posted on January 3, 2001 06:06:12 PM
I found some interesting info concerning outages and security in eBay's Form 10-Q Quarterly Report which was filed with the United States Security and Exchange Commission on 11/09/2000. The filing is located here:
http://www.sec.gov/Archives/edgar/data/1065088/0001095811-00-004475.txt
Under the section entitled RISK FACTORS THAT MAY AFFECT RESULTS OF OPERATIONS AND FINANCIAL CONDITION I have copied part of the relevant info. The bolding is mine.
Page 26
UNAUTHORIZED BREAK-INS OR OTHER ASSAULTS ON OUR SERVICE COULD HARM OUR BUSINESS
"Our servers are vulnerable to computer viruses, physical or electronic
break-ins and similar disruptions, which could lead to interruptions, delays,
loss of data or the inability to complete customer transactions. In addition,
unauthorized persons may improperly access our data. WE HAVE EXPERIENCED AN UNAUTHORIZED BREAK-IN BY A "HACKER" who
has stated that he can in the future
damage or change our system or take confidential information. We have also
experienced "denial of service" type attacks on our system that have made all or
portions of our website unavailable for periods of time. These and other types
of attacks could harm us. Actions of this sort may be very expensive to remedy
and could damage our reputation and discourage new and existing users from using
our service."
Page 31
SYSTEM FAILURES COULD HARM OUR BUSINESSS
"Substantially all of our computer hardware for operating our services
(other than Half.com) currently is located at the facilities of Exodus
Communications, Inc. in Santa Clara, California and AboveNet Communications in
San Jose, California. The computer hardware for the Half.com service is located
in the facilities of Level 3 Communications in Philadelphia, Pennsylvania. These
systems and operations are vulnerable to damage or interruption from
earthquakes, floods, fires, power loss, telecommunication failures and similar
events. They are also subject to break-ins, sabotage, intentional acts of
vandalism and similar misconduct. WE DO NOT MAINTAIN FULLY REDUNDANT SYSTEMS or
alternative providers of hosting services, and we do not carry business
interruption insurance sufficient to compensate us for losses that may occur.
Despite any precautions we may take, the occurrence of a natural disaster or
other unanticipated problems at any of the Exodus, AboveNet or Level 3
facilities could result in interruptions in our services. In addition, the
failure by Exodus, AboveNet or Level 3 to provide our required data
communications capacity could result in interruptions in our service. Any damage
to or failure of our systems could result in interruptions in our service.
Interruptions in our service will reduce our revenues and profits, and our
future revenues and profits will be harmed if our users believe that our system
is unreliable."
Page 38
OUR BUSINESS IS SUBJECT TO ONLINE COMMERCE SECURITY RISKS
"In addition, a party who is able to
circumvent our security measures could misappropriate proprietary information or
cause interruptions in our operations. AN INDIVIDUAL HAS CLAIMED TO HAVE MISAPPROPRIATED SOME OF OUR CONFIDENTIAL INFORMATION BY BREAKING INTO OUR COMPUTER SYSTEM. We may need to expend significant resources to protect against
security breaches or to address problems caused by breaches."
It's amazing what wonderful little tidbits of info you can glean by reading this report.
posted on January 3, 2001 06:12:26 PM
None of this is unique to eBay. It's a system failure and affects both backup and the regular system. Someone is bound to get their sorry selves in deep trouble over this one.
posted on January 3, 2001 06:18:12 PMsillylovesongs, you're welcome.
mballai, I especially liked the part about the UNAUTHORIZED BREAK-IN BY A HACKER and, although not relevant to the crash, the part about AN INDIVIDUAL HAS CLAIMED TO HAVE MISAPPROPRIATED SOME OF OUR CONFIDENTIAL INFORMATION BY BREAKING INTO OUR COMPUTER SYSTEM
posted on January 3, 2001 06:22:20 PM
Actually, I find that SEC filing sort of interesting. Maybe eBay should start thinking about a wholesale upgrade of their system? Then again...with the luck they have upgrading or screwing around with their system, they my blow up the whole damn internet! heehee
posted on January 3, 2001 06:39:39 PM
As a securities paralegal I read about 200 10-Qs every year. I also had the dubious honor of participating in the "due diligence" process in connection with IPOs and mergers of several multinational intellectual property organizations. The language you quote is standard in both. Law requires the company in question describe in almost lurid detail the absolutely worst-case scenario imaginable. Just about the only thing not covered is interplanetary war.
