A data-based analysis of SCO's web site by the Cooperative Association for Internet Data Analysis (CAIDA) has found that this week's outage was related to a distributed denial of service attack (DDoS). Data collected by CAIDA's Network Telescope indicates that the sco.com site responded to more than 700 million attack packets over 32 hours, according to the analysis.
"Early in the attack, unknown perpetrators targeted SCO's web servers with a SYN flood of approximately 34,000 packets per second," CAIDA said. "Together www.sco.com and ftp.sco.com experienced a SYN flood of over 50,000 packets-per-second early Thursday morning."
SCO's statement attributing its outage to a DDoS attack had been widely questioned following a critique of the SCO press release at the Groklaw web site. CAIDA has previously used its technology to document Internet traffic events including the Code Red and Slammer worms.
A dynamically updating graph is available here.
A newly publicized bug in Internet Explorer shows that it is possible to craft html which causes Internet Explorer to display an incorrect URL in its address and status bars, making it easier for Internet fraudsters to trick web users into divulging critically important information such as their bank account details, while apparently interacting with a completely authentic URL.
The technique, which can be exploited by anyone with a rudimentary knowledge of HTML tags, is being demonstrated on several web sites. URLs with an '@' such as
http://www.visa.com:UserSession=2f6q9uuu88312264trzzz55884495& usersoption=SecurityUpdate&StateLevel=GetFrom@126.96.36.199/verified_by_visa.html[the text to the left of the @ in a url is taken to be a user account on the sitename which follows] are commonly used by fraudsters launching electronic mail fraud attacks on customers of banks and credit card companies.
In the example Explorer serves a page from the local server, while displaying the url as www.microsoft.com.
Microsoft's immediate response is to recommend that people only enter sensitive information on SSL sites, after checking the certificate details.
Mozilla [both Windows and Linux versions] displays the url correctly.
SCO said its web site has been knocked offline by a distributed denial of service attack (DDoS), and remains unavailable more than eight hours after the attack began.
A dynamically updating graph is available here.
The site has been down since 4:20 a.m. Mountain Time (11:20 am GMT) , when it experienced "a large scale distributed denial of service (DDoS) attack," SCO said in a statement. The attack affected the company's web site, e-mail, intranet and customer support operations. SCO said it is working with its Internet Service Provider to restore the site to operation.
SCO is working with law enforcement officials and its ISP to gather information to help identify the origin of these attacks. The company said the DDoS, known as a syn attack, used "several thousand servers (that) were compromised by an unknown person to overload SCO's Web site with illegitimate Web site requests."
The SCO site was offline for more than three days in August, and cited a DDoS for that outage as well.
E-commerce providers that make customer data available to attack over the internet may find themselves open to enforcement actions by the U.S. Federal Trade Commission, which is stepping up its scrutiny of online retailers. In the most recent case, pet supply retailer PetCo disclosed that it is being investigated by the FTC after a security hole exposed 500,000 credit card numbers to the Internet.
The Petco case is at least the fourth instance in which the FTC has pursued enforcement actions against companies whose security and privacy practices fall short of assurances made to consumers. "Consumers have every right to expect that a business that says it's keeping personal information secure is doing exactly that," said Howard Beales, Director of the FTC's Bureau of Consumer Protection. "It's not just good business, it's the law."(more...)
Oracle has issued an alert (PDF) detailing high risk security holes affecting all SSL products in the Oracle9i Application Server, the Oracle9i and Oracle8i Database Servers, and Oracle HTTP server. "Any client that is able to access the server may exploit the vulnerabilities," the company said in its alert. (more...)
Cable & Wireless has agreed to sell its money-losing US operations to a Los Angeles investment firm for an announced price of $125 million. The deal includes a Chapter 11 filing for the American unit, which is a separate corporate entity from the British parent company.
The purchase by a unit of Gores Technology Group allows Cable & Wireless to exit its unprofitable US hosting business, which includes assets bought from Exodus and Digital Island. The bankruptcy filing will allow the company to dramatically slash the cost of exiting leases of surplus data center facilities. Under Chapter 11, debtor companies can reject leases for unneeded properties, and renegotiate leases to reduce costs going forward. As part of the bankruptcy filing, Cable & Wireless will provide the US unit with $100 million in debtor in protection (DIP) financing. This type of loan must be repaid prior to pre-bankruptcy financial obligations.(more...)