Category: Rants

  • Patently evil

    Mark Curphey, a really smart guy I respect for his work founding OWASP and creating the first edition of the Guide, lost a goodly percentage of my respect today:

    I did some patent review work in Dallas recently. I traded my security consulting time to a company who in return provided their legal firms time for my patents. I have been living and breathing patent strategies for the last few weeks.

    One of our advisors sent me back comments to a provisional “elevator pitch” I put together. As always brilliant feedback and very valuable suggestions. Surround yourself with brilliant people and its hard to fail!

    As a customer of many companies, the thing I worry about the least is whether they’ve spent effort on things which add no value to me. I worry extensively about small companies that invest valuable time and money on worthless pursuits, such as patents or marketing when there’s no products to be had. Of course, this list is missing the vast majority of the real wasters.

    There is no point in investing in or buying into any company who burns valuable startup resources on worthless evil patents. Focus on beating your competition by simply being better than them or offering a unique service… and then do it again a little later so your competition still has to catch you. The world does not owe you a 17 year license to sit on your arse, milk consumers and stifle competition.

    Patents are evil on so many fronts, it’s hard to list them all. Here’s some that come to mind:

    • Money is wasted on patent lawyers. Patent lawyers are a pestilence on society. Sorry, Jeff, but I’m so glad you got out of that game
    • Patents add no value to the economy of ideas or the general economy. They produce no value to a nation’s GDP, but hold back competition and a natural market’s growth
    • Patents are an anticompetitive weapon to squish competition who came up with fundamentally the same idea as you but foolishly or bravely chose not to patent the patently obvious
    • Patents are not assets until they earn income by squishing the competition or milking other companies for licensing fees, milking the consumer or pure extortion cos they have no choice but to buy from a limited, stifled market. Patent battles are only useful after point (1) has wasted a six figure to seven figure sum for your average fight on worthless patent lawyers and mucky court battles.
    • Sooner or later, all the patentable ideas will have been patented (many patents already significantly overlap), and it’s just who has the most serious patent lawyers and deepest pockets who can dictate who can innovate or provide services.

    This is wrong. Imagine how many schools and hospitals could be built in third world countries for the value of the patent battles and licensing fees in the Valley alone. Patents are an insufferable evilness and must not be allowed to pass.

    Mark, there’s no point in trying to ensure you don’t fail, you’ve already failed for being the latest sucker to take the poisoned patent chalice. You founded OWASP on the basis of openness and inclusion in an industry notorious for its secretive and proprietary ways. Reconsider before joining the dark side.

  • It’s not opinion, Richard

    For the second time, I helped SANS compile their Top 20. I don’t know about the other sections, C1 is primarily my section. As always, there will be knockers. However, I was a bit surprised about one contrarian, the normally interesting and challenging Richard Bejtlich. Richard writes:


    As far as the nature of the list goes, it’s important to realize that it’s based on a bunch of people’s opinions.

    Actually, no. My section is based upon hard core data from MITRE, as will the forthcoming OWASP Top 10.

    MITRE web app sec data

    The only entry which I forced into SANS Top 20 is CSRF because it’s REALLY important to fix over the next 12 months. We only get so many chances to speak to this particular audience and CSRF deserves attention. The OWASP Top 10 also has CSRF. Remote File include, which affects PHP more than most, is EXTREMELY heavily attacked. It’s actually the primary attack vector for PHP stacks. It belongs in the list. My mum can discover XSS – it belongs in there. SQL injection can be found via automated means and this is the worst bit – we have methods to utterly avoid it – if only devs would stop using vulnerable API! rdbms_query() should simply not be supported in future PHP releases. And ditto for other languages and frameworks.

    Worse still, Richard misses the forest completely when he says that “… it’s called an ‘attack targets’ document, since there’s nothing inherently ‘vulnerable’ about …”. It doesn’t really matter if it’s a weakness, action item, vulnerability or attack. If it’s something you should know about, it belongs in there. Like phishing, like webappsec, and so on. Don’t play semantics when people are at risk. That’s the job of cigarette and oil companies.

    It’s basically impossible to find out how much certain types of attacks net criminals, or how much pain identity theft victims suffer, or how much a life is worth when an attack takes out vulnerable biomedical equipment. I’d rather have my blog spammed by hundreds of scripts than one single skilled and motivated attacker take over the host this blog resides on due to security defects in WP. A simple numerical attack number is useless. A simple $$$ figure is going to be wrong and misleading. It’s impossible to *rate* attacks.