I suggest before you start drawing conclusions you read a couple other tech-related companies' SEC filings. Almost all of them read like this; the ones that don't have found it cost-effective to invest in the backup systems and insurances described. Many businesses do not, having concluded that the potential cost of the problems described is less than the actual cost of preventive measures, even assuming such measures would work at all.
posted on January 3, 2001 06:49:07 PMHCQ, I realize the filings need to cover just about every possible catastrophic occurrence but is eBay's admission concerning the hacker and the subsequent security breach just hot air or is it true? I can't imagine them mentioning such a thing if it didn't happen.
posted on January 3, 2001 06:52:51 PM
As well as I recall, there was a thread about a month ago discussing this very scenario. I think the thread started right after Ebay ended the auction for Kevin Mitnick's prison i.d. card. Some of the posters at the time were wondering if Ebay's action might have ruffled the feathers of some of Kevin's buddies.
The light at the end of the tunnel will turn out to be an oncoming train.
posted on January 3, 2001 06:59:57 PM
I can't help but titter over this.
I don't think, that with all of the outages that ebay has been having as of late, that it would not be cost effective for them to have even a partial backup system. They obviously have three sites, why can't they drop backup systems for certain aspects of their auction site in Philly with half.com?
And then I wonder...What would these .coms that trade on Nasdaq, who have decided that failover isn't worth it think if Nasdaq suddenly decided that Disaster Recovery was unnecessary? And then something happened to the production site that rendered it impossible to run the systems there?
*teehee*
And yeah, I know the SEC requires Nasdaq to have Disaster Recovery capability.
Sorry, I'm insanely rambling here. While nothing has required production to failover to DR, we have had some interesting minor disasters befall the DR site which required the shutting down of all unnecessary systems. (Major power outage, one generator blew up, imagine running an entire computer floor on one generator...)
posted on January 3, 2001 06:59:57 PM"AN INDIVIDUAL HAS CLAIMED TO HAVE MISAPPROPRIATED SOME OF OUR CONFIDENTIAL INFORMATION BY BREAKING INTO OUR COMPUTER SYSTEM"
Gee....maybe we should have believed some of those bidders who claimed that they didn't place their bid and swore that NO ONE else knew their password...... Wouldn't you really like to know????
posted on January 3, 2001 07:02:01 PM
I'm wondering if eBay's current problems are related to a Denial Of Service Attack or some other hacker's game instead of an internal system malfunction? These Denial Of Service Attacks were predicted for Jan 1 but maybe they decided to wait until everyone felt secure.
posted on January 3, 2001 07:16:23 PM
All of that text in the SEC filings is pretty standard stuff in just about every internet companies filings. It pretty much a cover your ass legal manuever, very common.
The truth;
OUR ENGINEERING STAFF IS ABSOLUTELY INCOMPETENT
I wish they did have just one smart 15 year old on staff then things would be greatly imroved.
posted on January 3, 2001 07:20:13 PM
Gee, I think one possibility that's being overlooked is that ebay's IT folks are less than capable, haven't kept up with recommended software/hardware upgrades from SUN and have created a monster with their coding with patches upon patches. Think that might be possible?
posted on January 3, 2001 07:34:12 PM
Quite sorry, I was probably too negative in my previous post. I mean, all major sites go down for 7 or 8 hours at a clip, don't they? I'm just having trouble remembering one that did.
posted on January 3, 2001 07:38:27 PM
FACT - I get a letter from YAHOO! auction that they are charging a fee starting Jan 10th (NOT ME!) FACT - ebay crashes within the hour of those YAHOO! news letters! FACT - Business is Business BOYS! think about it!
posted on January 3, 2001 08:00:44 PM
I came back here tonight to see if I could get some information as to what was causing eBay's outage. My gut feeling is that this time it isn't eBay's incompetence. Seems like there are bigger problems out there tonight. In fact, I can hardly get into Auction Watch to read the messages being posted here. Not sure what's going on, but I hope they get it fixed soon.
[ edited by Wedgewood on Jan 3, 2001 08:02 PM ]
posted on January 3, 2001 08:07:50 PM
"Interruptions in our service will reduce our revenues and profits, and our
future revenues and profits will be harmed if our users believe that our system
is unreliable."
