http://www.theatlantic.com/politics/archive/2010/06/homeland-securitys-cyber-bill-would-codify-executive-emergency-powers/57946/
http://tinyurl.com/2gyezyg
--
Somebody should have said:
A democracy is two wolves and a lamb voting on what to have for dinner.
Freedom under a constitutional republi
On Wed, Jun 09, 2010 at 16:44:38PM -0400, Barry Shein wrote:
> MAYBE IF [please read thru before replying because I probably cover
> most knee-jerk responses eventually]:
>
> d) Microsoft hadn't ignored all these basic security practices in
> operating systems which were completely well understood
On Thu, Jun 10, 2010 at 4:22 AM, Jorge Amodio wrote:
> Cyber Threats Yes, But Is It Cyber War?
> http://www.circleid.com/posts/20100609_cyber_threats_yes_but_is_it_cyberwar/
>
> -J
Cyber war is something made up by the security industry to save it from going
bankrupt because the traditional pro
On 6/9/10 2:56 PM, Owen DeLong wrote:
On Jun 9, 2010, at 8:26 AM, Brielle Bruns wrote:
On 6/9/10 6:27 AM, Jorge Amodio wrote:
Going back then to a previous question, do we want more/any
regulation ?
Laws and regulation exist because people can't behave civilly and
be expected to respect the
On Jun 9, 2010, at 11:05 PM, JC Dill wrote:
> Owen DeLong wrote:
>>
>> Software has been out of control for a long time and I hope that the gov't
>> will start by ruling the "not responsible for our negligence or the damage
>> it causes" clauses of software licenses invalid.
>
> The beauty of
J. Oquendo wrote:
More finger pointing here.
You say that like it's a bad thing. I'm pointing fingers at the company
that has a long history of selling software with shoddy security
(including releasing newer versions with restored vulnerabilities that
were found and "fixed" years earlier),
> And "would damage the country" is a very fuzzy concept that you really don't
> want to go anywhere near.
I wasn't drafting legislation; I was introducing a concept. I would
expect that actual
legislation would explicitly list which industries were subject to
such regulation.
Otherwise it might
> Checklists come in handy in fact if many were followed (BCP
> checklists, appropriate industry standard fw, system rules)
> the net would be a cleaner place.
Sensible checklists that actually improve matters, yes.
The audit checklists I've often been subjected to, full of security theatre and
Tim Franklin wrote:
> and another checklist with a magic acronym that has everything to do
> with security theatre and nothing to do with either actual security or
> the reality of operating a network.
Checklists come in handy in fact if many were followed (BCP checklists,
appropriate industry stan
On Thu, 10 Jun 2010 12:27:18 BST, Michael Dillon said:
> If any organization operates an infrastructure which could be
> vulnerable to cyberattack that would damage the country in which they
> operate, that organization needs to be regulated to ensure that their
> networks cannot be exploited for
> I would expect that the increased awareness of network security that
> resulted would pay dividends in business and home use of networks.
I'd expect a lot of nice business for audit firms with the right government
connections, and another checklist with a magic acronym that has everything to
d
> Going back then to a previous question, do we want more/any regulation ?
Yes.
All vulnerable industries should have their use of network
communications regulated. This means all power stations, electricity
line operators, dam gate operators, etc. They should all be required
to meet a standard o
This would appear to be political in nature and therefore not operational,
right?
"Larry Sheldon" wrote:
>On 6/9/2010 08:21, Joe Greco wrote:
>
>> Your car emits lots of greenhouse gases. Just because it's /less/ doesn't
>> change the fact that the Prius has an ICE. We have a Prius and a HiHy
On Tue, Jun 08, 2010 at 11:14:10PM -0700, Paul Ferguson wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> To cut through the noise and non-relevant discussion, let's see if we can
> boil this down to a couple of issues:
>
> 1. Should ISPs be responsible for abuse from within their cust
Owen DeLong wrote:
Software has been out of control for a long time and I hope that the gov't will start by
ruling the "not responsible for our negligence or the damage it causes" clauses
of software licenses invalid.
