Is the SCO site down again?

The SCO site has been up during business hours in Utah, but has since failed again. Many news sites carried the story that Eric Raymond had spoken to agroup responsible for a Distributed Denial of Service attack on the www.sco.com site and that they agreed to stop. However it appears that this may have been a hoax, or they subsequently changed their minds, or another person decided to continue the attack, or that the timeout on the attack has not yet been reached.

In a similar situation 10 days ago Microsoft chose to deploy Akamai's caching service, which has successfully averted any outages.

failed requests at www.microsoft.com

Akamai would be more dependable at warding off Distributed Denial of Service attacks than favours from Eric Raymond, but concievably SCO may have difficulty swallowing its pride and buying a service that uses tens of thousands of Linux servers, for which Akamai presumably has not purchased a SCO licence.

YOUR URGENT ASSISTANCE REQUIRED

DEAR SIR/MADAM: I AM MR DARL MCBRIDE CURRENTLY SERVING AS THE PRESIDENT AND CHIEF EXECUTIVE OFFICER OF THE SCO GROUP, FORMERLY KNOWN AS CALDERA SYSTEMS INTERNATIONAL, IN LINDON, UTAH, UNITED STATES OF AMERICA. I KNOW THIS LETTER MIGHT SURPRISE YOU BECAUSE WE HAVE HAD NO PREVIOUS COMMUNICATIONS OR BUSINESS DEALINGS BEFORE NOW. MY ASSOCIATES HAVE RECENTLY MADE CLAIM TO COMPUTER SOFTWARES WORTH AN ESTIMATED $1 BILLION U.S. DOLLARS. I AM WRITING TO YOU IN CONFIDENCE BECAUSE WE URGENTLY REQUIRE YOUR ASSISTANCE TO OBTAIN THESE FUNDS. Continue reading

Certificate Authorities Careless About SSL Security?

Certificate Authorities regard it as a badge of the trade to offer their main websites over SSL. However, John Airey points out that several CAs have not checked that the SSL versions of their sites can be used without generating errors. Verisign and Baltimore's sites both give warnings, and in some browsers so do Geotrust and Globalsign. This occurs because the sites include links to offsite images, but these images are only served over HTTP, causing browser warnings about insecure content when included on an SSL site. The point may seem small and obvious, but inconveniencing users by triggering warnings makes it more likely that they will turn off the warnings, which reduces their security.