Slashdot Mirror
CNN Misrepresenting etoy vs. etoys Battle?
J Hotch writes "Check out CNN's story:
eToys attacks show need for strong Web defenses.
Check out this frighteningly inaccurate description of the conflict:
"Online retailer eToys has taken legal steps to prevent a Swiss art group from using the domain name etoy.com."
This makes it sound like etoy.com was trying to muscle in on etoys.com. They don't mention that etoy.com was registered years before etoys.com was even a twinkle in some business-major's eye.
Unfortunately, they are just using the denial-of-service attacks on etoys.com as a springboard into a web security article. "
They do have a link on that very page to an idg.net article which goes into more detail about etoy and etoys, including mentioning that etoy.com was around for a year before etoys.com opened. Guess they don't fol,low their own links either...
Ooh, a sarcasm detector. Oh, that's a real useful invention.
This article is about RTMark's DoS attacks on etoys.com, not about the legal battle.
Of course it makes RTMark look bad, the way they are behaving is quite childish. They would do better to be raising money to help etoy.com's legal battle. Or informing the public about what is going on. What they are doing now is just going to hurt etoy.com and others in the same situation by raising hostility in the corporate world.
Myddrin
Instead of arguing over the ethics of DoS attacks, why don't all of us just go and visit etoys.com. (let's see how ready they are to handle the onslaught of this community)
if at first you don't succeed, shoot the consultant who suggested you try in the first place...
The group's Web site made available information, such as eToys' IP address, that would give attackers helpful ammunition to shoot eToys down.
Why do so many people not understand that IP addresses are not magic? Really, how hard is it to find the IP address that corresponds to etoys.com? If script kiddies can't figure it out, it's their ignorance.
Gates' Law: Every 18 months, the speed of software halves.
Check out this frighteningly inaccurate description of the conflict
While you're at it, check out this story onPlease note: they screen each post for relevance, so no Mae Ling Mak Naked Drunk Petrified Spray Painted And Auctioned Off To Disney posts will get through.
The Kulturwehrmacht
Finding God in a Dog
Now, let the ranting begin:
1) The only time that I would ever advocate a DoS attack on a site is never. There is no reason to do so; sure, you might put it down for a while (etoys reported 98% instead of 100% reliability during the last few weeks), but if anything it could lead to worse things (see below). There are more effective ways to state your dislike for something.
2) CNN's not wrong; their article on the etoy/etoys things is truth. Just using a different set of words that seems to put etoys on the right side of the thing. Words are very powerful, but you can't blame CNN for misusing them.
3) I really don't like this idea of DoS attacks, especially in light of this article. Chain of events: All over e-commerce they read that a service can be put down because of DoS (they won't care why the DoS was initiated); Etoys says they have to use custom-built DoS prevention tricks to stop it; E-commerce security experts all up in arms on how to stop this; e-commerence management wonders how to easily stop it; e-commerce turns to US Government (using large bags of money) and asks them to stop it; US Government bans all TCPIP tools except port 80's. Ok, so the last one's going a bit far, but I don't doubt that this series of events can happen. Just as with the question of linking, overly long patent and trademarks, poor patents, and other junk, stuff like this only kills the net for anyone not involved in e-commerce, and even then, may take some lowend e-commerce sites down.
Moral of the story: PLEASE DONT BE A SCRIPT KIDDIE. :-P
"Pinky, you've left the lens cap of your mind on again." - P&TB
"I can see my house from here!" - ST:
The slant was very much one of "etoys are innocent, anyone who says otherwise is guilty", regardless of any details such as facts.
Mind you, there is that old adage of "never let facts get in the way of a good story". CNN is usually one of the more reputable of a rather poor bunch, but this really doesn't reflect well on them.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Get in there and post feedback, comment in the forums, and/or call CNN, and talk to them about what "hacker" means.
If they want to babble about crackers, fine, but they shouldn't be confusing two very different groups.