Ladies and gents, I think the above may explain a lot of the blather about the so-called "Hot back-up" that eBay was strutting about a while back. Can we give Meg the NEG.?
On another note, about the hacker,I posted a few days back an ad by a spammer who was selling a CD-ROM with over a million email addresses taken off eBay.It says as much in the ad. I started noticing spam on my autorized ebay address a month or so back.
It just seemed to be coming in waves before I got the spam blocks on. Still leaks some. If anyone is interested I can get the ad and bring it over here. I think the's A LOT that eBay is not telling us.
posted on January 3, 2001 08:22:35 PM
NOTE: Below is the text to the spammer ad that I got. Please note the million +ebay addresses. Hacker or simply the old "hard way" ? It's curious that Ebay suddenly decided to go on the offensive for Spam,don't you think?Spammershave been around for a looong time.Sort of like they had expected something like this???
You've heard of spamming, right? It's that nasty word that makes
some people shudder. It is also the easiest, quickest way to make
a six figure income on the Internet. By far.
You've probably recieved quite a few email advertisements promoting
a variety of products. This is called spam. It will get you kicked
off your ISP, result in your website being shutdown, and make you
about $25,000 per month if you do it right.
I used to run a "normal" web business. I sold on ebay and submitted
my site to the search engines. I waited and waited for the hundreds
of orders that would fill my bank account with cash - but I was lucky
to get two orders per week. And that was a good week. Ouch! - was
losing money, so I had to make a change.
The change was bulk email (also known as spam). Using this form of
marketing, I now send half a million messages to potential customers
like you each week. Most of these people will never order anything,
and some folks win complain to my ISP or reply with a nasty email.
So what. If only one in every thousand places an order, and my profit
margin is $20.00 on each product, then I will make $10,000 this weekend.
Not bad for a few hours of work. With a little higher response rate,
I could make $20,000 or more. If I send out twice as many emails, I
could make upwards of $50,000.
$50, 000 in one weekend.
I've done it before. It's not hard at all. If you have a decent product
to sell, you will make this type of money with little effort once you
know a few basic techniques.
You are probably thinking to yourself "But I don't have any products
to sell. Heck-, I don't even own a business!"
No problem! Finding a product is a piece of cake. The first place to
start is with yourself - do you have any special knowledge or skills?
If so, write a short handbook or manual on the topic and start selling
it! Believe it or not, people will pay good money to learn your special
skill, or even gain some valuable insight. Information is the hottest
seller on the Internet - why else would anyone surf the "Information
Superhighway"?
If you own a business or have specialized knowledge in a certain field,
chances are high that other business owners could benefit from your
ideas and leam from your mistakes. Why not help them? Heck, I started
out just like you, looking for something to sell, and now I sell this
package, that teaches people like you how to get started Bulk Emailing,
information I picked up from my own experiences!! Start your own
lucrative consulting service by using bulk email to find prospective
clients. If you email half a million folks a week, surely some of them
will want to benefit from your expertise.
If you don't have any special skills and knowledge, it's still easy to
find something to sell. You can visit an online auction site and buy a
product with "resale rights", allowing you to resell it without paying
royalties. Or, you can sign up for an affiliate program and use bulk
email to sell someone else's product, while paying a small commission.
Don't worry, the Bulk Email Launchpad contains links to plenty of
affiliate programs and auction sites.
Anyone, and I repeat ANYONE, can find an awesome product to sell on the
Internet in just a few hours!! Regardless, I am going to include a
softwqare program and ad with your BULK EMAIL LAUNCHPAD that you can
begin selling immediately!!!
Bulk email is the premier way to market your new product, service, or
idea. You will reach hundreds of thousand, perhaps millions, of fellow
Internet users without paying any overhead costs. Say goodbye to
expensive banner ads, auction listing fees, and overpriced classified
ads - you'll pay NOTHING!
I have known amateur spammers who make a few thousand dollars a week
when first starting out. I have known professional spammers with a seven
figure income after just a few months of learning the ropes. I personally
average about $25,000 a week working two hours a day from my home.
You're probably thinking, "Okay, so why are you writing to me?'
Simple. I want to share my knowledge. I support bulk email when so many
others oppose it, and I dream of creating a LEGION of Internet spammers
who profit from this truly remarkable and unique method of advertising.
