 |
|
DAILY NEWS AND INFORMATION
FOR THE GLOBAL GRID COMMUNITY / SEPTEMBER 1, 2003; VOL. 2 NO. 35
|
Breaking News -
Security:
'Denial Of Service' Attack Leaves
SCO Web Site Inaccessible
In addition to its federal court litigation over rights to the freely-
distributed Linux operating system, Utah's SCO Group is now also being
targeted by cyberspace guerillas.
Following a "denial of service" (DoS) strike -- where a targeted network is
inaccessible due to a flood of useless traffic -- the Lindon-based software
company's Web site, www.sco.com, was
knocked off the
Internet
Friday
and stayed down through Monday morning.
SCO, which is involved in a $50 billion lawsuit and subsequent countersuit
with IBM and leading Linux distributor Red Hat Inc., faulted hackers in the
so-called "open source" community for the DoS attack.
Leaders in the loose knit network of Linux programmers and others
supporting
free software initially scoffed at the claim. By late Monday, though, at least
one leading figure acknowledged that indeed "one of us" appeared to have been
the case.
Eric Raymond, president of the Open Source Initiative, called the attack
"rather sophisticated" and said he was convinced it had been launched "by an
experienced Internet engineer."
SCO spokesman Blake Stowell said the latest attack -- similar to a less-
effective DoS attempt lasting just hours in May -- had been referred to the
FBI for investigation. Calls seeking confirmation had not been returned by FBI
spokesman George Dougherty by late Monday.
From late Friday night until around noon Monday, "no one outside of SCO
itself
could access our Web site," Stowell said, adding that the company was trying
to find the perpetrator.
"Whether you agree with us [on SCO's Unix-Linux claims] or not, you still
need
to abide by the law," he said.
While SCO's Web site may have been down, the company's stock rose nearly 10
percent Monday. Shares closed at $14.85, up $1.30 from Friday's trading on the
Nasdaq Stock Market.
Raymond, who published his findings on the Linux Today Web site, said the
unidentified perpetrator had agreed to halt the attack, at Raymond's request.
SCO's Web site was operating again by Monday afternoon.
"I had been hoping, and actually expecting, that the attacker would turn
out
to be some adolescent cracker with no real connection to the open-source
community," Raymond stated. But "I was told enough about his background and
how he did it to be pretty sure he is one of us -- and I am ashamed for all of
us."
Raymond said he understood the hacker's "provocation was extreme,"
referring
to SCO's claims to outright ownership of the Unix OS, and by extension,
licensing rights to Linux, which SCO claims contains purloined Unix code.
Nonetheless, the open-source guru insisted, "This attack was wrong, and it
was
dangerous to our goals."
Another open-source luminary, Berkeley, Calif.-based Linux developer Bruce
Perens, also condemned the attack -- but not without taking a swing at
SCO.
"If anyone told me that they were doing that, I would have said, 'Stop
that,
you a------. What are we trying to show?' " Perens said. "We in the open-
source community are law-abiding citizens; it is the other side that is
attempting to commit copyright piracy."
The denial of service incident overshadowed another development in the SCO-
Linux arena -- a stand taken by Linux developer MontaVista Software against
SCO's offer of $699 Linux licenses.
In a statement posted on its Web site, Sunnyvale, Calif.-based MontaVista
dismissed SCO's claims to Linux licensing rights "has no real merit."
"While SCO's actions may present a visible, short-term annoyance, we
believe
the risk of any outcome adverse to Linux is very low and is nothing compared
to the risk you face by staying with outmoded and proprietary embedded
platform software," MontaVista said.
Stowell said MontaVista's statement was a surprise. Not only has SCO made
no
demands on the company for Linux-related payments, but MontaVista's
applications -- aimed at cell phones, personal digital assistants and other
consumer electronic devices -- are believed to be based on earlier versions of
Linux that SCO has not targeted.
Still, Stowell characterized MontaVista's do-not-pay advice as ill-
advised,
especially if the OS involved is Linux 2.4 and higher -- the versions SCO
claims its Unix code was copied into.
Perens, too, was surprised, but pleasantly so.
"MontaVista said, 'Don't pay 'em.' That is what a lot of companies are
saying
privately to their customers, but not many of them have wanted to say this
publicly.
"MontaVista is sticking its neck out a bit, and that is admirable," Perens
added.
|