My blog: http://www.seebs.net/log/ --- My iPhone/iPad app: http://www.seebs.net/seebsfrac/
This article is an obvious farse on what is going on. I think anyone who has any idea of what is going on here will immediately realize what hype-motivated trash journalism this really is. What kind of "hacking group" allows themselves to be interviewed by CNN, and mentioned by name? I think this is an article to laugh about, not to be concerned about..
especially this part :
Using another method, an attacker can send malformed packets that give routers, firewalls or switches a kind of network indigestion.
Now.. I've had routers give ME indigestion, but never the other way around.. maybe someone has found some way to make them feel my pain!
//Phizzy
"Most European technology just isn't worth our stealing," -- Former CIA chief James Woolsey, referring to Echelon
The group's Web site made available information, such as eToys' IP address
What sickos. Who knows what these loonies will do next.
I recieved one of RTMark's e-mails; they clearly got my e-mail address off of /. because I responded to the earlier story about this. So, since I piped in with support of etoy (my post included simply options of other toy retailers to use, and my angle was that these other options are actually cheaper than eToys)
So, let's see... RTMark takes it upon themselves to harvest my e-mail address, send me Spam, and tries to enlist the spam's recipients to engage in an illegal DOS attack against eToys -- and they're the good guys?
The news article may not have been complete, (gee, Slashdot's never done that...) but they did get it right: this is an illegal attack that does nothing except make legitimate advocates for etoy look bad.
-- "In order to have power, I must be taken seriously." -Mojo Jojo
While the article is correct in what it does say, omitting important info about the case leaves people people with the implicit assumption that etoy, and by extension "art groups" and "Internet activists", are automatically untrustworthy.
What I wonder is whether CNN has some vested interest in seeing Etoys win (Do they receive advertising revenue? Do they own stock in the company?), or it could just be old fashioned promotion of the money-making-above-all-else doctrine.
A visit to netcraft tells me the following: www.etoys.com is running Etoys Web server 1.2 on Linux
No wonder they have such excellent availability!
That's the impression a got after reading the CNN atricle.
Not to mention they mention the "unix-based" Tribal Flood Network. As if they are trying to group anyone that uses a non-MS OS into the "script kiddie" catagory that trys to take down "legit" e-commerce sites like etoys.com.
Which makes me wonder if Ted Turner has some sort of interest in etoys.com. I've seen CNN spin the hell out of other stories that were against a Turner company. Turner uses CNN to promote all of his ideas. It's not called the Clinton News Netowrk for nothing.
Just my $.02, but NEVER rely on CNN when they put too much of a negative spin on one thing and positive spin on another in the same story. CNN projects it's financial and politcal ideas in it's "unbiased" stories more then any other news organization I've seen.
I know what really happened. Other news groups reported on what really happened. I take CNN at face value, so the story didn't really surprise me.
Slashdot posting a story about journalist integrity? The same site that will post almost any rumor as news? Hello?
I don't see anything wrong with this article. It states simply that etoys.com is "taking legal steps to prevent a Swiss art group from using the domain name etoy.com." They use that statement to lead into the relevant topic of a group launching DoS attacks against etoys.com. Within the scope of this particular article, who cares which site was there first? That's irrelevant. It's just simply stating a fact, nothing more. This fact (etoys.com disputing etoy.com) was the catalyst that started the DoS attacks against etoys.com. That is all the article is saying.
I don't see any problem whatsoever.
Furthermore, nowhere in this article does it say anything about who is at fault in the etoys.com - etoy.com issue. So, it does not lay any foundation, whatsoever, that could be used for any misrepresentation of any kind.
With that in mind, it's easy to see that the poster is obviously reading way too much into this one sentence.
I fail to even see how this story even made it up on Slashdot.
I mostly agree with you. However, the government banning all but tcp port 80 would not improve things significantly, because:
a) Most sites can already go to their upstream providers and make such requests, which would have largely the same effect.
b) Despite filtering everything else, I, and many others, could, (and have, to varying degrees) written programs to send TCP fragments (e.g., SIN, FIN, RST) at excessive rates. Furthermore, these types of attacks are, in many ways, more potent than a trivial ping attack against a reasonably configured site.
This is the contact info for the author of the article. I've sent her an email with links to the Slashdot articles concerning the etoy/Etoys battle.
