting? Why do we have to watch them stir up the hornet's nest on breaking problems and take the side who has the biggest media relations staff? They keep on reporting on events like compost that doesn't quite yet have a chance of into anything fruitful while they take sides.
Is ETOY.COM secretly owned by ETOYS.COM? (Score:2)
I got to thinking - if I were a clever executive at etoys.com who wanted to pump up the publicity for the site, especially during the holiday season, what would be the most efficient resource to use for this purpose?
Then it hit me - What is the most potent energy source in the universe? Why, the unchecked ire of righteous net.rogues, of course! All that would be needed to harness such energy would be a minor slight, preferably one related to online freedoms.
A plan is thus hatched - create a decoy company, a "little guy". Abuse the decoy company by throwing around monetary weight. When the decoy goes down for the count, the net.rogues are sure to reach a hand into the ring for a tag, and come in blazing. The media being what it is, it won't be able to resist reporting on the scoundrels and whatever retalitory actions they take.
Result? My company comes out the hero, having been abused by those evil C^HHackers, and gets a ton of free press to boot, right around our most profitable time.
Or maybe not.
:)
stil
Re:Pleeeeze? (Score:3)
> disruptive it is, but rather how effective it is
> in achieving its aims.
Definitly agreed
> I am not in favor of ping-flooding etoys'
> servers -- this attack is ineffective
Again agreed. The proper way to protest is to
be disruptive. Be disruptive to their bottom line.
This is best done by getting the word out and
convincing people to vote with their dollars.
If you flood the server and make it impossible for
people to go there...thats just as bad as etoys
themselves. To be an effective protester you DO
have to be "Better than them".
They should fight this thing tooth and nail. They
need to get the attention of the media and get
positive press. Make the entire incident a PR
disaster for etoys, and don't stop until they
fold.
Re:Wha? (Score:2)
Re:Script kiddies - a national resource (Score:2)
A script kiddie is usually someone who has alot of time to waste (high school / college student), has limited knowledge of networking (ie: knows how to connect two boxes together, but probably not the difference between a switch and a router), and usually, but not always, has a self-esteem problem which they "resolve" by breaking into sites en masse.
Now that we're using the same terminology... script kiddies generally are not quiet - you can see them coming a mile away in your logs. If you're like me, you have your syslog piped right to a dedicated terminal sitting at your desk - I can see attacks in the first few seconds of the attempt. But for those that aren't as clued, someone picking through the digital rubble of a now-destroyed site can be a very educational (if sometimes expensive) lesson. Our random vandal just ratcheted up the priority security properly deserves for this sys/netadmin. Unfortunate, but some people learn no other way. Atleast in most cases the damage is a lost webpage or two which can often be restored from backup and a few damaged egos left in the wake.
Re: Let's just /. them (Score:2)
ETOY.COM is (and should be) alive (Score:2)
ETOY.COM was registered in 1995:
while ETOYS:COM was registered more than 2 years later:
ms
Re:Pleeeeze? (Score:2)
I do. I think you are confusing "violent" and "disruptive". Disruptive means that the targets of the process cannot carry on as if nothing is happening. Sit-ins, for example, are usually highly disruptive.
Both Gandhi and Martin Luther King understood the effectiveness of highly disruptive non-violent protests.
Kaa
Re:Script kiddies - a national resource (Score:2)
The thief's fault, dammit.
Let's not lose sight of that; no matter how stupid you are about security, whether it's with your car, your person, or your web site, somebody still has to do something actively *WRONG* here for there to be a true problem.
It's becoming very fashionable in this country to claim the victim bears the responsibility for the attack, but "she was asking for it, wearing that short skirt and using that old buggy web server without closing down the known holes" doesn't work as a defense.
In your example, the thief is still guilty of grand theft auto, and you *WILL* collect on your insurance if you push the matter toward court.
The moral of the story; stay out of other people's holes without permission.
Re:Pleeeeze? (Score:2)
No, I am not. The protests in Seatle (if their had been no violent minority) where disruptive. They were intending to prevent the meeting.
The March on Selma was just that a march. Gandhi's boycott of the textile and salt purification industries where boycotts, they did not prevent the companies from doing bussiness.
The month in review. (Score:2)
Action: Amazon sues B&N - courts act like ninnys
Response:Richard Stallman calls for an Amazon boycot.
Response: Amazon doesn't notice.
Action: WTO goes to Seattle - cops act like ninnys
Response: Techno-Hippies attempt DOS Sit-in
Response: WTO doesn't notice.