The beauty of my "attractive nuisance" argument is that the EULA doesn't
Cyber Threats Yes, But Is It Cyber War?
http://www.circleid.com/posts/20100609_cyber_threats_yes_but_is_it_cyberwar/
-J
On 6/9/2010 18:04, Joe Greco wrote:
>> On 6/9/2010 14:37, Karl Auer wrote:
>> [good stuff]
>>
>>> Try thinking about what *could* happen rather than what *can't* happen.
>>
>> Even better: Think "here is what I can do". And then do it.
>
> Some of us already do:
>
> Implement BCP38
> Implement
> On 6/9/2010 14:37, Karl Auer wrote:
> [good stuff]
>
> > Try thinking about what *could* happen rather than what *can't* happen.
>
> Even better: Think "here is what I can do". And then do it.
Some of us already do:
Implement BCP38
Implement spam scanning for e-mail
Have a responsive abuse
> On Wed, 2010-06-09 at 12:08 -0500, Joe Greco wrote:
> > That's not going to happen (but I'll be happy to be proven wrong).
>
> Oh, there are so many things that are "not going to happen", aren't
> there? And because of that we shouldn't even bother suggesting
> regulation as a solution to anythi
Your humor has me roflmao
-henry
From: Paul Vixie
To: na...@merit.edu
Sent: Wed, June 9, 2010 10:14:34 AM
Subject: Re: Nato warns of strike against cyber attackers
d...@bungi.com (Dave Rand) writes:
> ...
> With more than 100,000,000 compromised com
On Jun 9, 2010, at 2:05 PM, Larry Sheldon wrote:
> On 6/9/2010 15:56, Owen DeLong wrote:
>>
>> On Jun 9, 2010, at 8:26 AM, Brielle Bruns wrote:
>>
>>> On 6/9/10 6:27 AM, Jorge Amodio wrote:
Going back then to a previous question, do we want more/any regulation ?
>>>
>>> Laws and regulatio
>
> Again, apples and oranges to a degree. Car owners don't receive a "use
> at your own risk" disclaimer either. Yet some Toyota owners faced
> horrifying instances of "subpar" prechecks. GM recalled a million or so
> cars and the list will always go on and on. Mistakes happen period and
> when m
On 6/9/2010 15:56, Owen DeLong wrote:
>
> On Jun 9, 2010, at 8:26 AM, Brielle Bruns wrote:
>
>> On 6/9/10 6:27 AM, Jorge Amodio wrote:
>>> Going back then to a previous question, do we want more/any regulation ?
>>
>> Laws and regulation exist because people can't behave civilly and be
>> expect
On June 9, 2010 at 07:39 jmamo...@gmail.com (Jorge Amodio) wrote:
> > 1. Should ISPs be responsible for abuse from within their customer base?
>
> Not sure, ISPs role is just to move packets from A to B, you need to
> clearly define what constitutes abuse and how much of it is considered
> a
On Jun 9, 2010, at 8:26 AM, Brielle Bruns wrote:
> On 6/9/10 6:27 AM, Jorge Amodio wrote:
>> Going back then to a previous question, do we want more/any regulation ?
>
> Laws and regulation exist because people can't behave civilly and be expected
> to respect the rights/boundries/property othe
On June 8, 2010 at 21:05 fergdawgs...@gmail.com (Paul Ferguson) wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On Tue, Jun 8, 2010 at 8:59 PM, JC Dill wrote:
>
> >
> > I'm still truly amazed that no one has sic'd a lawyer on Microsoft for
> > creating an "attractive nuisan
On 6/9/2010 14:37, Karl Auer wrote:
[good stuff]
> Try thinking about what *could* happen rather than what *can't* happen.
Even better: Think "here is what I can do". And then do it.
--
Somebody should have said:
A democracy is two wolves and a lamb voting on what to have for dinner.
Freedom
On Wed, 2010-06-09 at 12:08 -0500, Joe Greco wrote:
> That's not going to happen (but I'll be happy to be proven wrong).
Oh, there are so many things that are "not going to happen", aren't
there? And because of that we shouldn't even bother suggesting
regulation as a solution to anything because "
On 6/9/2010 1:43 PM, Larry Sheldon wrote:
On 6/9/2010 13:35, JC Dill wrote:
IMHO it is impossible to regulate the internet as a whole.
Exactly so.
That is precisely why you don't want somebody else to attempt it.
The only hope is for everybody to take personal responsibility for their
litt
The original article is FUD. The Times newspaper is historically known as MI5,
MI6's newspaper of choice.
Andrew
http://sites.google.com/site/n3td3v/
On 6/9/2010 13:35, JC Dill wrote:
> IMHO it is impossible to regulate the internet as a whole.
Exactly so.
That is precisely why you don't want somebody else to attempt it.
The only hope is for everybody to take personal responsibility for their
little piece of it.
--
Somebody should have sai
Jorge Amodio wrote:
> Unfortunately in the software industry you get (when you do, not
> always) the alert and the patch after the fact, ie the exploit has
> been already out there and your machine may probably have been already
> compromised.
>
> I never seen any operating system coming with a sig
Larry Sheldon wrote:
On 6/9/2010 01:11, JC Dill wrote:
Owen DeLong wrote:
Heck, at this point, I'd be OK with it being a regulatory issue.
What entity do you see as having any possibility of effective regulatory
control over the internet?
Doesn't matter as long as it enab
Larry Sheldon wrote:
On 6/9/2010 08:05, Chris Adams wrote:
Once upon a time, JC Dill said:
I'm still truly amazed that no one has sic'd a lawyer on Microsoft for
creating an "attractive nuisance" - an operating system that is too
easily hacked and used to attack innocent victims, and
On Wed, 09 Jun 2010 12:32:54 CDT, Larry Sheldon said:
> On 6/9/2010 12:17, Joe Greco wrote:
> > So, just so we're clear here, I go to Best Buy, I buy a computer, I
> > bring it home, plug it into my cablemodem, and am instantly Pwned by
> > the non-updated Windows version on the drive plus the inc
> > So, just so we're clear here, I go to Best Buy, I buy a computer, I
> > bring it home, plug it into my cablemodem, and am instantly Pwned by
> > the non-updated Windows version on the drive plus the incessant cable
> > modem scanning, resulting in a bot infection... therefore I am
> > neglig
> You buy a car and as you're driving along a message comes into the
> dashboard: "Car Update needed, to fix A/C" you ignore it. Don't update
> it who cares, you're driving smoothly. Another alert comes into the car
> dashboard: "Critical alert, your breaks need this patch"... You ignore
> it and d
On 6/9/2010 12:17, Joe Greco wrote:
What I don't want to see which you are advocating... I don't want to see
the end users who do take responsibility, drive well designed vehicles
with proper seat belts and safety equipment, stay in their lane, and
do not cause accidents held li
> >> What I don't want to see which you are advocating... I don't want to see
> >> the end users who do take responsibility, drive well designed vehicles
> >> with proper seat belts and safety equipment, stay in their lane, and
> >> do not cause accidents held liable for the actions of others. Why
d...@bungi.com (Dave Rand) writes:
> ...
> With more than 100,000,000 compromised computers out there, it's really
> time for us to step up to the plate, and make this happen.
+1.
--
Paul Vixie
KI6YSY
> --=-sFVAwQY0p26r8nFOk9Ww
> Content-Type: text/plain
> Content-Transfer-Encoding: quoted-printable
>
> On Wed, 2010-06-09 at 08:50 -0500, Joe Greco wrote:
> > Primarily because the product that they've been given to use is defective
> > by design.
>
> Indeed. So one approach is to remove the pro
On 6/9/2010 11:50, J. Oquendo wrote:
[Lots of good stuff snipped.]
> Don't blame the software vendors blame oneself. I've seen even the most
> savvy users using OS' *other* than Windows get compromised. I performed
> an incident response about 8 months ago... 42 machines 41 Linux, 1
> Windows...
Larry Sheldon wrote:
> On 6/9/2010 10:58, Owen DeLong wrote:
>
>
>>> What happened to the acronyms "AUP" and "TOS"?
>>>
>>>
>> I'm not sure what you mean by that. I'm talking about an ISPs liability to
>> third party victims, not to their customers.
>>
>
> "Acceptable Use Policy" an
On 6/9/2010 10:58, Owen DeLong wrote:
>> What happened to the acronyms "AUP" and "TOS"?
>>
> I'm not sure what you mean by that. I'm talking about an ISPs liability to
> third party victims, not to their customers.
"Acceptable Use Policy" and "Terms of Service"
>
> AUP/TOS are between the ISP a
> Yes, it's complex, but, it is the only mechanism the law provides
> for the transfer of liability. You can't leap-frog the process and
> have the SPAM victims going directly after LatchKeyMom's
> OS Vendor because there's no relationship there to provide
> a legal link of liability.
This leads
>
>> What I don't want to see which you are advocating... I don't want to see
>> the end users who do take responsibility, drive well designed vehicles
>> with proper seat belts and safety equipment, stay in their lane, and
>> do not cause accidents held liable for the actions of others. Why shoul
On 6/9/10 8:43 AM, Michiel Klaver wrote:
Our experiences from the Dutch ISP market indicate otherwise, customers
are more than happy to be informed they might have been infected by a
virus/worm. Most customers are too afraid of loosing valuable documents
due to a file-eating virus for example, or
On Wed, Jun 09, 2010, Larry Sheldon wrote:
> You might not have the state inspection rip-off, but I'll bet that if
> your state accepts federal highway money, you have mechanical condition
> standards that include tires, brakes, seat belts and a lot of other things.
.. and a change in the minimum
On 6/9/10 6:27 AM, Jorge Amodio wrote:
Going back then to a previous question, do we want more/any regulation ?
Laws and regulation exist because people can't behave civilly and be
expected to respect the rights/boundries/property others.
CAN-SPAM exists because the e-mail marketing business
On 6/9/2010 08:21, Joe Greco wrote:
> Your car emits lots of greenhouse gases. Just because it's /less/ doesn't
> change the fact that the Prius has an ICE. We have a Prius and a HiHy too.
Did Godwin say anything about rand discussions degenerating to
mythologies like "gorebull warming"?
--
S
On 6/9/2010 08:09, Chris Adams wrote:
> Once upon a time, Jorge Amodio said:
>> That's why at least in the US by *regulation* you must have insurance
>> to be able to operate a car, instead of mitigating the safety issues
>> that represents a teenager texting while driving we deal with the
>> cons
On 6/9/2010 08:08, Chris Adams wrote:
> Once upon a time, Alexander Harrowell said:
>> No, but we can and do require cars to have functional brakes and minimum
>> tread depths, and to be tested periodically.
>
> Not in this state.
You might not have the state inspection rip-off, but I'll bet th
On 6/9/2010 08:05, Chris Adams wrote:
> Once upon a time, JC Dill said:
>> I'm still truly amazed that no one has sic'd a lawyer on Microsoft for
>> creating an "attractive nuisance" - an operating system that is too
>> easily hacked and used to attack innocent victims, and where others have
>>
On 6/9/2010 07:39, Jorge Amodio wrote:
>> 1. Should ISPs be responsible for abuse from within their customer base?
>
> Not sure, ISPs role is just to move packets from A to B, you need to
> clearly define what constitutes abuse and how much of it is considered
> a crime.
>
> If I call your home e
On 6/9/2010 07:39, Jorge Amodio wrote:
>> 1. Should ISPs be responsible for abuse from within their customer base?
>
> Not sure, ISPs role is just to move packets from A to B, you need to
> clearly define what constitutes abuse and how much of it is considered
> a crime.
>
> If I call your home e
On Wed, 2010-06-09 at 08:50 -0500, Joe Greco wrote:
> Primarily because the product that they've been given to use is defective
> by design.
Indeed. So one approach is to remove the protection such defective
designs currently enjoy.
> supposed to play out for the single mom with a latchkey kid?