Please, no flames.
Ellen Messmer
Senior Editor, Enterprise Applications
emessmer@nww.com
(202) 879-6752
Fax: (202) 347-2365
Network World
1331 Pennsylvania Ave., Suite 505
Washington, DC 20004
Woefully, CNN is just using a bit of razzle-dazzle by touching on a hot topic (domain name disputes) to get people to read an otherwise off-putting technical article. They do their integrity a disservice, here. However, there's also a lesson to be learned by the RTMarks of the world: Before you perform an act online terrorism, think about the light that your act will be framed in. Will you help your cause or harm it?
The net result is that now a lot of people think etoy is some cyber-squatting (what an unfortunate term) semi-terrorist bunch of geeks. Many will never even know that it had anything to do with art.
The 1st Law of Mass Media is "Give the people what they want." It appears CNN is doing exactly that... after all, it is Christmas, and (by the way, this has nothing to do with my opinion on the subject [I support eToy], just my perception of how CNN is handling it):
There may be other parallels, these were just readily apparent. Remember what ESR likes to talk about with regard to technology in the media: people only pay attention to tech stories with protagonists. In this case, they've got a protagonist (the Whos down at eToys) and a story that they more-or-less already know (or at least think they do)... what more could John Q. Public ask for?
This is my opinion and my opinion only. Incidentally, IANAL.
MOO;IANAL.
There used to be a picture linked here.
It strikes me that the Internet is the closest thing we have to an anarchy: a lack of centralized control, rule by consensus, and sometimes mob rule.
:)
DoS attacks are the network equivalent to violence. They're intended to "wipe 'em out," as surely as a bullet to the head.
And put in those terms, it's downright scary. What we have are a bunch of self-righteous hoodlums who put their own *OPINION* of what's right and wrong well above the ability of others to continue to exist.
Yah, I'm using hyperbole. It's not really that extreme. No one is likely to die from this.
But the comparisons can be drawn, and perhaps indicate the biggest flaw with anarchic thought. Some right bastard is always gonna be more than willing to go to the extreme, rather than approach a solution from a non-violent direction.
Inneresting bit of thought, IMHO, anyway.
--
Don't like it? Respond with words, not karma.
Man, I've got to write this date down in my diary. Slashdot complaining about someone else's accuracy in reporting. Next thing there will be a story about incorrect grammer or spelling on some site.
DrLunch.com The site that tells you what's for lunch!
Did anyone notice that etoys stock has dropped half its value in the last month? Right in the middle of the xmas buying season too. Perhaps the shareholders are paying attention...
quote.yahoo.com/q?s=etys
Honestly, it's not a huge surprise that CNN has posted a story that's worded this way. I mean, first of all, they probably get ad dollars from eToys.com. And second, what, did you think the mainstream press would defend some artsy-fartsy freak group, so offensive to blue-collar America? I mean, hello... etoy.com had the work "fuck" on their page! *gasp* Quick, someone get the smelling salts!
There are many, many things that annoyed me about this CNN article. Here's a short list:
1) They did not mention that etoy.com was registered two YEARS before eToys.com. The wording makes it sound like etoy.com was just playing off the popularity of eToys.com, which is not the case.
2) CRACKERS, not HACKERS! For crying out loud! How many times can they get this wrong? Isn't there something we could do to get these reporters a clue? crackers Crackers CRACKERS!
3) OK, so someone posted eToys.com's IP address on the web. Oh nooo, Mr. Bill! God FORBID anyone should do that! As we all know, nameservers don't do that kind of thing every day. IPs are not meant to be seen by the general public! All them thar numbers and dots, those could mean *anything*!
Oh, and as for those "proprietary" defenses being used by eToys: why am I not surprised that these people would take from the Open Source community and then not even be willing to disclose new (if they are new) ways of warding off attackers? Yeah, OK, I understand that this might make them more vulnerable, but then again.... well, we all know the good arguments for sharing information, so I won't rehash those.
All in all, it's no more than I expected from CNN - but I would like to see the bar raised on these types of "mainstream technical" articles.
It exists to sell your eyeballs to advertisers.