Plus, I want to make a buck. And I expect to sell a thousand of copies of
my Bulk Email Launchpad this Weekend!!
I have written this handbook specifically for people like you who don't
have a lot of specialized computer knowledge. You always knew the Internet
was a goldmine, but you never had the tools or the know-how to fmd the
gold. Well, this is your chance!
You will learn the proven techniques that I use every day to make a seven
figure income with bulk email. I will take your hand and walk you through
every aspect of the process, from selecting a product to sell, to downloading
the software programs you need and setting up your very first email campaign.
The key to bulk email being a powerful mailing list, I will show you how to
put together a huge list of customers specifically targeted for your products.
I personally guarantee that you will start your own bulk email campaign
less than a week after reading the Bulk Email Launchpad!
Here are just a few of the techniques I will teach you...
--Where to find a hot product to sell on the Internet
--Where to get the software you need to become a spammer, including
download links for some of the best email extraction programs and
mailing programs available.
--How to protect your ISP and website from being shut down, thus
maximizing your uptime.
--How to obtain a merchant account so you can accept credit cards
from your customers. I also show you how to set up a basic website
with an ordering page.
--How to deal with complainers and "flamers" who don't approve of bulk email.
--How to harvest a huge list of customers targeted to your specific
product or industry.
--How to handle the huge volume of orders you will recieve from each
campaign, and the importance of good customer service to these folks.
--How to set up your first spam campaign in under 7 days with
step-by-step, thorough instructions!
Here is a complete listing of the chapters included in the Spambook:
Part 1: Introduction
Section 1: Is it legal?
Section 2: In defense of bulk email
Section 3: Why use bulk email marketing?
Section 4: Types of bulk email marketing
Section 5: The mindset
Section 6.- What to expect
Part II: Getting Ready
Section 1: What you need
Section 2: Finding a product to sell
Section 3: Developing your strategy
Section 4: Choosing an email exftctor
Section 5: Choosing a bulk mailer
Section 6.- Where to find email addresses
Section 7.- Websites for bulk email - To build or not to build
Part III: Protecting your ISP - Staying Online
Section 1: Protect your ISP
Section 2: Protect your Website
Section 3: The importance of percentages and response rate
Section 4. Psychological factors
Part IV: Let the Spam Begin!
Section 1: Your First Spam
Section 2: Customer Service
Section 3: Handling Your Orders
Section 4: Keeping track of sales
Section 5.- Removing complainers
Section 6.- Conclusion -- Putting it all Together
***BONUS-- I will also include a step-by-step guide to starting your
very first email campaign called "Bulk Email Success in 7 Days".
This seperate guide contains a daily routine for you to follow with
specific, exact instructions on how to get started. On day one, for
example, I teach you where to find a product to sell. The next day you
learn how to build a fresh mailing list. On the seventh day, you just
click send! Your very first campaign is ready to go.
As Another BONUS, you will recieve a FREE copy of our Bulk Email
SuperStealth, a very powerful bulk email program which retails for
$49.99! In addition, you will receive a link to download ANOTHER
larger, even more powerful mailing program FOR FREE.
Stop wasting your money on auction listing fees, classifieds, and banner
ads - they don't work, and never will! If you are SERIOUS about making
money on the Internet, bulk email is your only option. What are you
waiting for? Few of us are willing to share this knowledge, but I promise
to teach you everything I know about bulk email in this extraordinary
spammer's handbook ... The Bulk Email Launchpad!
Bulk Email Launchpad
--All provided with easy download links
--Bulk Email Launchpad
--Bulk Email Success in 7 Days
--BONUS#1 Bulk Email SuperStealth
--BONUS#2 Professional-grade Email Software
Bulk Email Launchpad + 1,000,000 Ebay Addresses
--All on CDRom, mailed to you
--Bulk Email Launchpad
--Bulk Email Success in 7 Days
--1,000,000+ Ebay-derived Email Addresses - THE BEST!!! These people
are BORN TO SHOP, with credit cards in hand!!!
--BONUS#1 Professional-grade Bulk Email Software
--BONUS#2 Professional-grade Email Address List Management Software
(crucial for dealing with your "removes", filtering, etc.)
We are so confident that you will love our products that we
offer a full 30-day, money-back guarantee.
Wouldn't you really like to know????
