Hacker Newsnew | comments | show | ask | jobs | submit login

Hmm .. something's not right.

Why didn't Time blacklist the "devoters" by their IPs (or respective small subnets) ? They couldn't be that incompetent. So it's reasonable to assume that the blacklisting wasn't working, which means the hack must've been mounted in a distributed fashion, which in turn implies it was ran over a botnet of some kind. Hmm ..




Web proxy farms mean you can't just say "100+ votes from a single IP address = blacklist". You'd probably need manual intervention to distinguish proxies and individual abusers. Once you're manually intervening, you may as well just wait until the poll closes and drop the results you don't want.

-----


...which in turn might make oone wonder whether or not that's happening already all the time and on just any poll around. Haven't it be the respected TIME one could suspect they kept the poll as it turned out just because the Anonymous group knew the exact number of votes for every rank.

-----


They couldn't be that incompetent.

As the article points out, they didn't even write the poll correctly: Two pairs of candidates shared the same ID. That means that if Oprah Winfrey got the highest score, then Ratan Tata would also get the highest score. If the competition was not hacked, these pairs might have done quite well, since they'd get the combined votes of the two candidates.

If TIME couldn't be bothered to get the poll right in the first place, it's not surprising that they barely tried to fix the hacking.

-----


Why didn't Time blacklist the "devoters" by their IPs (or respective small subnets) ?

After it was obvious they were being gamed, they did just that. For IPv4.

Then someone discovered there were no blacklisting going on for IPv6 requests and ran amok, effectively being able to throw out around 30k votes a minute without a botnet. After that the poll pretty much looked exactly like whatever whoever gamed it decided it should be.

http://www.theregister.co.uk/2009/04/17/time_top_100_hack/

-----




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: