Colorado Rockies world series tickets debacle



  • This is a big story here in Denver.  Controversially, all available tickets (above season ticket holders and bigwigs) went for sale online yesterday at 10AM.  As I suspected, the servers were brought to their knees.  Everyone in the local media was talking about how unfair it was that any people or bots worldwide would get the same chance.  Time for an extremely rigorous test, right?  The contractor was "amazed and overwhelmed" with the traffic.

    The Rockies spokesman calls it a DOS attack.  Nice way to redefine that term.  I seriously doubt anyone attempted to deny service - everyone wanted tickets.

    At one point it was reported (though I can't find a link) that a "trojan" was released shortly after 10AM.  Yet this lady got her tickets @ 10:35.  Trojan my butt.  And which was it anyway?  A known trojan and you were negligent by not having properly patched servers?  Or is it a new trojan that the security community will soon know about?

    Even plain old fashioned load balancing was apparently not working correctly

    The red sox opted for a much simpler lottery system which notified lottery winners so they could purchase tickets. 



  • If by "DoS attack" they mean 1 million people all hitting their site at once.  There's no doubt in my mind that it was caused by transactional locks on the database due to poorly written SQL.



  • Reminds me the french pools for the president. A belgian television site was putting results online before the french law officially allowed to diffuse result in France (because polling offices were not yet all closed). As a result, lots of french people where reloading their browser to get the partial result on the belgian television website. Now It's calibrated to handle traffic of Half of belgian country (about amount of people speaking french in Belgium), not calibrated to handle the full traffic coming from France..... The owners spoke about a DDos attack coming from France :s
     



  • I can't wait to see what would happen if the site were linked to by Slashdot.



  • These companies are so quick to point the finger to "hackers" when the problem is their own sloppy code and inability to prepare for everyone hitting the server at once.  You know, everyone makes mistakes, just say you encountered unprecedented demand and the server was overloaded, but you increased capacity and it is now working.



  • Except the same thing happened again today.  Damn hackers!!



  • @Salami said:

    These companies are so quick to point the finger to "hackers" when the problem is their own sloppy code and inability to prepare for everyone hitting the server at once.  You know, everyone makes mistakes, just say you encountered unprecedented demand and the server was overloaded, but you increased capacity and it is now working.

    Virtually every incident blamed on "hackers" by some corporation is exactly the same. The number of times when the "victim" is not pretty much responsible for what happened (usually through negligence) is vanishingly small. You're considerably more likely to get beaten to death by a cop. Also, virtually all the real attacks are against financial institutions, and are fraud or grand theft (and are prosecuted as such, not as "hackers").

    (I am of course ignoring internet-spanning trojans/worms; I'm talking about directed attacks on specific targets, not environmental damage)



  • DENVER – The FBI has told 9Wants to Know the Colorado Rockies have not contacted them about any possible computer crime. The U.S. Secret Service and the Denver Police also say the Rockies have not contacted them about any attack.

     

    http://www.9news.com/news/local/article.aspx?storyid=79591



  • Reminds me of free ozzfest tickets.

    And $100 Xbox 360s on Amazon.com.
     



  • Now it is official!



  • The only thing "official" about it is that some quasi journalist swallowed the story. If enough people keep saying it, it will be believed. Nobody's going to prove anything. They'll chalk it up to "those nasty hackers" and not "those lowest-bidder contractors" and that'll be the end of that.


Log in to reply