Action: EToys sues EToy. - courts act like ninnys
Response: RTMark attempts DOS attacks.
Response: EToys doesn't notice.
Are we seeing a pattern here?
Oops. I missed something
Response: Amazon, WTO, and EToys get great press coverage, the kind of coverage PR departments can't buy, and love every minute of it.
Response: A bunch of people get upset over hacker/cracker definations. (When you get your system raided by the Secret Service, let me know. [I, at least, got a cool T-Shirt.] Until then get off your high horse.)
Response: People get upset over biased reporting and report on that in a biased manner.
like this: (Score:3)
/sbin/ipchains -A input -i eth0 -p icmp --icmp-type ping -d 0.0.0.0/0 -j DENY
using -j DENY over -j REJECT means that the packet is just dropped by the kernel like it never existed. It means that a reply is never sent. It takes a lot less cpu time and bandwidth this way, as a reply packet does not have to be sent.
Re:Script kiddies - a national resource (Score:2)
Seriously though, I think you are oversimplifying. The same script kiddies hacking and replacing web pagses through a number of know exploits are also gaining remote root access for the purposes of local and remote password sniffing. Whether it be for their warez server or one of a number of boxes to launch DoS attacks, depends on the particular script kiddie.
Why are they still script kiddies? Because you can teach anyone with a basic amount of computer knowledge how to do these things in about 10 minutes.
What script kiddies do is illegal. Period. Likening them to the thief who breaks windows is valid. Just because you aren't in a corporeal world doesn't mean people aren't losing money or time. I should know, I get paid to do damage control as well as passing on important security information before (as to their services running as well as how to properly run a firewall et al).
You know where most corporate hacks originate? Inside the company.
Oh, and by the way, any kiddie with a couple of accounts on decent links can completely obliterate the httpd daemon on any host with a couple hundred thousand of spoofed syns a second (firewalls can't protect open services unless they dynamically and elegantly drop attacks such as this -- and even then are a mixed bag).
Take a ride over to EFNET (and some other) IRC networks some time. A large percentage of these dorks hang out there.
Bad news - protesting to CNN may not help. (Score:2)
It seems unlikely to me that CNN is going to place any news in such a way that it will make a sponsor look bad. Conversely, it will help insure that their sponsor is able to stay in business if they can denigrate the sponsor's opponents.
I am posting a politely critical E-mail to CNN, because the last thing that I'll permit anyone to say is that I don't try, but I think they may have already chosen their sides on this one.
Re:That wasn't the only dodgy part. (Score:2)
Then, there's the problem with over-generalising. The postman "associates voluntarily" with RTMark every time they deliver the phone bill or a birthday card. It doesn't take an Einstein to see that they're not "guilty by association" or any other such nonsense.
To say that someone is "guilty" is to make a very definite and somewhat condemning statement. When this is done without evidence or basis, it is prejudice. When action is taken on the basis of that prejudice, it is a hate crime - a random act of "retaliation" for something that exists only in the minds of those who are "retaliating".
Anyone who wishes to live in such an evil, hate-filled society is welcome to do so. Just live in someone else's neighborhood. Better yet, live in someone else's planet. I don't want it here.
Metaphor with seattle (Score:3)
Here is what I saw in Seattle, as a legal observer, a protestor, and a member of Food Not Bombs (a significant non-destructive Seattle anarchist group):
The "black bloc" who broke windows numbered at least 40-50. Not all of these people broke windows, but all were collaborating in this action. In terms of "provoking government over-reaction" - it may have been intended that way but the tear gas had been used at least an hour prior to the first broken window. (It's my belief that government overreaction, which despite the chaos on Tuesday really kicked in on Wednesday, was more a factor of Clinton's presence; the Secret Service's "if things go bad Wednesday, we have to have crushing superiority and readiness for ruthless tactics" philosophy became a self-fulfilling prophecy.)
The Etoy thing is not about provoking overreaction though. To my mind the more pertinent aspect of the metaphor is the black bloc's belief that their actions were necessary to get media coverage, and that even negative coverage served to spread their message. I'm sure that some script kiddies feel the same way. And when major media gets the story totally wrong, as in this case, it only fuels their attitude. "Their gonna twist the story anyway, at least this way they won't ignore it." IMO a counter-productive attitude, but certainly one I can sympathize with.
(Wouldn't it be nice if etoys sued CNN for indirectly encouraging the DoS attacks through their biased coverage?
