Your assertion is wrong:
Google safebrowsing works by comparing the URL to a local list, which
the browser downloads from Google's Servers. Browser do not send the URL
to Google for checking.
See for example
> https://superuser.com/questions/832608/what-is-being-send-to-received-from-safebrowsing
Dear Ac & Fi
That was what I was replying to Fi's comment:
> If opera (like chrome, edge or firefox) check the URL to see if it
> is "dangerous" (a phishing URL etc) then that is logged on their
> end, when it checks the database to see if the link has been
> flagged.
Re:
> It is a simple techn
I agree two years are long.
But if we assume it's always the same few black sheep that engage in
this activety, then it's worth going that route.
If that is not the case, then I would suggest to change the termination
process in a second step. We would then have good arguments supporting
this.
T
There are different things that can habbe.
What we are talking here is a breach of contract, i.e. two parties agree
on something and then one one does not stick to the agreement. This is
typically handled under civil law. The parties can agree agree to
whatever actions.
Then there is criminal law
Hi Andreas
I echo Barry's views on the research.
Some valid points, but it's a pity that you tend to void them by mostly
telling others that they are stupid.
I like your idea about studying why certain practices occur. So why not
find a University that is interested in starting a project on this
Hi All
So maybe a word from an "Incident Responder".
I do feel very much, that we should have an abuse conntact, and it
should be tested to wok, in the sense that some one reads the mail sent
there.
Here are my reasons:
- Having such a mailbox may increase the pressure for orgs to actually
do s
> Hi,
>
> On Wed, Jan 15, 2020 at 09:14:59AM +0100, Serge Droz via anti-abuse-wg wrote:
>> I kind of don't buy into "There is no point on placing a burden on orgs
>> that choose not to act".
>
> This is not what I said. My stance on this is: placing extra b
Hi All
I think we already spent way more executive time on this thread than it
would cost us to verify e-mail addresses.
I agree e-mail does not solve all the problems. It's hard to
automatically process, .
But it is simple to use, and from my work as an incident handler it did
do me good in
Hi Volker
On 16/01/2020 15:03, Volker Greimann wrote:
> isn't making the world (and the internet) first and foremost a job of
> law enforcement agencies like the police and Europol?
Law enforcement's job primarily is arresting criminals. And yes they do
prevention. But you can't stop locking your
ou
> missed the verification.
>
> I would be happy if we have a mandatory abuse-c which is validated by
> the RIPE.
>
> Rather go forward step-by-step than stop here for years. Stagnation
> means regression.
>
> Have a good night,
>
> Andi
>
> Am 16.01.20 um
Hello List
I've been, mostly passive, on this list for quite a while. I must say we
really excel in terms of abusing each other. And I agree with Ronald, we
seem to fail coming forward with even partial solutions to prevent
abuse. I am disappointed by the tone on this list. One can, and should
dis
I second that
In fact there is much more than just codified law. For example most of
the international law ha never been codified, refereed to as customary
law, but is still enforceable in court.
What we re talking about here are so called Norms: Often non-binding,
Norms describe expected behavio
Hi Javier
> Many times we have hackers perfectly located, many are kids with a lot
> of ability to annoy, but little to protect themselves (we often find
> them in forums)
>
If many hackers are kids, we don't have legal problem, but we fail as
society. I think it's beyond the scope of the WG to
HaHa
> Your post brought a smile to my face.
So I already made the world a better place ;-). And I'm a bit surprised
by your statement. Ever since I have been in the security community
you've been around you've always helped when you could.
I have it more with Martin Luther who allegedly said:
view.
It was said here before: If we fail as an informal community here, than
others will take this into their hands, and that will likely no procude
a better result.
Best
Serge
On 19/04/2020 00:07, David Conrad wrote:
> Serge,
>
> On Apr 17, 2020, at 2:15 AM, Serge Droz via
Hi All
I think this is a good policy.
We can always find use cases where it fails, but it will help in some
cases.
And if some one is not able to answer an e-mail every six month, there
are probably underlying issues. Also the argument, that the bad guys
flood the mailbox is not really acceptabl
>> Coming from the incident response side, I'm tiered of people constantly
>> telling me, that issues are not their problem
>
> How would this proposal help with said problem?
>
- It will catch the cases where some miss configuration happened indeed
- It will make it impossible for orgs to s
So, it's the security guys, saying
This may help a bit, but won't solve all problems.
versus the infrastructure operators saying
Beware! This it creating huge costs and will not help at all, and
answering two mails a year will be our ruin.
Sadly, this list is run by Naj sayers.
Serge
-
On 29.04.20 18:22, Nick Hilliard wrote:
> To be clear, it's a fundamental right in large chunks of the RIPE
> service region to conduct business. If the RIPE NCC acts to threaten to
> remove this ability to conduct business, there would need to be sound
> legal justification for doing so.
Most
I do not disagree with this.
Serge
On 30.04.20 09:41, Hans-Martin Mosner wrote:
> Am 30.04.20 um 02:58 schrieb Suresh Ramasubramanian:
>>
>> However, being in a fiduciary role - with IPv4 being traded like
>> currency these days the description fits - RIPE NCC can’t not get
>> involved.
>>
> ...
Even if it's the only restaurant serving food in the region it can
impose restrictions, as long as they are reasonable.
And having a working abuse e-mail address seems very reasonable for any
kind of organization working in the internet.
There are many norms that are not laws, that still apply.
Hi Töma
> What does GDPR have to say about this?
Unfortunately GDPR is totally ok with mind-boggingly stupid "technical
solutions" as long as they don't contain PII ;-)
Sorry, I'll stop now
Cheers
Serge
--
Dr. Serge Droz
Chair of the FIRST Board of Directors
https://www.first.org
Hi Martin
Have you tried t contact RU-CERT: https://www.cert.ru/en/about.shtml
They often are quite helpful.
Best
Serge
On 25.05.20 16:09, Martin Wilhelmi wrote:
> Hey everyone,
>
> I have a conflict with a provider from Russia "Timeweb" AS9123. It seems
> to be hosting a customer who sends s
Hi whoever you are,
(typically it's not a good sign, if you need hide behind an anonymous
alias).
I think the comparison to phone numbers is bad, that area is plagued by
very similar issues. But I get you point.
I think it's not feasible that you need to somehow proof you are
legitimate, the sam
#x27;ve had this discussion in here in
the past.
We can't even agree on the principles, let alone the details.
This seems to be harder than world peace.
Best
Serge
>
> On 25/06/2020 5:45 pm, Serge Droz via anti-abuse-wg wrote:
>> Hi whoever you are,
>> (typically it'
Hi Info
Maybe one of the reasons some Non-logging VPNs end up on blacklist sis
that the Non-Looging phrase is just an excuse to not go after misuse.
The rights to privacy and free speech do not mean anything goes.
You can fight abuse without violating privacy. But of course that's not
for free, y
nal-Market-and-clarifying-responsibilities-for-digital-services/public-consultation
>
> Best,
> ángel
> Grupo Godó de Comunicación
>
> ----------------
> *De:* anti-abuse-wg en nombre de Serge
> Droz via anti-abuse-wg
ght.blog /
>
> http://ceo.hosting/
>
> Intl. +353 (0) 59 9183072
>
> Direct Dial: +353 (0)59 9183090
>
> ---
>
> Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,
> Sleaty Road, Graiguecullen, Carlow, R93 X265,Ir
On 09.07.20 19:52, i...@fos-vpn.org wrote:
> Yes, VPN services can be used for unlawful activities such as Tor Exit
> Nodes or public WiFi Hotspots; that lies in the nature of things.
> However we believe that most of our customers behave behave in a
> responsible fashion and respect the laws as
First of: Congrats and thank you Ronald for this work.
What makes me a bit sad is, that posting this here immediately starts a
discussion about what is expected behavior on these lists, rather than
how we could combat abuse more efficiently.
It seems a seeminglu, to me at least, humorous remark,
Hi All
Michele, I think this is a great idea. It would probably make sense to
liaise with https://www.m3aawg.org/ and FIRST (tha latter would be me
;-) and I can broker an intro to the M3AAWG peoples.
Not also, that FIRST has a "DNS Abuse SIG", that focuses on domain
related abuse, but in a wi
I think this community let's the perfect be the enemy of the possible.
Just because there are traffic rules doesn't mean people don't violate
them. But they violate them much less.
See, what I fear is, that at some stage states will start to regulate,
because the industry fails to do so. And
I do not agree
Every organization has rules it enforces. That doesn't make it a
regulator. The public transport here, where I live enforces that you
have a valid ticket. That doesn't make it the transport regulator.
