Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
It's funny.  Laugh. Caldera

Netcraft Jokes About SCO's Virus Fears 279

Elektroschock writes: "Through the media SCO Group sent the message that a virus writer that targets its website would be a Linux enthusiast. Netcraft has its own funny remarks in a dogfood article." Some of you might get a cackle out of the third solution.
This discussion has been archived. No new comments can be posted.

Netcraft Jokes About SCO's Virus Fears

Comments Filter:
  • Bombs away! (Score:5, Funny)

    by shystershep ( 643874 ) * <.moc.liamg. .ta. .drehpehsdb.> on Saturday January 31, 2004 @05:07PM (#8145929) Homepage Journal
    I for one welcome our new "previously unknown Linux Thought Leader" overlord!
  • ...and that makes me wonder if the editor only read that far. ;)

    "Entire set of infected Windows machines is reached and either comes up running Debian or crashes stone dead trying. No denial of service attack occurs. SCO sends licence fee demands to owners of all the previously infected windows machines. They happily pay up and SCO splits the proceeds with Slashdot readers."

    (And yes, I read the whole thing. ;) )
  • by Rosco P. Coltrane ( 209368 ) on Saturday January 31, 2004 @05:11PM (#8145966)
    Consequences: SCO Executives buy a small business shared hosting account at Yahoo, noting that it runs on FreeBSD, not Linux, and point www.sco.com at the new account.

    Makes sense, Unixware and FreeBSD have much in common, according to Netcraft. Can you guess what they have in common?
  • Hey now.... (Score:5, Informative)

    by BWJones ( 18351 ) * on Saturday January 31, 2004 @05:11PM (#8145969) Homepage Journal
    From the article: Spend Saturday soaking up the totally awesome graphics on the Stealth bomber flight simulators, and then obliterate most of Utah, sco.com name servers and all, on Sunday morning hours before the DDoS is due to hit Slashdot. SCO Execs still laughing themselves helpless about the /. Effect when the bomb hits.

    Hey now, not everybody in Utah is a SCO exec or a polygamyist. I suppose this is the toll that association takes however, even if that association is geographic as opposed to ideological, political or religious. Believe it or not, there are good things to come out of Utah, such as much of the technology responsible for computer graphics [utah.edu], some kickin' genetics research [utah.edu], some of the best skiing in the world [snowbird.com], good beer [squatters.com], and last but not least, is the home of computational molecular phenotyping [utah.edu]. :-)

    • They also have some of the best mountain biking in the world. You best not be nukin' that stuff.
      • They also have some of the best mountain biking in the world. You best not be nukin' that stuff.

        Very true. I suppose I could have included a link to Moab, but the whole state is covered with places to go mountain biking. Everything from stunning single track across the Wasatch range with unbelieveable mountain valley vistas to desert trecks through slickrock and high desert.

    • Re:Hey now.... (Score:5, Informative)

      by Rosco P. Coltrane ( 209368 ) on Saturday January 31, 2004 @05:29PM (#8146073)
      some kickin' genetics research [utah.edu]

      No wonder, they have a rather large population with a very coherent DNA to study there :-)

      (Yes, I'm half-joking, and no I'm not flaming. Utah folks are nice overall, but it's true that polygamy was practiced there up to 100 years ago mainly to populate Utah as quickly as possible from the small band of initial settlers. Those who've been to Utah know the proportion of white blond-haired blue-eyed people bearing the same last name there is quite staggering. Sweden looks cosmopolitan compared to Utah).
      • Re:Hey now.... (Score:3, Informative)

        by BillyBlaze ( 746775 )
        Seriously, though. According to the recent PBS special on DNA, a breast cancer predisposition gene was found largely thanks to very the complete family records that Mormons keep as a matter of faith.
      • Re:Hey now.... (Score:5, Interesting)

        by iantri ( 687643 ) <iantri.gmx@net> on Saturday January 31, 2004 @07:57PM (#8146848) Homepage
        Scientists have also found the same thing about Newfoundland (though they didn't practice polygamy, they are an island and didn't join Canada until 1949 so have a pretty bland gene pool)..