    We must do it via vulnerabilities discovered, and I’ve done that.

    So for us, MITRE data is as good as it’s going to get, and I’ve used that for the top 4, plus one item which is going to be the major form of weakness/vulnerability/attack as folks work out how horrible it is to use CSRF resistant software, and it’s going to get worse when Ajax enabled apps do *everything* via XHR, rather than just a subset of their functionality.

    Rohit did a great job herding many, many cats. I really wanted 10 things in there for developers to check and do as web app sec vulnerabilities are now the Top 11 or so attacks. But SANS is a system administration resource, and thus they turned the focus around for system administrators. Fair enough. That’s why we have links to OWASP for those folks who need it.

    For Richard to state that the SANS document is my opinion, I don’t think so. I concentrated heavily on fact. In other related news, the OWASP Top 10 is nearing that happy point when it will need peer reviewing. If you’re interested, come join the Top 10 mail list at OWASP.

    ps. that graph above although it is the MITRE data does not indicate the Top 10 headings. We’ve got something special for you all! 🙂

  • Attack vector for Windows Genuine Disadvantage

    The other day, WGA decided that my volume licensed copy of Visio was a pirated copy. This is laughable… and annoying. Luckily, the situation sorted itself out; I have Visio 2007 installed and I was able to use that until Microsoft used the rubber hose on WGA’s servers.

    But it got me to thinking how a hostile Trojan could cause massive disruption. Product IDs are easily tamperable. If the user is an administrator, all a Trojan or virus has to do is change the Product ID for Microsoft products (Windows, Office, etc) to random values. It doesn’t need to set it to known pirated Product IDs, but just random ones. These are unlikely to validate under WGA, and millions of folks will end up with software which can open, but not print or save documents. Or in Windows’ case, not boot after 30 days.

    Microsoft’s only solution for this would be a massive program of issuing new ProdIDs to legitimate customers at a massive cost to everyone (including Microsoft), or to give up on WGA altogether.

    If product IDs are susceptible to change, and they are, they must be better protected by the WGA process. If I’ve thought of this, and I’m not precisely hostile, imagine what the organized crime dudes can do.

  • How many inaccuracies can a single song contain?

    I don’t know about you, but I find artists who know very little of what they complain about frustrating. I am not talking about irony and the lack of it in Ironic by Alannis Morrisette, but I wish I was a punk rocker (with flowers in my hair) by Sandi Thom. If you’re a fan of this song, please don’t get me wrong, it’s a nice song, but it’s woefully inaccurate.

    In the olden days, scientist philosophers like Galileo, da Vinci, Newton and Franklin were masters not only in their respective fields and great minds, but accomplished authors, musicians, artists, and in Franklin’s case, statesmen. As with most of my geeky friends, we are passionate authors, voracious readers, keen collectors of music and often musicians in our own right, love museums and galleries and the arts. However, many “artists” do not respect our arts and sciences.

    Let’s go through a few of the foibles of this song:

    • “In 77 and 69, there was revolution in the air”    Where? In 1968, there was the France student riots and Prague Spring, of which only one, the French student riots made any difference with an election being called. In 1969, besides the Viet Nam war, very little revolution happened. Maybe she’s talking about Woodstock. 1977 was the beginning of the Sandinista revolution in Nicaragua, and the seeds of the Iranian revolution, but hardly progressive revolutions as the singer calls it out. The song’s main theme is punk (anarchy) and flowers in the hair (the hippy / free love movement), which is an expression of baby boomers “me me me” selfishness despite its best intentions. We owe a huge debt to the hippies for freeing up attitudes but little else. Anarchy exists today – see Darfur and a host of other hot beds of human misery and crimes against humanity. No one can claim to want anarchy without understanding what it truly represents. 1977 saw the release of Never mind the bollocks… by the Sex Pistols. Punks hated the hippies, so I’m unsure of why she wanted to be both. Anyway, disco / techno won the battle, not punk 😉
    • “Not everybody drove a car”    This is still true today, and if anything, anti-car choices in the major metropolises of London and so on make it very difficult for people to drive to where they’re going. The car is a symbol of freedom and personal mobility, so I’m not sure why this is a bad thing. The days of most people not owning a car or the ability to drive are long, long gone. This is more of a pre-World War II thing. My grand parents owned cars from the end of the war onwards. Certainly, by the end of the 1960’s most families had at least one car and it was an essential part of life.
    • “When accountants didn’t have control”    This is especially amusing. A&R and accountants in the music industry have been entrenched for years. In Dirk Gently’s Holistic Detective Agency, written in the early 1980’s, the main protagonist fought against the A&R types and noted with extreme wit that music contracts were the devil’s work. This didn’t happen overnight. This is not a product of today’s society, but that of the exploitative music industry she so bitterly complains about.
    • “And the only way to stay in touch was a letter in the mail”    This is also particularly funny. Although I’ve personally only written a couple of actual letters to friends, and none in the last 17 years of being on the Internet, the phone system has been around for quite some time. Telegrams predated the phone system by the some considerable time; the first Atlantic telegraph line was completed in 1858, some 111 years before 1969. It was possible to call internationally from the 1920’s onwards with the laying of submarine cables, and from the 1960’s onwards with the launch of Telstar in 1962.
    • And the super info highway was still drifting out in space    The network that became the first nodes of the Internet were established in 1969 as ARPANET. It has only recently been extended to our local solar system – with a modified form of TCP/IP used to communicate with the Mars Orbiters to form the interplanetary internet (see http://www.ipnsig.org).
    • When record shops were still on top/And vinyl was all that they stocked    This ignores the 8 track (from 1965 onwards) and the compact cassette (from onwards), both of which were popular in 1969 and 1977 respectively.