On 6/9/2010 06:14, Owen DeLong wrote:
>
> On Jun 8, 2010, at 11:14 PM, Paul Ferguson wrote:
>
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA1
>>
>> To cut through the noise and non-relevant discussion, let's see if we can
>> boil this down to a couple of issues:
>>
>> 1. Should ISPs be respon
On 6/9/2010 06:11, Owen DeLong wrote:
>
> On Jun 8, 2010, at 11:11 PM, JC Dill wrote:
>
>> Owen DeLong wrote:
>>>
>>> Heck, at this point, I'd be OK with it being a regulatory issue.
>>
>> What entity do you see as having any possibility of effective regulatory
>> control over the internet?
>>
Original message
Generally speaking, nobody wants to be the cop that makes that call.
Theoretically an ISP *might* be able to do that, but most are unwilling,
and those of us that do actually play BOFH run the risk of losing
customers to a sewerISP that doesn't.
Our experience
On 6/9/2010 01:14, Paul Ferguson wrote:
> To cut through the noise and non-relevant discussion, let's see if we can
> boil this down to a couple of issues:
If I may offer a few edits and comments .
> 1. Should ISPs be responsible for abuse from within their customer base?
> 1. Should ISPs be
> > I am pretty sure I saw stats that suggested that old cars that crashed into
> > new cars did substantially more damage to the new car and its occupants than
> > an equivalent crash between two new cars, something to do with the old car
> > not absorbing about half the impact into its own (nonex
On Jun 9, 2010, at 6:50 AM, Joe Greco wrote:
>> On Wed, 2010-06-09 at 07:02 -0500, Joe Greco wrote:
>>> There is only so much "proper security" you can expect the average PC use=
>> r
>>> to do.
>>
>> Sure - but if their computer, as a result of their ignorance, starts
>> belching out spam, ISPs
On 6/9/2010 01:11, JC Dill wrote:
> Owen DeLong wrote:
>>
>> Heck, at this point, I'd be OK with it being a regulatory issue.
>
> What entity do you see as having any possibility of effective regulatory
> control over the internet?
Doesn't matter as long as it enables radial outbound finger poi
:I think anyone in their right mind would agree that if a provider see
:criminal activity, they should take action, no?
What a provider "should" do and what makes sense under the law of the
land are two different things.
:If that also holds true, then why doesn't it happen?
The laws pertaining t
> > Grandma does not go check her tread depth or check her own brake pads and
> > discs for wear. She lets the shop do that. I was hoping I didn't have to
> > get pedantic and that people could differentiate between "I pay the shop a
> > few bucks to do that for me" and "I take responsibility per
On Jun 9, 2010, at 6:17 AM, Joe Greco wrote:
>> On Jun 9, 2010, at 5:02 AM, Joe Greco wrote:
>>
So? If said end customer is operating a network-connected system without
sufficient knowledge to properly maintain it and prevent it from doing
mischief
to the rest of the network
> On Wed, 2010-06-09 at 07:02 -0500, Joe Greco wrote:
> > There is only so much "proper security" you can expect the average PC use=
> r
> > to do.
>
> Sure - but if their computer, as a result of their ignorance, starts
> belching out spam, ISPs should be able at very least to counteract the
> pr
>
> On Jun 9, 2010, at 4:27 AM, Joe Greco wrote:
>
> >> I'm all for that, but, point is that people who fail to meet that standard
> >> are
> >> currently getting a free ride. IMHO, they should pay and they should have
> >> the recourse of being (at least partially) reimbursed by their at-fault
On Jun 9, 2010, at 6:09 AM, Chris Adams wrote:
> Once upon a time, Jorge Amodio said:
>> That's why at least in the US by *regulation* you must have insurance
>> to be able to operate a car, instead of mitigating the safety issues
>> that represents a teenager texting while driving we deal with
> On Jun 9, 2010, at 5:02 AM, Joe Greco wrote:
>
> >> So? If said end customer is operating a network-connected system without
> >> sufficient knowledge to properly maintain it and prevent it from doing
> >> mischief
> >> to the rest of the network, why should the rest of us subsidize her
> >> n
Once upon a time, Jorge Amodio said:
> That's why at least in the US by *regulation* you must have insurance
> to be able to operate a car, instead of mitigating the safety issues
> that represents a teenager texting while driving we deal with the
> consequences.