        It's population has been very helpful in researching genetic diseases (of which Newfoundland has a huge problem with, due to lack of variety in the gene pool).

      • Utah folks are nice overall, but it's true that polygamy was practiced there up to 100 years ago mainly to populate Utah as quickly as possible from the small band of initial settlers.

        This being slashdot and all, I'm surprised nobody has asked yet: What's wrong with polygamy? As long as everyone's a consenting adult, what's the problem?

        • This being slashdot and all, I'm surprised nobody has asked yet: What's wrong with polygamy? As long as everyone's a consenting adult, what's the problem?

          Whats wrong with polygamy? The same thing that is wrong with prostitution and drug use: Nothing. It just offers the government yet another method to control individuals by making activies illegal based upon the morality of a few, rather than because of any ill effects it has on society as a whole. I am still of the belief that if an activity does not
        • What's wrong with polygamy? As long as everyone's a consenting adult, what's the problem?

          It's blatantly sexist in previous incarnations. That's all. The idea that one man can have many wives, but any given woman can only have one husband. I realize there are biological reasons to justify it, but it's still wrong in that incarnation.

          Now, if you want to talk about Heinlein's ideas of marriage, I'm all for that. Many husbands, many wives. Sounds great! Too bad our country is populated by a bunch of je

          • Guess which type of marriage I've got
            based on your nick? hmmm... none? :-)

            disclaimer: this was a joke, not a personal attack. I don't know you, but, considering the forum, you deserved it, don't you think? :-)
            • Heh, no disclaimer needed. Go check out my website, I can take a joke. :)

              My wife actually thinks my nickname is childish. She's probably right. But that doesn't mean I'm going to change it, I like having a nick like this and a maxed out karma rating. It's a pleasant irony, I think.

      • polygamy was practiced there up to 100 years ago mainly to populate Utah as quickly as possible from the small band of initial settlers.


        AFAIK, the rate would still be limited to 1 child/(woman*year), while a *normal* man such as myself can have up to five children/day, limited only by the availability of women. Polygamy would be a solution for that only if the number of women in the state was larger than the number of men.

    • "some of the best [skimaps.com]skiing in the world..."

      Not [skimaps.com] even close, pal.

    • Thanks. Now I don't have to feel so bad about living here.

      Hey! While you're extolling the virtues of this place, why not enjoy a nice, cold refreshing Polygamy Porter [wasatchbeers.com]?
    • there are good things to come out of Utah, such as ...

      and remember cold [wikipedia.org] fusion [wired.com].
  • by GameGod0 ( 680382 ) on Saturday January 31, 2004 @05:12PM (#8145972)
    Maybe the person who wrote the virus is trying to tackle the real virus - SCO's lawsuits.

    Seriously, SCO's DOSing every Linux user's stress level...
  • by moehoward ( 668736 ) on Saturday January 31, 2004 @05:12PM (#8145975)

    If they posted a slashdot story for every joke made about SCO, well, something!!

    Anyway, I'll submit my 50 SCO jokes as stories. I didn't know there was such a shortage.
  • by digitalvengeance ( 722523 ) * on Saturday January 31, 2004 @05:12PM (#8145977)
    From the article: "SCO Execs point www.sco.com at the loopback address 127.0.0.1, end lawsuits, dismiss lawyers, and invest remaining corporate cash reserves in call options in Dell & Microsoft stock."

    Since when do SCO and Verisign share corporate strategy for "net presence management?" Now that's synergy in action!
  • by sbennett ( 448295 ) <<gro.ootneg> <ta> <bps>> on Saturday January 31, 2004 @05:16PM (#8145999)
    Looking at their uptime stats [netcraft.com], a DDoS wouldn't really make much difference.
  • by Anonymous Coward on Saturday January 31, 2004 @05:21PM (#8146026)
    Why not just put multiple A records on the sco domain, as to spread the load across multiple servers. Besides, there will be enough traffic to take down many, many sites. Here's a short list, in order of importance...

    kernel.org (and its mirrors)
    groklaw.net
    ibm.com
    redhat.com
    suse.c om
    novell.com
    sourceforge.net
    slashdot.org
    lin ux.com
    apple.com
    sco.org (When we're finished, we'll be all you can see)
  • by Anonymous Coward on Saturday January 31, 2004 @05:22PM (#8146028)
    I thought Netcraft kept tabs on what webservers were used on the Internet? But now they are a news site taking sides in the SCO vs Linux argument?

