[opensource-dev] Malicious payloads in third-party viewers: is the policy worth anything?

Latif Khalifa latifer at streamgrid.net
Sat Aug 21 17:50:53 PDT 2010


On Sun, Aug 22, 2010 at 1:48 AM, Phox <phox at modularsystems.sl> wrote:
>  I feel I need to take a moment here to address some of this:
>
> First of all, the issue with the login screen was NOT an attempt at
> DDOS, Fractured was looking at traffic graphs for the website in
> question and thought it would be funny to mess with them by making the
> traffic go from ~150 hits a day to several hundred thousand. He was
> simply messing with page views on the site, it was a stupid thing to do
> no doubt, but it was not a DDOS attack.
>
> The website in question suffered no ill effects, and to imply that
> loading a .php and a few images is an attempt at DDOS is just
> ridiculous, our login page consists of a .php script a hi-res picture,
> and our website doesn't go down as a result.

Engineering an attack where several million requests a day were sent
from all over the world to the affected web site most certainly
qualified as DDoS. In some jurisdictions such attacks are considered
criminal activity. The fact that attack was not successful is
irrelevant. Motivation for such activity also makes no difference.

What is relevant is that Emerald login page in effect turned every
Emerald user into a part of a botnet. What is disturbing here are
attempts to downplay the incident which does nothing to restore the
confidence in the leadership of Modular Systems which is very
unfortunate.


More information about the opensource-dev mailing list