The insurance requirement is a st
Once upon a time, Alexander Harrowell said:
> No, but we can and do require cars to have functional brakes and minimum
> tread depths, and to be tested periodically.
Not in this state.
--
Chris Adams
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but mys
Once upon a time, JC Dill said:
> I'm still truly amazed that no one has sic'd a lawyer on Microsoft for
> creating an "attractive nuisance" - an operating system that is too
> easily hacked and used to attack innocent victims, and where others have
> to pay to clean up after Microsoft's mess.
> > I'm all fine with noting that certain products are particularly awful.
> > However, we have to be aware that users are simply not going to be required
> > to go get a CompSci degree specializing in risk management and virus
> > cleansing prior to being allowed to buy a computer. This implies t
On Jun 9, 2010, at 5:28 AM, Joe Greco wrote:
>> No, but we can and do require cars to have functional brakes and
>> minimum tread depths, and to be tested periodically.
>>
>> Obviously this is acceptable because the failure modes for cars
>> are worse, but the proposed solution is less intrusi
> I'm not opposed to making operating systems and applications safer.
> As I said, just as with cars, the manufacturers should be held liable
> by the consumers. However, the consumer that is operating the
> car that plows a group of pedestrians is liable to the pedestrians.
> The manufacturer is
On Wed, 2010-06-09 at 07:02 -0500, Joe Greco wrote:
> There is only so much "proper security" you can expect the average PC user
> to do.
Sure - but if their computer, as a result of their ignorance, starts
belching out spam, ISPs should be able at very least to counteract the
problem. For example
On Jun 9, 2010, at 4:27 AM, Joe Greco wrote:
>> I'm all for that, but, point is that people who fail to meet that standard
>> are
>> currently getting a free ride. IMHO, they should pay and they should have
>> the recourse of being (at least partially) reimbursed by their at-fault
>> software
>
> 1. Should ISPs be responsible for abuse from within their customer base?
Not sure, ISPs role is just to move packets from A to B, you need to
clearly define what constitutes abuse and how much of it is considered
a crime.
If I call your home every five minutes to harass you over the phone is
AT
On Jun 9, 2010, at 5:02 AM, Joe Greco wrote:
>> So? If said end customer is operating a network-connected system without
>> sufficient knowledge to properly maintain it and prevent it from doing
>> mischief
>> to the rest of the network, why should the rest of us subsidize her
>> negligence?
>>
> No, but we can and do require cars to have functional brakes and
> minimum tread depths, and to be tested periodically.
>
> Obviously this is acceptable because the failure modes for cars
> are worse, but the proposed solution is less intrusive being after the fact.
Grandma does not go check
> I'm all fine with noting that certain products are particularly awful.
> However, we have to be aware that users are simply not going to be required
> to go get a CompSci degree specializing in risk management and virus
> cleansing prior to being allowed to buy a computer. This implies that our
>> On the other hand think as the Internet being a vast ocean where the
>> bad guys keep dumping garbage, you can't control or filter the
>> currents that are constantly changing and you neither can inspect
>> every water molecule, then what do you do to find and penalize the
>> ones that drop or p
No, but we can and do require cars to have functional brakes and minimum tread
depths, and to be tested periodically.
Obviously this is acceptable because the failure modes for cars are worse, but
the proposed solution is less intrusive being after the fact.
Excuse topposting, on mobile.
"Joe
> So? If said end customer is operating a network-connected system without
> sufficient knowledge to properly maintain it and prevent it from doing
> mischief
> to the rest of the network, why should the rest of us subsidize her
> negligence?
> I don't see where making her pay is a bad thing.
I
On Wed, 09 Jun 2010 00:36:29 EDT, "Patrick W. Gilmore" said:
> But it is not -just- market share. There are a lot more Windows Mobile
> compromises, viruses, etc., than iOS, Symbian, and RIM. I think
> combined. Yet Windows Mobile has the lowest market share of the four.