    What happened?
    • The document you're looking for is here [netcraft.com]. But they're people too, and so they have an opinion of their own. Now they felt like letting the rest of the net know what their opinion on this matter is.
      • so they have an opinion of their own

        Agreed, but in reading this dogfood I thought it negatively affected their credibility on other issues, diluted the seriousness of their work a little.

        At least SCO is saving money on Network and Server management; Netcraft does it for them remotely, for free.
    • What happened?

      SCO pissed off most of the free world.

      Their wiffle score is so low that automatic doors would stop working for them in the Bitchen Society.

    • No. They didn't take sides in the SCO vs. Linux debate, per se.

      They poked fun at SCO executives (read Darl) response to the virus, their business record and their historical inability to handle a high traffic load.

      Along the way they made copious fun of the Linux community, Slashdot, Hemos, Microsoft, Windows users, et al.

      And it was funny.

      KFG
  • by Freston Youseff ( 628628 ) on Saturday January 31, 2004 @05:23PM (#8146037) Homepage Journal
    Fact: *Santa Cruz Operations is dying.
  • by jazzmanjac ( 92458 ) on Saturday January 31, 2004 @05:24PM (#8146039)
    By looking at the Netcraft Sco Uptime chart [netcraft.com] it doesn't seem that uptime on their website is a priority. Who goes to sco.com anyway, except for us nerds on a link from slashdot? I imagine most support is done via telephone, as is the case with most other operating systems.

    The whole front page of SCO's website is dedictated to the virus. If you were running SCO you wouldn't have this problem, so why is it freatured on their website? Probably just fodder for the next lawsuit is my guess.

    J.

  • Congratulations Mike (Score:5, Informative)

    by arivanov ( 12034 ) on Saturday January 31, 2004 @05:24PM (#8146043) Homepage
    Congratulations to Mike Peterjohn.

    Who in btw is a founder and one of the Netcraft executives. So dunno about the dogfood. I wish other company CTOs could post dogfood like that.

  • by Space cowboy ( 13680 ) on Saturday January 31, 2004 @05:26PM (#8146057) Journal
    ... the entire world starts to DDOS you, to see if an expected DDOS is taking place yet [huge grin :-] ... A company that monitors uptime starts a deathwatch on your site ... That same company publically ridicules you on their homepage :-)

    Simon
  • by marsu_k ( 701360 ) on Saturday January 31, 2004 @05:28PM (#8146065)
    PING www.sco.com (216.250.128.12) 56(84) bytes of data.
    --- www.sco.com ping statistics ---
    34 packets transmitted, 0 received, 100% packet loss, time 33048ms
    • Just a few hours ago I got 127.0.0.1 when trying to lookup sco.com. Im not sure it wasn't just my dns server acting all funny, but I actually thought that is was their solution.
      • That's funny, I just got to the sco.com website, which has been down a lot over the last few days. I must be using a cached DNS entry, but their page actually came up and across the top in big letters there is an advisory to "Protect yourself from MyDoom virus" along with tips like not opening random email attachments, etc. They're making it look like they actually care about keeping their site up.
    • um, ok solution 2 - take www.sco.com out of DNS, right? but your ping returned an IP address. and it proves nothing except the fact that their server does not respond to ICMP echoes, which is a common practice. Starting nmap 3.45 ( http://www.insecure.org/nmap/ ) at 2004-01-31 21:57 GMT Interesting ports on www.sco.com (216.250.128.12): PORT STATE SERVICE 7/tcp filtered echo 80/tcp open http Nmap run completed -- 1 IP address (1 host up) scanned in 13.062 seconds
    • No, it looks like Feb 1st has arrived. At least it has in Australia, New Zealand and many places close to the international date line...
  • by GMan00 ( 747881 ) <`george' `at' `nycbug.org'> on Saturday January 31, 2004 @05:39PM (#8146130) Homepage
    At LWE, while tabling for NYC *BSD User Group [nycbug.org], someone from SCO approached me.