The more eyeballs, the more dollars revenue.
Facts just scare the audience away.
Adopt this cynical (and realistic) understanding of the news media, and it'll serve you well.
--
Don't like it? Respond with words, not karma.
This is the address I used. The form is cramped, but I told them what was on my mind. Remember it's best to offer POLITE constructive criticism.
I believe that the correct contact information for the person who wrote the article is at "http://www.idg.net/go.cgi?id=13177".
Be polite, people - it IS possible to be firm but polite, and your recipient will be more likely to listen to you instead of tuning you out.
CNN didn't write the article, so all the CNN conspiracy theorists can calm down. CNN "outsources" their technical content to IDG.NET. Ellen Messmer, the author, is a writer for Network World, you can contact her at:
/. crowd. The torches are lit, the pitchforks are out, and everyone is all worked up. /. itself pubishes poorly researched stories weekly, and it doesn't ignite this sort of flaming. (Oh wait, it does! I take that back 8-) )
Ellen Messmer
Senior Editor, Enterprise Applications
emessmer@nww.com
(202) 879-6752
Fax: (202) 347-2365
Network World
1331 Pennsylvania Ave., Suite 505
Washington, DC 20004
Personally, I find this to be typical sloppy trade rag journalism. I don't think IDG has an private agenda (like the microsoft loving ZDNET). They just slapped a story together and pushed it out without understanding all the background.
A good solution would be to educate Ms. Messmer is a calm, controlled manner, but somehow I don't see that happening with the
-Twid
- "When you want something with all your heart, the entire universe conspires to give it to you" -Paulo Coelho
There's another spin I want to put on this - and that is that these script kiddies are performing an invaluable job - exposing security holes without doing *too much* damage. What's worse - a defaced webpage (graffiti) or industrial espionage. Which method would you like to have done to your web server? I prefer the former - atleast I know when it happened, and it's easy to clean up.
Microsoft would never have released any security patches to SMB filesharing, or the SAM database "syskey" in SP6a or a plethora of other fixes if it wasn't for the pervasiveness of these "script kiddies". Conventional methods of writing to Microsoft failed - read any bugtraq posting about M$ and it'll go something like this: "I wrote to them a month ago and never heard anything, so I'm posting this really easy way to compromise any M$ OS to the public. Thanks Microsoft.
I'm reminded of a quote from Southpark: "Blame Canada! Blame Canada!" It's true, a hundred times over. We'll just shovel the blame around - it's the script kiddies fault (our root password was aadvark, but that's not OUR fault!) - it's the governments fault - it's Microsoft's fault... how about "It's your fault." They point the finger at the admin, the admin points the finger at the vendor, and all the user gets is the finger. Thank god for script kiddies - they crack security enough to get it fixed, and they have the intelligence of lobotomized flatworms - ie: they can't do much real damage. Look at it another way: if they really were a threat, don't you think the FBI would be more active in trying to catch them?
We need "peaceful" protests -- not disruptive actions. Yes we have to fight for our freedom rights, but doing childish things like ping floods, etc., will only give a very bad image to people outside of our circle, and actually advance the cause of those who want to take away our freedom ...[snip]... What we need is to protest in a non-disruptive way.
I am usually not in favor of incitement to riots, but this position goes a bit too far the other way. Peaceful and non-disruptive protests make sense only when the imbalance of power between the two sides isn't too great. If your position on the totem pole is several feet below its bottom, then all the non-disruptive protests in the world aren't going to do you and your cause any good. At best you'll politely told to fuck off and not bother important gentlemen busy with their important matters.
The proper criterion for protest is not how disruptive it is, but rather how effective it is in achieving its aims. Sometimes the best way is to be very, very polite. Other times, being polite is useless but being obnoxious and irritating works wonders. It all depends.
I am not in favor of ping-flooding etoys' servers -- this attack is ineffective and is not likely to make etoys see the light. The management will just tell their tech people to fix it, and fix it they will, it's not hard at all. On the other hand, I am also not in favor of wringing one's hand lamenting the horrible state of affairs and writing whiny letters to congresscritters. If you want to do something, do something effective instead of pissing in the wind.