    Although this song appeals to those hankering after a time long ago, the time the chanteuse desires never existed. I wish that artists were a bit more respectful of history and less hostile to modern life. I’d rather be alive now than living in the past; the world is a beautiful place and it is what you make of it.

    Boomshanka, peace.

  • The land of ouchy hamburgers

    I’m working on tomorrow’s presentation to a major ISV. I don’t really have time to pop out and eat properly, so I order in. Most of the time, I don’t like doing this as the food often comes a bit cooler than I would like, the salads a bit limp and it’s always overpriced.

    I look in the room service book, order up a burger and fries with some Pepsi, and as I’d skipped lunch, a cheesecake and some coffee to wash things down. I mentally add up the individual elements and I think it’s going to be about $30, which is well under my work’s spending guidelines if a bit expensive for my tastes. A similar meal down the road at Maccas followed by a trip to the Italian cafe would cost me no more than $15 if I knew where the Maccas was.

    I was a bit shocked to see the price in my room: $57 USD (about $80 Australian!). For a burger, drinks and a small dessert.

    They had slugged me for tax, 20% service (even though it was delayed AND the meat patty had congealed), some other taxes on top of the mandatory gratuity, and expect me to put an additional gratuity on top of that. So I round up to the nearest dollar, a “tip” of $0.13.

    Man, this place sucks. Can’t wait to get to Vegas.

    Andrew

  • eBay: do not recommend, waste of time

    Well, I’ve just had my first experience with eBay of being kicked in the teeth for being honest. I’ve been a member for six years, and until last week, I maintained a perfect 100% reputation basically by being me in all my dealings. Here’s a hint – it’s simply not worth it as eBay will not back you up when the going gets tough.

    A woman wins one of my four auctions last week. She bid several times on a table setting, comes to my place, asks to measure the table in a lame effort to prove that the table is smaller than I said in the listing, and says she doesn’t want it as it’s too narrow and she likes to spread out. She then leaves.

    Sorry lady, on eBay, like all auction houses, if you bid on it and you win it, you own it. So I leave her negative feedback for abandoning the sale:

    Refused item even though exactly as described and as per photos. Not recommended

    She then leaves negative feedback for me, but in her case, she lied:

    item failed to meet description. do not recommend, waste of time

    This is a laugh as:

    0) the description is accurate (8 seat table with 6 chairs). The table can seat eight if you must, but six is about right.
    a) the description of the condition is accurate (as new, with minor dints from regular use)
    b) there’s photos of the item including a photo of the only chair which has (cleanable) marks
    c) there’s accurate measurements in the questions area five days before the auction ended for all to read

    I complain to eBay. They suggest asking her to withdraw the feedback. I do so, even though I know she wont. She didn’t. I complain again to eBay. They tell me that due to US law, they can’t remove even slanderous postings. Sorry fellas, Gutnick proved that Victoria, Australia defamation law trumps US defamation law. All the way to the High Court. eBay have a responsibility to deter and remove slanderous postings when they occur, and not hide behind some lame interpretation of US law which simply doesn’t apply here.