    I asked him his thoughts about SCO's foolish crusade, and he said, "Hey, we would have been out of business in December if they didn't."

    So I guess Solution Number 1 may be plausible for fiscal reasons also.

    • > Hey, we would have been out of business in December if they didn't.

      --Somebody remind me - this would be a "bad" thing HOW?

      Which is Better:

      o To die quietly and (somewhat) dignified, shutting the doors and hoping that perhaps someone, someday, might remember your contributions from the past with fondness**

      o Or have your reputation and credibility **completely and irreparably** trashed, while pissing on everyone associated with Linux -- and LOUDLY pursuing a false and damaging crusade -- for the sake
  • by Basehart ( 633304 ) on Saturday January 31, 2004 @05:40PM (#8146135)
    Hopefully people who use Linux won't be denegrated as mere Fans, Fanatics or Enthusiasts for too much longer, as Macintosh users have been for years, now that the big boys are putting out ads backing the "OS that could".

    This morning I saw my first Linux ad on TV, sponsored by IBM. The theme, a young child showing up all over the World and a voiceover saying something to the effect of "the child is growing up".

    The combination of ads promoting Linux, and the $250,00 bounties offered by those who would prefer it dead and buried, just might finally be opening the public's eyes to what's going on in Lindon and Redmond these days!
  • by CdBee ( 742846 ) on Saturday January 31, 2004 @05:41PM (#8146139)
    Search for: Liars And Thieves *** Sorry, but search returned no results. Try to compose less restrictive search query or check spelling. *** Obviously their search engine is already DDOS'd
  • by Eberlin ( 570874 ) on Saturday January 31, 2004 @05:41PM (#8146143) Homepage
    Linux geeks reveal that they've secretly controlled satellites in order to build a "Death Star" out of existing space debris. (you think the hubble is busted? Ha! We just borrowed some parts 'cause we needed some lenses and a gyroscope).

    This "Death Star" goes Independence Day on SCO Land with pinpoint accuracy -- McBride castrated before being zapped like an ant under a magnifying lens.

    Sir Gates and the Knights of the Old Republicans wage war against Geekdom because of this weapon of mass destruction. They device a plan to send a Mac to the death star in order to introduce a virus.

    Upon pitching the idea to Steve Jobs, the poor man laughs himself to death, leaving Gates and Ballmer (in their Matrix outfits) to have their tablet PC plugged into the Linux-powered "Laser" via Samba.

    The XP Tablet-PC edition spreads like a cancer through the ext3 filesystem resulting in many "I Told You So" comments by Reiser.

    Linus, finally sick of all these events, sheds his impartial nature and embraces his dark side. Finally teaches everything he knows to that bleach-blonde IBM Commercial kid and dubs him Darth Tux. Geeks around the world cede their control of the Death Star to Darth Tux, who shoots down both Washingtons and proceeds to carve his face onto Mt. Rushmore.

    Darth Tux declared supreme leader, quoted as saying "Choice is good...as long as you choose Linux" Proceeds to create his own distro -- Slim Shady Linux.

    Geeks install distro, wave their hands skyward in apathy, and enjoy the new era of computing.
  • I like #5... (Score:2, Informative)

    by Ann Elk ( 668880 )
    ...reminds me of the old "ICMP REDIRECT to 127.0.0.1" trick.
    • Would it actually work, though? Can you set 127.0.0.1 as a host in the DNS, and do windows machines recognize it as localhost?

      It would be really funny if they did that, though ;)
  • by MavEtJu ( 241979 ) <slashdot@nOspAM.mavetju.org> on Saturday January 31, 2004 @05:45PM (#8146157) Homepage
    Fascinating that they (=Netcraft) think that Slashdot is doing more damage to SCO than what Groklaw did.
  • by cperciva ( 102828 ) on Saturday January 31, 2004 @05:49PM (#8146182) Homepage
    As I pointed out on freebsd-chat [google.com] (google link since the FreeBSD archives are broken right now), this DDoS attack could be handled relatively easily.