Kaa
Kaa
Kaa's Law: In any sufficiently large group of people most are idiots.
I have to watch CNN at work and the way they report makes me sick. Rather than giving references, they cave in to cheasy and dubious leads: "Sources say..." "The FBI says..." "Officials report..." That's the only thing that seperates it and the daytime talk shows.
When is CNN going to do any actual reporting, rather than following up on press releases by contacting the obviously biased three letter agencies? Many stories I have seen where I knew some background, they have screwed up. There are exceptions, where adventurous reporters really mingled with the communities involved. But that's rare. I get to see CNN Headline News rehash what looks like government and sponsor approved spineless news.
Further, they have to sensationalize on any blood and guts violence and terrorist related thing and hype it up like the world is going to blow at midnight, December 31st.
Maybe some good old fashioned news reporting and none of their constant speculative biased editorials would be a welcome change. Why don't they pick up local news events from city television stations that are always interesting? Why do we have to watch them stir up the hornet's nest on breaking problems and take the side who has the biggest media relations staff? They keep on reporting on events like compost that doesn't quite yet have a chance of into anything fruitful while they take sides.
Having noticed the original article on cnn.com, I immediately went to /. to report the link. Of course, /. being /., there was already a link up to the article, along with a zillion replies.
I got to thinking - if I were a clever executive at etoys.com who wanted to pump up the publicity for the site, especially during the holiday season, what would be the most efficient resource to use for this purpose?
Then it hit me - What is the most potent energy source in the universe? Why, the unchecked ire of righteous net.rogues, of course! All that would be needed to harness such energy would be a minor slight, preferably one related to online freedoms.
A plan is thus hatched - create a decoy company, a "little guy". Abuse the decoy company by throwing around monetary weight. When the decoy goes down for the count, the net.rogues are sure to reach a hand into the ring for a tag, and come in blazing. The media being what it is, it won't be able to resist reporting on the scoundrels and whatever retalitory actions they take.
Result? My company comes out the hero, having been abused by those evil C^HHackers, and gets a ton of free press to boot, right around our most profitable time.
Or maybe not.
:)
stil
ETOY.COM was registered in 1995:
while ETOYS:COM was registered more than 2 years later:
ms
Action: Amazon sues B&N - courts act like ninnys
Response:Richard Stallman calls for an Amazon boycot.
Response: Amazon doesn't notice.
Action: WTO goes to Seattle - cops act like ninnys
Response: Techno-Hippies attempt DOS Sit-in
Response: WTO doesn't notice.
Action: EToys sues EToy. - courts act like ninnys
Response: RTMark attempts DOS attacks.
Response: EToys doesn't notice.
Are we seeing a pattern here?
Oops. I missed something
Response: Amazon, WTO, and EToys get great press coverage, the kind of coverage PR departments can't buy, and love every minute of it.
Response: A bunch of people get upset over hacker/cracker definations. (When you get your system raided by the Secret Service, let me know. [I, at least, got a cool T-Shirt.] Until then get off your high horse.)
Response: People get upset over biased reporting and report on that in a biased manner.
No Zen is good zen
They're on LINUX, so they can do this on a router:
/sbin/ipchains -A input -i eth0 -p icmp --icmp-type ping -d 0.0.0.0/0 -j DENY
using -j DENY over -j REJECT means that the packet is just dropped by the kernel like it never existed. It means that a reply is never sent. It takes a lot less cpu time and bandwidth this way, as a reply packet does not have to be sent.
It seems unlikely to me that CNN is going to place any news in such a way that it will make a sponsor look bad. Conversely, it will help insure that their sponsor is able to stay in business if they can denigrate the sponsor's opponents.
I am posting a politely critical E-mail to CNN, because the last thing that I'll permit anyone to say is that I don't try, but I think they may have already chosen their sides on this one.
Strike while the irony is hot! -- The Freethinker
That's an excellent metaphor. First I just wanted to point out some facts about what happened in Seattle, then I wanted to show a different side of the metaphor which I think is more relevant to etoys vs. kiddies.