I'll just point out tha
On Wed, 9 Jun 2010 06:27:08 -0500 (CDT)
Joe Greco wrote:
> > I'm all for that, but, point is that people who fail to meet that
> > standard are currently getting a free ride. IMHO, they should pay
> > and they should have the recourse of being (at least partially)
> > reimbursed by their at-fault
> >Obviously NATO is not concerned with proving the culprit of an attack an
> >albeit close to impossibility. Considering that many attackers
> >compromise so many machines, what's to stop someone from instigating. I
> >can see it coming now:
> >
> >hping -S 62.128.58.180 -a 62.220.119.62 -p ++21 -
> I'm all for that, but, point is that people who fail to meet that standard are
> currently getting a free ride. IMHO, they should pay and they should have
> the recourse of being (at least partially) reimbursed by their at-fault
> software
> vendors for contributory negligence.
Great idea. You
On Jun 8, 2010, at 10:37 PM, Paul Ferguson wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On Tue, Jun 8, 2010 at 10:22 PM, Owen DeLong wrote:
>
>>
>>> Please, be for real -- the criminals go after the entrenched majority.
>>> If it were any other OS, the story would be the same.
- Original message -
All that said, the biggest problem is users. Social Engineering is a far
bigger threat than anything in software. And I don't know how we stop that.
Anyone have an idea?
Users will click anything they find 'interesting', can't change that part up
front. Howeve
On Jun 8, 2010, at 11:14 PM, Paul Ferguson wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> To cut through the noise and non-relevant discussion, let's see if we can
> boil this down to a couple of issues:
>
> 1. Should ISPs be responsible for abuse from within their customer base?
On Jun 8, 2010, at 11:11 PM, JC Dill wrote:
> Owen DeLong wrote:
>>
>> Heck, at this point, I'd be OK with it being a regulatory issue.
>
> What entity do you see as having any possibility of effective regulatory
> control over the internet?
>
> The reason we have these problems to begin wit
On Tue, Jun 08, 2010 at 11:14:10PM -0700, Paul Ferguson wrote:
> 1. Should ISPs be responsible for abuse from within their customer base?
Yes -- if they wish to be considered at least minimally professional.
The principle is "if it comes from your host/network on your watch, it's
your abuse". Giv
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, Jun 8, 2010 at 11:11 PM, JC Dill wrote:
> Owen DeLong wrote:
>>
>> Heck, at this point, I'd be OK with it being a regulatory issue.
>
> What entity do you see as having any possibility of effective regulatory
> control over the internet?
>
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
To cut through the noise and non-relevant discussion, let's see if we can
boil this down to a couple of issues:
1. Should ISPs be responsible for abuse from within their customer base?
1a. If so, how?
2. Should hosting providers also be held respons
Owen DeLong wrote:
Heck, at this point, I'd be OK with it being a regulatory issue.
What entity do you see as having any possibility of effective regulatory
control over the internet?
The reason we have these problems to begin with is because there is no
way for people (or government regu
On Jun 8, 2010, at 9:26 PM, Steven Bellovin wrote:
>> Problem is there's no financial liability for producing massively
>> exploitable software.
>> No financial penalty for operating a compromised system.
>> No penalty for ignoring abuse complaints.
>> Etc.
>>
>> Imagine how fast things would c
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, Jun 8, 2010 at 10:22 PM, Owen DeLong wrote:
>
>> Please, be for real -- the criminals go after the entrenched majority.
>> If it were any other OS, the story would be the same.
>>
> If this were true, the criminals would be all over Apache an
On Jun 8, 2010, at 9:06 PM, JC Dill wrote:
> Dave Rand wrote:
>> I'm fond of getting the issues addressed by getting the ISPs to be involved
>> with the problem. If that means users get charged "clean up" fees instead
>> of a "security" fee, that's fine.
>
> "I urge all my competitors to do th
1 - 100 of 148 matches
Mail list logo