    The attacking machines are easily recognizable: They issue distinctive[ly minimalist] HTTP requests. It is therefore easy to build a list of "evil" source IP addresses.

    Given these IP addresses, all you have to do is filter those packets and send them to a LaBrea tarpit. Each connection hangs indefinitely at a very low packet rate: If I did my arithmetic right, the expected half a million machines would only require 85 Mbps of bandwidth.

    Now, that's hardly a trivial amount, but it shouldn't be too hard for a company SCO's size to buy that sort of capacity. Defending against this attack might cost $100K, but that's still less than the $250K they've already offered as a bounty for catching the worm author.
    • Hey, I like this plan, at the same time hand that list over to the RBL's of the world, I'd like a copy for my own list, this would effectively stop spam from this viru run.

      I say this as I've noted an increase in the days since MyDoom of my incoming spam levels, all of them have similarities so I imagine it is one or two outfits using this trojan network, chances are they are the same ones creating the viruses too.

      I think the SCO/Linux thing is just to sidetrack us while they continue to use the trojan net
    • by anticypher ( 48312 ) <anticypher@gma[ ]com ['il.' in gap]> on Saturday January 31, 2004 @07:27PM (#8146713) Homepage
      The original version of the worm had a bug that didn't perform any DDoS of SCO. After having bugs in the code pointed out to them by the ever willing Open Source Community and the Security Research Community, the authors of the worm have helpfully provided several updates that do actually perform the DDoS against both SCO and M$.

      Apparently, the code does not perform a complete TCP handshake before trying again. It doesn't wait around for the first TCP SYN+ACK packet, it sends a TCP SYN packet every second. If, by chance, the SCO address responds with a SYN+ACK packet, then the worm sends the initial GET / HTTP/1.1\r\nHost: www.sco.com\r\n\r\n. Its difficult to tell from the decompiles if it even bothers to close the connection, or just abndons the local TCP stack to deal with closing the connection at some later time. In an internet simulator testbed, not providing SYN+ACK packets back to a worm infected microsoft machine, the TCP stack stops sending unbalanced SYN packets after 63 attempts. As a friend helpfully pointed out, you can increase this number by changing a registry setting in windoze.

      I personally don't think the current management of SCO cares about their website, they certainly don't have any revenue producing features that need to be maintained. Most SCO clients rarely go to the SCO site for anything, since most maintenance is done by intermediaries like IBM Services Group, which have their own internal distribution of support and patches.

      the AC
  • by kirun ( 658684 ) on Saturday January 31, 2004 @05:53PM (#8146210) Homepage Journal
    http://www.sco.com/mydoom/

    What long-term steps should I take to protect against future viruses? ...

    3. Do not download any documents or programs from any Website that you do not know to be reputable

    This is just their way of stopping people finding what GPL stuff they're still giving away, isn't it?

  • by DF5JT ( 589002 ) <slashdot@bloatware.de> on Saturday January 31, 2004 @06:04PM (#8146263) Homepage
    This just in:

    "D'Aloisio Marc observed some things about the DoS attack, and raised some preliminary questions:

    -----
    Has anyone seen the DOS against SCO actually happen?

    I have the new critter in a test environment where we conducted a
    preliminary and rudimentary functionality and threat analysis and the
    only activity I can get it to perform related to www.sco.com is to
    resolve the name. In fact, it seems very unhappy if it cannot resolve
    www.sco.com. Once it can, it happily scans local files for anything
    that can be construed (very loosely) as a domain and tries to resolve
    mail servers based on these. In fact, right now it's trying to resolve
    'mx.makewin.rsp'. "Makewin.rsp' is a file referenced in the help files
    of my DigitalMars C++ compiler on a test machine, so it's not a very
    smart worm. The worm also seems to like to increment the third octet of
    the host IP by one and syn to port 25 of that address over and over and
    over... I have played with the date, etc, but still no activity directed
    toward www.sco.com. It did die after 12 February, but gladly
    resurrected when the date was set back prior to that. "

    From: http://www.math.org.il/newworm-digest1.txt
    • If it's a bug in the code, it serves the authors right for not making it open source. A patch would have been posted within hours!