    So what’s eBay’s final offer? Ask the liar who didn’t pay for her winnings to mutually withdraw the negative feedback. I’m loathed to do this as a poor rating is a good warning to other sellers / buyers that all is not well with that person. But I want my 100% back for exactly the same reason, and I’m buggered if I’m going to pay some shiny arse lawyer $20k or more to get a clean eBay account again through winning a defamation case.

    Six years of being “me” down the drain.

    So if you want to be treated nice at eBay – shit all over the other sellers. There’s nothing that eBay will do to you. At all. eBay is not the good guy’s friend. do not recommend, waste of time.

  • Moronic security is a risk in itself

    There must be a special breed of moron common in the physical security world. Much is made of how secure many office buildings are, but this is not my experience as a gifted tailgator.

    Today, after 14 months of waiting, I managed to get a car park in my building. I am chuffed as it is nice to have a fast easy way to get to work. I know I am lucky** as many people would like to park there, but there’s a … 14 month waiting list. That’s not why I write.

    My spot is on level 2. I work on level 3. The benefits of parking so close should include not having to go out in the crappy weather – what with a short lift ride between the two floors. However… moronic “security” comes to the rescue and ensures that this is not to be.

    Upon entering the carpark in my car, I can only exit via the lifts as the emergency exits are alarmed. I enter the lifts, swipe my card and press “3”. Nothing happens. It turns out I have to press “G” (ground in Australia = “1” in the US), and exit the building completely, walk *all* the way around it, re-swipe my access card to re-enter the building … walk to the same lifts, and then press “3”. I am not making this up.

    It makes no sense. I am authorized to be in the car park *and* the building. But I can’t transit one floor.

    kurios119.jpg

    (Image from Bruce Schneier’s excellent blog. See links to the right and subscribe to his blog and Cryptogram!)

    This sort of stupidity makes people disrespect actual security measures. Until we can eliminate morons in the “security” industry, real security will always be worked around. We’re all seen as fools until we rid ourselves of fools.

    ** For environmentalists reading this… I have a tiny fuel efficient car (Citroen C3), and I carpool with my girlfriend, so it’s not just a single person clogging the roads. It’s two people clogging the roads and dirtying the air. However, it’s faster and cheaper for us to drive than to take public transport, even when you take into consideration the cost of parking, fuel, depreciation, insurance, and other running costs. Peter Batchelor needs to improve public transport in the west of Melbourne. It should *never* be cheaper or faster to drive in compared to public transport. But whilst it is, I’ll drive and park at work.

  • Why Apple will never win the desktop dominance battle

    For the last few months, I’ve been battling a debilitating issue with my Apple G4 laptop. It has narcolepsy. The trackpad in many G4 laptops contains a faulty temperature sensor. It normally reads -16 to 4 C (which is wrong), but the operating system monitors it. From time to time (and for me all the time), the sensor will register -150 C to +260 C.

    When this happens, the OS puts the computer into emergency sleep. There is no way to turn this behavior off.

    This has not been the only battle with faulty hardware. My laptop lost half its memory shortly after I acquired it, and this required a new logic board to remedy. But not before Apple tried replacing all the RAM several times. In the end, it took Apple four or so weeks to get a new logic board. Luckily, I could struggle through with half my memory. Imagine if it was dead.

    Well, that’s where we are today. My laptop puts itself asleep almost continuously now. I can barely get 10-20 seconds out of the laptop. For all intents and purposes, it’s a $3600 silver hunk of crap.

    Apple in their infinite wisdom, must *see* the laptop fail. There are no Apple dealerships near me. I cannot easily take time off work. The Apple dealers which are open late do not have any service staff on after hours. You get the picture. I have the logs dating from January. I have the Apple support article. I know the part number. I can show the temperate sensor readings and the obvious places it goes crazy. Apple will not believe me because they haven’t seen it fail. Well, I finally managed to find some time to go take it to Apple in late March when it was totally driving me nuts. It’s now nearly 12 days later, and I still have a faulty computer.

    Compare this to the last Dell I had (I’ve had three). One morning, my hard drive crapped out. I rang them at 9 am to report the issue. The tech was there at 11 am, and I was using the recovery CD at 11.15 am. Or the HP workstation I bought in the mid-90’s after my last Mac, a Quadra 650. About two years into its three year warranty, the monitor developed a fault and I rang in to get it looked at thinking I might need to drop it off somewhere. No – HP sent out a courier the same day with a brand spanking new monitor and the courier waited for me to unpack the monitor and repack the faulty monitor. Now that’s service.

