Call it Slash-and-Burn.org

[William Knowles <wk () C4I ORG>]

http://www.wired.com/news/politics/0,1283,36282,00.html

by Declan McCullagh
2:25 p.m. May. 11, 2000 PDT

Thursday just wasn't a good day for geek-culture destination Slashdot.

First came the news that Microsoft ordered Slashdot to delete
discussions of one of the company's security products.

Just as angry Linux users were furiously lashing out at the nastygram
from Redmond's legal department, a distributed denial of service
attack hit Slashdot, taking it intermittently offline for a few hours.

"About 400 readers weighed in over the first 30 minutes. Then we got
hit by a DDOS," wrote Slashdot founder Rob Malda in email to Wired
News.

Slashdot staffers initially didn't know what the problem was.

At noon EDT, Robin Miller, the editor in chief of Andover.net -- which
owns Slashdot -- said he thought the network outage was due to a
recent change in servers.

By 4:30 p.m., engineers had identified it as a denial of service
attack. Malda said he couldn't provide details, "and we're still
cleaning up," he said.

Discussion then turned back to the first threat Slashdot received: The
lawyer letter from Microsoft.

Miller said he has not deleted the 11 messages that Microsoft claims
are illegal under the Digital Millennium Copyright Act (DMCA), and is
waiting to hear from legal counsel and readers.

The response from Slashdot regulars was fast and furious. In the first
hour, hundreds of readers weighed in, many condemning Microsoft's
action as another example of the company's desire to crush
free-wheeling discussion in general, and the Linux community in
particular.

"No matter what Microsoft threatens, no matter what they say, do not
give in to them. This is not because it is Microsoft, but because free
speech is far too important, especially on a forum such as Slashdot.
Give them hell," wrote one respondent.

"Under the provisions of the DMCA, we expect that having been duly
notified of this case of blatant copyright violation, Andover will
remove the above referenced comments from its servers," says the email
from Microsoft's J.K. Weston.

The letter is particularly galling to Slashdotters since it includes a
generous helping of everything they love to hate: Microsoft, lawyers,
and the DMCA, which the motion picture industry has already used in
one prominent lawsuit to try to stamp out a DVD-descrambling utility.

Microsoft is concerned about a Slashdot thread from May 2 that talks
about the company's proprietary extensions to the Kerberos security
protocol, which was originally designed at MIT in the 1980s and has
been adopted by the Internet Engineering Task Force as an open
standard. Microsoft Kerberos as used in Windows 2000 is partially
incompatible with the rest of the computing world.

As if that weren't offensive enough, to read Microsoft's own Kerberos
specification, developers had to run an .exe file with a confidential
license agreement included.

That kind of hiding-technical-information approach didn't sit well
with members of the Slashdot community, which quickly posted ways to
download the specification and bypass the restrictive license
agreement.

Microsoft wasn't amused. It accused Slashdot of "unauthorized
reproductions of Microsoft's copyrighted work. ... In addition, some
comments include links to unauthorized reproductions of the
specification, and some comments contain instructions on how to
circumvent the End User License Agreement that is presented as part of
the download for accessing the specification."


*-------------------------------------------------*
"Communications without intelligence is noise;
Intelligence without communications is irrelevant."
Gen. Alfred. M. Gray, USMC
---------------------------------------------------
C4I Secure Solutions             http://www.c4i.org
*-------------------------------------------------*

ISN is sponsored by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".