:)
Here is what I saw in Seattle, as a legal observer, a protestor, and a member of Food Not Bombs (a significant non-destructive Seattle anarchist group):
The "black bloc" who broke windows numbered at least 40-50. Not all of these people broke windows, but all were collaborating in this action. In terms of "provoking government over-reaction" - it may have been intended that way but the tear gas had been used at least an hour prior to the first broken window. (It's my belief that government overreaction, which despite the chaos on Tuesday really kicked in on Wednesday, was more a factor of Clinton's presence; the Secret Service's "if things go bad Wednesday, we have to have crushing superiority and readiness for ruthless tactics" philosophy became a self-fulfilling prophecy.)
The Etoy thing is not about provoking overreaction though. To my mind the more pertinent aspect of the metaphor is the black bloc's belief that their actions were necessary to get media coverage, and that even negative coverage served to spread their message. I'm sure that some script kiddies feel the same way. And when major media gets the story totally wrong, as in this case, it only fuels their attitude. "Their gonna twist the story anyway, at least this way they won't ignore it." IMO a counter-productive attitude, but certainly one I can sympathize with.
(Wouldn't it be nice if etoys sued CNN for indirectly encouraging the DoS attacks through their biased coverage?
Preferential Voting: easy as 1-2-3
The only accurate (and therefore worthwhile) news is news without an editorial bias. Anything else is a mix of opinion, speculation, manipulation, distorion and plain, old-fashioned FUD.
Sorry, but if I want FUD, I can always go to www.microsoft.com and do a search for their stuff on Linux. If I switch to a news station, it's because I want news. Real News. You know, the stuff that's actually happening. The stuff they're paid to report. I can find plenty of FUD on my own, I don't need it from the news services.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
They install IRC clonebots, "FludNets", BackOrifice, NetBus, r00tkits, and all other manner of crap.
You make it sound so harmless.
Open Source. Closed Minds. We are Slashdot.
Of course, the very best disruption, for any corporation, is a highly visible and effective boycott of their product(s). Surely, that's a no-brainer?
One more thing, while I'm on this subject: The Seattle WTO protests (complete with property-specific violence) were a great success, measured just about any way you like. Somehow nobody seems to ever explain that the 60's were a time of change in part just because there were so many different -- even divergent -- goals and strategies. So, some of us can boycott, some can be messing about with DoS, others can hire lawyers... that's what "do your own thing" meant.
Along these lines, there was a case in italy about a year ago where it was ruled that a woman that was wearing tight blue jeans who was raped had to have helped her attackers, because they were so difficult to get out of. The judge said this shows consent, and she _couldn't_ have been raped. Strange, but true.
Moral of the story: Wear baggy clothes in italy.
Were I to launch attacks against online merchants, I wouldn't do something so silly as just trying to create a lot of traffic. I would try to stress out their system as heavily as I could - say with a Perl script generating random "purchases" with garbage names and garbage credit cards...
Cheers,
Ben
My usual seat in the cluetrain is at A HREF="http://pub4.ezboard.com/biwethey.ht
Here is whats wrong with a DoS attack. Just great script kiddys just turnned EToys into innocent victioms and etoy.com into evil vile bad guys in the public eye.
This in no way helps etoy.com... Many will now reguard them as a website willing to resort to vile tricks. Forget that etoy.com predates etoys by a few years. In launching a DoS attack on Etoys the supporters of etoy.com have hurt etoy.coms position.
Thanks to this there is little hope that etoy.com will ever hear the end of this (they will win in cort I'm pritty shure of that it's the larger cort of public opinion where they'll continue to do battle)
This isn't much more than techno chest thumpping and dose no one any good...
I don't actually exist.
Try sending them mail asking about the purchase you made that was due to arrive 2 weeks ago...They
can't afford to not look at those mails..
//rdj
No one can understand the truth until he drinks of coffee's frothy goodness.
--Sheikh Abd-Al-Kadir, 1587
and don't forget etoys.co.uk
//rdj
No one can understand the truth until he drinks of coffee's frothy goodness.
--Sheikh Abd-Al-Kadir, 1587