    Apple wants me to pay $530 for AppleCare to continue my warranty for another two years as my warranty runs out on Tuesday. It’s obvious that I need it with this pile of steaming feces – it’s a lemon. But why should I pay for such crappy service? As far as I’m concerned as a customer, if I tell you something is not right, you just tell me when I can bring the damn thing in and you will fix it right there and then.

    But no – Apple can’t currently tell me when the required part (a new “top” unit, which includes the temperature sensor for the trackpad) will arrive, so I’m forced to wait. They don’t provide me an alternative laptop in the meantime.

    Apple – I was considering a nice new MacBook Pro. Your truly awful customer service has turned me off your products. If you can’t be bothered to stand behind your $3600 products, when Dell stands behind their $1500 products so much better, I can’t honestly justify the additional $1100 to buy your crap.

    I’m not going to buy the $530 AppleCare. I’m going to save up for a nice new shiny Dell and end my switching experience permanently. This sucks.

  • greebo.net blacklisted by various terrorist organizations

    I am pissed.

    My server has been blacklisted by various spam blacklist sites… because my nameserver (something I do not control) and my netblock is owned by someone the RBLs don’t like.

    I found out today that our hoster, Quantum Tech, is owned by a convicted spammer. But unless you rub shoulders in the dark and dingy vigilante world, it’s actually pretty hard to find out that Quantum Tech and the spammer are related. Global Web have been convicted and so they must have been forced to pay up, or else QT wouldn’t still be here. My view is that once justice has been handed out, life goes on. So like IBM and Microsoft, anti-trust convicts and other nefarious firms, once the punishment is handed out, people continue to buy from them even though their reputation has been sullied. Except that I had no idea that QT were dodgy. Saying that though, QT have provided us pretty good service for the price, and the performance of the server and network has been fine, unlike our previous hosters.

    The RBLs cannot act like some cowboy sheriff from the wild west and continue their jihad against their mortal enemies. The law has had its say. If further crimes are committed, then it’s still the law’s turn, not theirs.

    But that’s all an irrelevant red herring – my problem is not with Quantum Tech. It’s with the RBL vigilantes.

    The terrorists at Spamhaus and SPEWS are blocking my nameserver and my dedicated host’s netblock. This basically means that for ISPs – who like stupid sheep are using these services – password reset e-mails from our site do not work reliably due to the black listing. Despite the fact WE DO NOT and NEVER WILL SPAM. If the RBLs had proof that our IP or host spammed, then sure, I can understand that, but to be tarred with the feathers of someone we don’t control and don’t care to know anything about is just stupid. It’s like all the people in a state of a country being convicted of a crime because one or two people in that state actually did do that crime. Convicted by people who appointed themselves as judge, jury and executioner, with no appeals.

    I’ve had two communications so far, both dismissive of my complaint. It’s harder to get off an RBL than it is to get off a spammers mail list using the “Remove me” link. As these RBL folks act illegally, there’s no natural justice, ie no recourse to arbitration, and no mediation or dispute resolution services. Why would they? They impose their view upon the world, damn the rest. It’s creating a nuclear wasteland. More to the point, their actions are illegal.

    I did some research to see what laws they are breaking in Australia. The one that got my fancy is the CyberCrime Act 2001, which amends a bunch of criminal laws to make DoS and attacks illegal. It’s pretty comprehensive and balanced for the most part. I had a hand in getting a few changes in there whilst I was president of SAGE AU – we responded to the Senate enquiry to get system admins protected whilst they were doing their job as we remember what happened to Randal Schwartz and I personally wanted to make sure that the clauses previously protecting only Commonwealth computers was extended to all computers in Australia.

    The section which I draw your attention to is 476.2:

    476.2 Meaning of unauthorised access, modification or impairment
    (1) In this Part:

    (a) access to data held in a computer; or
    (b) modification of data held in a computer; or
    (c) the impairment of electronic communication to or from a
    computer
    ; or
    (d) the impairment of the reliability, security or operation of any
    data held on a computer disk, credit card or other device used
    to store data by electronic means;

    by a person is unauthorised if the person is not entitled to cause
    that access, modification or impairment.
    (2) Any such access, modification or impairment caused by the person
    is not unauthorised merely because he or she has an ulterior
    purpose for causing it.
    (3) For the purposes of an offence under this Part, a person causes any
    such unauthorised access, modification or impairment if the
    person’s conduct substantially contributes to it.

