That's the bit that stands out - this may have been one former team member's bad idea, and it could be forgiven on the basis that it was just one former team member who has now been kicked out - except of course that the rest of the team are trying to say "it's not so bad".
Surely it'd be better to say "one former member of our team had a stupid and illegal idea, we apologise for this and have taken measures to ensure our resources are not abused in the same manner again". Denying wrongdoing is never a good way to make an apology, neither is censoring comments on your blog by the way. For the record, here's my comment that didn't get through moderation: “This was not a DDoS” Yes, it was – and your “apology” means nothing if you deny doing wrong and try to make it look like something merely “silly” instead of a criminal action. Yes, it was a stupid idea – but it was also a criminal idea. Why the hell was someone able to modify your login page to add the malicious HTML without oversight, and why are you not apologising properly? On Sun, Aug 22, 2010 at 1:50 AM, Latif Khalifa <lati...@streamgrid.net> wrote: > On Sun, Aug 22, 2010 at 1:48 AM, Phox <p...@modularsystems.sl> wrote: >> I feel I need to take a moment here to address some of this: >> >> First of all, the issue with the login screen was NOT an attempt at >> DDOS, Fractured was looking at traffic graphs for the website in >> question and thought it would be funny to mess with them by making the >> traffic go from ~150 hits a day to several hundred thousand. He was >> simply messing with page views on the site, it was a stupid thing to do >> no doubt, but it was not a DDOS attack. >> >> The website in question suffered no ill effects, and to imply that >> loading a .php and a few images is an attempt at DDOS is just >> ridiculous, our login page consists of a .php script a hi-res picture, >> and our website doesn't go down as a result. > > Engineering an attack where several million requests a day were sent > from all over the world to the affected web site most certainly > qualified as DDoS. In some jurisdictions such attacks are considered > criminal activity. The fact that attack was not successful is > irrelevant. Motivation for such activity also makes no difference. > > What is relevant is that Emerald login page in effect turned every > Emerald user into a part of a botnet. What is disturbing here are > attempts to downplay the incident which does nothing to restore the > confidence in the leadership of Modular Systems which is very > unfortunate. > _______________________________________________ > Policies and (un)subscribe information available here: > http://wiki.secondlife.com/wiki/OpenSource-Dev > Please read the policies before posting to keep unmoderated posting privileges > -- “Lanie, I’m going to print more printers. Lots more printers. One for everyone. That’s worth going to jail for. That’s worth anything.” - Printcrime by Cory Doctrow Please avoid sending me Word or PowerPoint attachments. See http://www.gnu.org/philosophy/no-word-attachments.html _______________________________________________ Policies and (un)subscribe information available here: http://wiki.secondlife.com/wiki/OpenSource-Dev Please read the policies before posting to keep unmoderated posting privileges