      But seriously, if the DDoS code doesn't work, then it really sounds like that part is a secondary red-herring that was either never properly tested, or it was deliberately left non-functional. Either way, that would mean the proxy/backdoor function is the primary purpose--which might tend to point to spammers and their Igor and Renfrew hirelings.

      • Apparently the DDoS happened [reuters.com], sco.com is down, and Darl didn't just trip over the cord. Interesting that the effort to make it DDoS in captivity failed. Perhaps it was just shy?

        So. Maybe the DDoS is the primary purpose of this? MyDoom.B is ready to hit microsoft.com on Tuesday.

  • Darl soon at CNN (Score:3, Informative)

    by G3ckoG33k ( 647276 ) on Saturday January 31, 2004 @06:12PM (#8146296)
    He-he. Just kidding.

    Hey, wait?! WTF? What's this [cnn.com]? OMFG! ICBIFT...
  • by Scorpion_1169 ( 609426 ) on Saturday January 31, 2004 @06:15PM (#8146317) Homepage
    Solution 3 recommends redirecting the traffic to 'somone you don't like.' I'm not sure whether I should admit to this but I think you all will find it interesting.

    On Tursday afternoon somone began trying to hack into an MS SQL Server that my company runs. They weren't able to get in, but their brute force method of attemting to access the 'sa' account estentially caused a DoS on the application. We got the guys IP address but his ISP doesn't seem very interested in helping out.

    It just so happens that we KNOW that a number of users inside our network have contracted MyDOOM. It also just so happens that we have our own internal DNS servers. Jokingly, we mentioned to our Network Admin that he should redirect all the SCO traffic to this IP. You could see a little glimmer in his eye at the suggestion and he paused for a moment and said that was a very interesting idea and that he might just do that...

    Anyway, glad to see that we're not the only ones with the idea.
  • 1) be tqarget of DDoS
    2) spoof story on netcraft
    3) ???
    4) profit.
  • Maybe IBM should offer to trade good network support for the company itself.
  • WTF (Score:2, Flamebait)

    by mabu ( 178417 )
    I submitted this story the other day and it was rejected -- what's with you people? One of your moderators has a real itchy trigger finger.
  • ...link so SCO again? This is getting fishy :)
  • Of course... (Score:4, Insightful)

    by Jugalator ( 259273 ) on Saturday January 31, 2004 @10:14PM (#8147622) Journal
    Through the media SCO Group sent the message that a virus writer that targets its website would be a Linux enthusiast.

    Because the SCO Group has Linux as their target, sinking to lower levels for each attack they do, why should it be news or strange that some Linux user would do so as well? SCO has chosen to fight a dirty battle.
  • by merc ( 115854 ) <slashdot@upt.org> on Sunday February 01, 2004 @12:17AM (#8148317) Homepage

    Solution 2: Take www.sco.com out of the DNS.


    Consequences: Everyone has a quiet weekend. SCO Execs drink Budweiser and watch the Superbowl. Global media considers that the virus author "has won". Anti-virus company Execs do not return journalists' calls on "What was all that fuss?"



    The SCO execs are all Mormon I thought, they'll have to settle for a dixie cup of lemonade, that is if they're not at church.
  • VERY slow page loads now. Remember that it is already Sunday on the other side of the International Date Line.

    -Ben
  • ...and all the infected machines blew themselves out of existence.

    I like the sound of that: millions of windows boxes simultaneously commit suicide. 8)

    Cheers
    Stor
  • On Febuary 1st, at midnight, mydoom started DDoSing sco.com

    At that very time, my ISP (one of the largest in the Midwest US) also increased the upload cap from 128kbit to 256kbit - an upgrade plan that was in the works for a couple weeks (at least) prior to the mydoom worm.

    Furthermore, my ISP happens to be a huge fan [netcraft.com] of a certain freedom-supporting OS. [debian.org]

The two most common things in the Universe are hydrogen and stupidity. -- Harlan Ellison

Working...