    Therefore, any unauthorized impairment, even for supposedly good purposes like spam prevention is illegal unless authorized. And for my system, you require my authorization, and I’m not going to give it. So effectively, SPEWS and Spamhaus are acting criminally if they block any Australian IP address or system controlled by Australians.

    But far, far worse than this is the sheer arrogance demonstrated by their faceless peons who are too cowardly to sign their own names to their e-mails.

    I asked reasonably firmly but politely that they remove their blocks:

    Hi there,

    You have placed my sites into an overreaching netblock, affecting aussieveedubbers.com, a site containing 4500 VW car nuts. None of the sites hosted on my dedicated server under my direct control are spam boxes. I detest spam, but you’re not helping … at all.

    Please carve out two IP addresses from this listing:

    69.31.39.108 – aussieveedubbers.com
    69.31.39.109 – greebo.net vanderstock.com codesqa.com

    Our nameservers will also need unblocking.

    ns1.wickedtechnology.net 69.31.33.67
    ns2.wickedtechnology.net 69.31.33.68

    If your aim is to reduce spam, you are not doing it by blocking my site as we don’t spam. All you are doing is making me very angry. For the last few months, I have been hand processing 10 or 15 password resets per day that would have otherwise been handled automatically. That’s right – your useless service is blocking 10 or 15 legitimate e-mails a day. Good work, fellas. That’ll really knock the spam problem on the head.

    If you do not fix this up within 24 hours, further action will be taken.

    Here’s their response:

    “We have placed?” How long have you been hosted on these IP addresses?

    This range was listed on Feb 05, 2004 – almost exactly TWO YEARS AGO.

    We’d suggest your talk to Mike Van Essen and his “Quantum Tech Pty Ltd”, the owner of these IP addresses, why he does not tell people, 1) that they are listed by us and others, and 2) why they are listed.

    One must have due diligence as to where one hosts.


    Regards,

    The Spamhaus Project

    Despite their arrogant imputation we are clueless noobs (“due diligence as to where one hosts”), we in fact checked out Webhostingtalk (there’s one link to “Quantum Tech” back in 2002), and read over the AUP and conditions carefully. The price was right for a dedicated host for our non-profit car forum.

    But it is completely unreasonable to think that we should perform a criminal background check against the ISP. Could you imagine every customer doing this to AOL, OptusNet, BlackBerry, or Verizon? Don’t make me laugh!

    But it still misses the point – I DO NOT SPAM. Therefore, Spamhaus and friends should get their hands out of their backsides and remove their black list. Spamhaus and friends are causing us financial loss as users can’t register on our site and they can’t recover their passwords if they forget them. Spamhaus and friends are performing criminal and illegal denial of service / impairment of our legitimate service to our Australian users provided by a legitimate site run by Australians.

    If this is not resolved soon, I will be reporting them to the police. I do not take such action lightly, but I have no choice. If you’re an admin, there’s no better time to ditch the awful RBLs and go with something that works. I will also do the ring around to my mates are various large ISPs and make sure they are not using these services. Nothing would make me happier than making Spews and Spamhaus powerless.

    If I were Spamhaus or Spews, I’d be looking seriously why their efforts have failed. I get a bucket load of spam every day, and so their approach has obviously failed miserably. As a someone who respects the scientific method, you need to evaluate your own methods and results so you can improve them over time. I personally believe that RBLs are ineffective and need to be scrapped. But most of all, they need to respect the rule of law and work with their country’s anti-spam and cybercrime laws. They are effective. RBLs are not – their days are over.

  • World of Warcraft: bigotry and interventions

    On bigotry

    As (more than) well documented elsewhere, Blizzard have some explaining to do. They selectively stamp out gay, bi, lesbian and transgender friendly activities and options (such as advertising GBLT friendly guilds or in game same gender marriage), but do not stamp out the hetero version of the same activity. Either ban both, or allow both. There is no half-pregnant.

    I think this story (found via Technorati) explains it best:
    In News Weekly

    Boing Boing is also running with it:
    Boing Boing

    WoW is littered with idiots using “gay” and “fag” as an offensive term, like “that’s so gay” or “you fag”. Yet these people are not warned or banned, as described in this post.

    Blizzard need to get their act together before someone uses their country’s anti-vilification laws to slap them upside the head and close down what seems to be a fairly popular game if some of my friends are any guide.