I agree Gareth, but I don't believe it was a "former" team member. As far as I know, Fractured is still on the development team, and it would be hard to kick him out as he owns both the website and the sim.
They've said that it was Fractured, and that some of the people on the development team had known it was going since the 9th on in a recording of them talking about the incident. Yes, it was a distributed denial of service attack. Multiple drones were involved, and access to the site was periodically impossible, I don't know how clearer it can get. It should have been obvious that I'm not equipped to handle 6500 times my regular amount of traffic just so Fractured can have a nice lol, and it definitely wasn't alright to use his own users to do so. As for the comment about "that viewer" being used to crash Emerald users on old versions of Emerald using the information EmKDU put into baked textures, it's entirely false. There are no new asset-based crashes that I can think of since the versions of Emerald that have already been blacklisted (pre-1634,) and there are no crashers in "that viewer", much less Emerald-specific ones. It was more used to tell who was using Onyx when it was pointed out to me that Onyx now pretends to be Emerald by using their Tag and channel name (but uses a different build number as they're in different repos). Makes sense after people made a big stink about Onyx having features like you might see in "those viewers", though. For example: Emerald Viewer 1.4.0.626 - Phox ModularSystems On Sat, Aug 21, 2010 at 9:57 PM, Gareth Nelson <gar...@garethnelson.com>wrote: > That's the bit that stands out - this may have been one former team > member's bad idea, and it could be forgiven on the basis that it was > just one former team member who has now been kicked out - except of > course that the rest of the team are trying to say "it's not so bad". > > Surely it'd be better to say "one former member of our team had a > stupid and illegal idea, we apologise for this and have taken measures > to ensure our resources are not abused in the same manner again". > Denying wrongdoing is never a good way to make an apology, neither is > censoring comments on your blog by the way. > > For the record, here's my comment that didn't get through moderation: > “This was not a DDoS” > > Yes, it was – and your “apology” means nothing if you deny doing wrong > and try to make it look like something merely “silly” instead of a > criminal action. Yes, it was a stupid idea – but it was also a > criminal idea. > > Why the hell was someone able to modify your login page to add the > malicious HTML without oversight, and why are you not apologising > properly? > > On Sun, Aug 22, 2010 at 1:50 AM, Latif Khalifa <lati...@streamgrid.net> > wrote: > > On Sun, Aug 22, 2010 at 1:48 AM, Phox <p...@modularsystems.sl> wrote: > >> I feel I need to take a moment here to address some of this: > >> > >> First of all, the issue with the login screen was NOT an attempt at > >> DDOS, Fractured was looking at traffic graphs for the website in > >> question and thought it would be funny to mess with them by making the > >> traffic go from ~150 hits a day to several hundred thousand. He was > >> simply messing with page views on the site, it was a stupid thing to do > >> no doubt, but it was not a DDOS attack. > >> > >> The website in question suffered no ill effects, and to imply that > >> loading a .php and a few images is an attempt at DDOS is just > >> ridiculous, our login page consists of a .php script a hi-res picture, > >> and our website doesn't go down as a result. > > > > Engineering an attack where several million requests a day were sent > > from all over the world to the affected web site most certainly > > qualified as DDoS. In some jurisdictions such attacks are considered > > criminal activity. The fact that attack was not successful is > > irrelevant. Motivation for such activity also makes no difference. > > > > What is relevant is that Emerald login page in effect turned every > > Emerald user into a part of a botnet. What is disturbing here are > > attempts to downplay the incident which does nothing to restore the > > confidence in the leadership of Modular Systems which is very > > unfortunate. > > _______________________________________________ > > Policies and (un)subscribe information available here: > > http://wiki.secondlife.com/wiki/OpenSource-Dev > > Please read the policies before posting to keep unmoderated posting > privileges > > > > > > -- > “Lanie, I’m going to print more printers. Lots more printers. One for > everyone. That’s worth going to jail for. That’s worth anything.” - > Printcrime by Cory Doctrow > > Please avoid sending me Word or PowerPoint attachments. > See http://www.gnu.org/philosophy/no-word-attachments.html > _______________________________________________ > Policies and (un)subscribe information available here: > http://wiki.secondlife.com/wiki/OpenSource-Dev > Please read the policies before posting to keep unmoderated posting > privileges >
_______________________________________________ Policies and (un)subscribe information available here: http://wiki.secondlife.com/wiki/OpenSource-Dev Please read the policies before posting to keep unmoderated posting privileges
