lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 9 Mar 2010 23:02:24 -0600
From: Rohit Patnaik <quanticle@...il.com>
To: Jan Schejbal <jan.mailinglisten@...glemail.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Ubisoft DDoS

Well, we don't know exactly how the servers were configured.  There might
have been some kind of issue with the coding or the configuration of the DRM
servers that wasn't noticed during testing.  After all, these sorts of
big-budget games sell millions of copies in the opening weekend.  Even
simulating that kind of load is an expensive proposition.  There might have
been some issue with the server that only became visible when there were
millions of simultaneous clients all trying to authenticate themselves
simultaneously.  Remember what happened with AT&T's iPhone activation
fiasco?  Who's to say that something similar didn't happen here?

-- Rohit Patnaik

On Tue, Mar 9, 2010 at 3:59 PM, Jan Schejbal <
jan.mailinglisten@...glemail.com> wrote:

> Am 09.03.2010 21:11, schrieb James Matthews:
> > I don't see why they didn't just block the attack. It must be more then
> > this.
>
> If the attack behaved like LOTS of legitimate clients, it might have
> been hard to lock out the bots while not locking out players.
>
> The option that the attack is just made up as an excuse for too few
> resources to support all the players should also not be forgotten,
> although I consider that improbable.
>
> Sincerely,
> Jan
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