Re:Script kiddies - a national resource (Score:2)
As far as mass media goes, anyone knowledgable in most topics they discuss can laugh knowing they are often presenting candy coated, biased, and misrepresented material.
CNN may have done this -- though you should remember that reporters all have different perspectives on a situation (as do the readers). But yes, I think defamation is wrong when material is misrepresented or deflected to those who did something stupid in name of a cause (think WTO protests).
Are they not Job security for you?
So? What, was I supposed to present a purely biased and flawed argument in my favor?
Re:Always factor in the biases of the reporter (Score:2)
The only accurate (and therefore worthwhile) news is news without an editorial bias. Anything else is a mix of opinion, speculation, manipulation, distorion and plain, old-fashioned FUD.
Sorry, but if I want FUD, I can always go to www.microsoft.com and do a search for their stuff on Linux. If I switch to a news station, it's because I want news. Real News. You know, the stuff that's actually happening. The stuff they're paid to report. I can find plenty of FUD on my own, I don't need it from the news services.
Re:Let's just /. them (Score:2)
This was not previously the case.
Not so sure I agree (Score:2)
They install IRC clonebots, "FludNets", BackOrifice, NetBus, r00tkits, and all other manner of crap.
You make it sound so harmless.
Re: Let's just /. them (Score:2)
No offense, but this isn't going to jack poo-poo to eToys. The majority of the shoppers of eToys are not the same people who care that eToys is suing Etoy. Whining, complaining, protesting, even attacking draws attention and while some methods are better than others (Stallman's boycott of Amazon vs. RTMark's [or whoever's] DoS'ing of eToys), attention to the issue is what is needed, not "Oh, I'm going to boycott." If you were RMS, that might carry some weight, but what is really needed is this discussion to be taken to someone like CNN so that rather than doing a report on DoS attacks, they do a report on what exactly the entire fiasco is all about and what it could possibly mean for 'Net law, 'Net activities, and the 'Net community.
I think the Slashdot Effect sometimes goes to people's heads. Slashdot is not as big and mighty as people claim it to be. It has the potential to influence far many more people than it actually does, though. As it is now (and I'm guilty of this, too, I might add), we're just debating amongst ourselves.
Re-read your history, please (pleeeze?) (Score:2)
Of course, the very best disruption, for any corporation, is a highly visible and effective boycott of their product(s). Surely, that's a no-brainer?
One more thing, while I'm on this subject: The Seattle WTO protests (complete with property-specific violence) were a great success, measured just about any way you like. Somehow nobody seems to ever explain that the 60's were a time of change in part just because there were so many different -- even divergent -- goals and strategies. So, some of us can boycott, some can be messing about with DoS, others can hire lawyers... that's what "do your own thing" meant.
Re:Let's just /. them (Score:3)
The DoS attacks against eToys coming from
Not all of the carriers on the European end of things have blocked traffic, but 80% of traffic, including HTTP, is going into a BGP4 black hole before it clogs the networks. With a little work I can get to eToys, but they are effectively shut out of Europe for now, and will stay that way until the end of the law suit against etoy.
I also can tell there are some tier 1 carriers in the US blocking traffic to eToys, so this DoS is having a wider effect than just a few ping floods and TFN. It is not just the 2% loss of business now, but a potential 50% or more. eToys actions in court are having an effect on ISPs, so ISPs consider their actions to be a type of attack on the internet, and are blocking their users from the evil eToys.
/.ers should remember to also write a letter to NSI, complaining about how the loss of etoy.com is hurting you personally, and how eToys are the new interloper causing havoc on the internet.
the AC
Don't wear blue jeans in italy (Score:2)
Moral of the story: Wear baggy clothes in italy.
These attacks are silly (Score:2)
Cheers,
Ben
Bad guy->Victiom->Good Guy / DoS->Shoot in foot (Score:2)
This in no way helps etoy.com... Many will now reguard them as a website willing to resort to vile tricks. Forget that etoy.com predates etoys by a few years. In launching a DoS attack on Etoys the supporters of etoy.com have hurt etoy.coms position.
Thanks to this there is little hope that etoy.com will ever hear the end of this (they will win in cort I'm pritty shure of that it's the larger cort of public opinion where they'll continue to do battle)
This isn't much more than techno chest thumpping and dose no one any good...
Don't do DoS, there's better ways.. (Score:2)
can't afford to not look at those mails..
//rdj
Re:Redirect www.etoys.com on DNS (Score:2)
//rdj