Sent from my iPad

On Jun 8, 2010, at 3:30 PM, Brielle Bruns <br...@2mbit.com> wrote:

> On 6/8/10 2:12 PM, Dave Rand wrote:
> 
>> It's really way, way past time for us to actually deal with compromised
>> computers on our networks.  Abuse desks need to have the power to filter
>> customers immediately on notification of activity.  We need to have tools to
>> help us identify compromised customers.  We need to have policies that
>> actually work to help notify the customers when they are compromised.
>> 
>> None of this needs to be done for free.  There needs to be a "security
>> fee" charged _all_ customers, which would fund the abuse desk.
>> 
>> With more than 100,000,000 compromised computers out there, it's really
>> time for us to step up to the plate, and make this happen.
> 
> 
> Problem is, there's no financial penalties for providers who ignore abuse 
> coming from their network.
> 
Problem is there's no financial liability for producing massively exploitable 
software.
No financial penalty for operating a compromised system.
No penalty for ignoring abuse complaints.
Etc.

Imagine how fast things would change in Redmond if Micr0$0ft had to pay the 
cleanup costs for each and every infected system and any damage said infected 
system did prior to the owner/operator becoming aware of the infection.

> DNSbl lists work only because after a while, providers can't ignore their 
> customer complaints and exodus when they dig deep into the bottom line.
> 
> We've got several large scale IP blocks in place in the AHBL due to this 
> exact problem - providers know there's abuse going on, they won't terminate 
> the customers or deal with it, because they are more then happy to take money.
> 
> Legit customers get caught in the cross-fire, and they suffer - but at the 
> same time, those legit customers are the only ones that will be able to force 
> a change on said provider.
> 
> They contact us, and act all innocent, and tell people we're being 
> unreasonable, neglecting to tell people at the same time that the 
> 'unreasonable' DNSbl maintainer only wants for them to do a simple task that 
> thousands of other providers and administrators have done before.
> 
> -- 
> Brielle Bruns
> The Summit Open Source Development Group
> http://www.sosdg.org    /     http://www.ahbl.org

Reply via email to