In fact RIPE NCC will probably enforce that you pay your fees.
The issue her
As I said
I disagree. Gmail says what you can do with their accounts, that doesn't
make them a regulator. But it doesn't matter: At the end of the day it's
excuses to not do anything about a growing problem.
And what typically happens in such cases is that states get upset and
start dictatin
It will make some organizations start handling reports that didn't do it
before.
We tried this in Switzerland, sending all ISPs abuse data asking them to
deal with it. In the beginning, very little enthusiasm, today most do.
None of these proposals have ever been tries, yet your you insist on
Maybe it's time to measure these numbers in the RIPE region by trying a time
limit experiment.
If it doesn't work, we stop it again. We would have to discuss criteria for
what "it work" means. That's a discussion I'd like to see on this list.
By never trying anything concrete it's easy saying
Hi Hank
Thanks for this: It's pure gold.
I sometimes think this WG is held prisoner by a hand full of people,
which are the ones that then whine in five years because the EU will put
a stop at this on their terms. Here in Switzerland more and more anti
abuse legislation is enacted because som
Pushing for DNSSEC adoption by financial services, government and other
“enterprise” users makes a lot of sense, but pushing it for all domains
is a terrible idea and has more negative impacts than positives.
Not if it's done properly, i.e. by the hosting providers. Should your
aunt or un
Hi Brian
Just a guess: But governments get increasingly dissatisfied with the
laissez faire attitude of the technical community and the private sector
in fighting cyber crime. In a recent talk Jane Easterly said: "The
private sector has promised better security for yeas but has not
delivered.
Hi Michele
As I said: They may make a point. Maybe they don't understand what RIPS
dies. But that's an assumption, and the tech community tends to
underrate authorities, so don't count on it.
Best
Serge
On 10.04.24 11:32, Michele Neylon - Blacknight wrote:
Serge
The report speaks about Fre
Hi Randy
Agreed and I'm not saying we should just hand everything over on a gold plate
to LE. Bien we cannot just say no all the time, but should actually come up
with solutions we feel are good or a good compromise.
I expect LE to understand our issues, but we should understand theirs
Best
S
Dear Markus
Thanks for this list. I'd love to see a bit more than best practices
though. I'd like to see this group come up with recommendations of what
RIPE can/should do to curb malicious behavior.
I think there are already a lot of groups that share info, so I'm not
sure we need another o
,
On Thu, 9 May 2024 at 10:23, Serge Droz via anti-abuse-wg
wrote:
Dear Markus
Thanks for this list. I'd love to see a bit more than best practices
though. I'd like to see this group come up with recommendations of what
RIPE can/should do to curb malicious behavior.
Are you referri
is includes the definition of acceptable minimal
standards.
Best regards
Serge
On 09.05.24 21:39, Leo Vegoda wrote:
Hi Serge,
On Thu, 9 May 2024 at 11:41, Serge Droz via anti-abuse-wg
wrote:
Hi Leo
We can only recommend the community, obviously.
I agree.
So these aare the best
practices
We can
t is
>out of scope for both the RIPE Community and RIPE NCC.
>
>Nick
>
>Serge Droz via anti-abuse-wg wrote on 10/05/2024 07:21:
>>
>> Hi Leo
>>
>> It's more about sharpening the focus. I colored this red below. I feel
>> eventually the RIPE NCC
Hi Michele
RIPE currently does not have the power to do a lot of things. The WG
cannot magically change that.
This is the old merry go round.
Maybe RIPE NCC needs to change certain things, or it will be changed for
them. The WG could provide guidance and suggest possible avenues where
RIP
er than charging 50 euro an ASN
—srs
----
*From:*anti-abuse-wg on behalf of Serge
Droz via anti-abuse-wg
*Sent:* Monday, May 13, 2024 7:03:18 PM
*Cc:* anti-abuse-wg@ripe.net
*Subject:* Re: [anti-abuse-wg] Seeking Input on the Future of the
Anti-A
Hi
I'm fairly new here. This is a formidable task, and not easily achieved.
So kudos to RIPE for doing this. The abuse contacts already there helped
me a lot.
I don't appreciate people who can't even stand up with their real names,
just pointing out that others are lame.
We make this a better wo
48 matches
Mail list logo
