On Tue, Jun 08, 2010 at 11:14:10PM -0700, Paul Ferguson wrote:
> 1. Should ISPs be responsible for abuse from within their customer base?
Yes -- if they wish to be considered at least minimally professional.
The principle is "if it comes from your host/network on your watch, it's
your abuse". Giv
On Jun 8, 2010, at 11:11 PM, JC Dill wrote:
> Owen DeLong wrote:
>>
>> Heck, at this point, I'd be OK with it being a regulatory issue.
>
> What entity do you see as having any possibility of effective regulatory
> control over the internet?
>
> The reason we have these problems to begin wit
On Jun 8, 2010, at 11:14 PM, Paul Ferguson wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> To cut through the noise and non-relevant discussion, let's see if we can
> boil this down to a couple of issues:
>
> 1. Should ISPs be responsible for abuse from within their customer base?
- Original message -
All that said, the biggest problem is users. Social Engineering is a far
bigger threat than anything in software. And I don't know how we stop that.
Anyone have an idea?
Users will click anything they find 'interesting', can't change that part up
front. Howeve
On Jun 8, 2010, at 10:37 PM, Paul Ferguson wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On Tue, Jun 8, 2010 at 10:22 PM, Owen DeLong wrote:
>
>>
>>> Please, be for real -- the criminals go after the entrenched majority.
>>> If it were any other OS, the story would be the same.
> I'm all for that, but, point is that people who fail to meet that standard are
> currently getting a free ride. IMHO, they should pay and they should have
> the recourse of being (at least partially) reimbursed by their at-fault
> software
> vendors for contributory negligence.
Great idea. You
> >Obviously NATO is not concerned with proving the culprit of an attack an
> >albeit close to impossibility. Considering that many attackers
> >compromise so many machines, what's to stop someone from instigating. I
> >can see it coming now:
> >
> >hping -S 62.128.58.180 -a 62.220.119.62 -p ++21 -
On Wed, 9 Jun 2010 06:27:08 -0500 (CDT)
Joe Greco wrote:
> > I'm all for that, but, point is that people who fail to meet that
> > standard are currently getting a free ride. IMHO, they should pay
> > and they should have the recourse of being (at least partially)
> > reimbursed by their at-fault
On Wed, 09 Jun 2010 00:36:29 EDT, "Patrick W. Gilmore" said:
> But it is not -just- market share. There are a lot more Windows Mobile
> compromises, viruses, etc., than iOS, Symbian, and RIM. I think
> combined. Yet Windows Mobile has the lowest market share of the four.
I'll just point out tha
> So? If said end customer is operating a network-connected system without
> sufficient knowledge to properly maintain it and prevent it from doing
> mischief
> to the rest of the network, why should the rest of us subsidize her
> negligence?
> I don't see where making her pay is a bad thing.
I
No, but we can and do require cars to have functional brakes and minimum tread
depths, and to be tested periodically.
Obviously this is acceptable because the failure modes for cars are worse, but
the proposed solution is less intrusive being after the fact.
Excuse topposting, on mobile.
"Joe
>> On the other hand think as the Internet being a vast ocean where the
>> bad guys keep dumping garbage, you can't control or filter the
>> currents that are constantly changing and you neither can inspect
>> every water molecule, then what do you do to find and penalize the
>> ones that drop or p
> I'm all fine with noting that certain products are particularly awful.
> However, we have to be aware that users are simply not going to be required
> to go get a CompSci degree specializing in risk management and virus
> cleansing prior to being allowed to buy a computer. This implies that our
> No, but we can and do require cars to have functional brakes and
> minimum tread depths, and to be tested periodically.
>
> Obviously this is acceptable because the failure modes for cars
> are worse, but the proposed solution is less intrusive being after the fact.
Grandma does not go check
On Jun 9, 2010, at 5:02 AM, Joe Greco wrote:
>> So? If said end customer is operating a network-connected system without
>> sufficient knowledge to properly maintain it and prevent it from doing
>> mischief
>> to the rest of the network, why should the rest of us subsidize her
>> negligence?
>>
> 1. Should ISPs be responsible for abuse from within their customer base?
Not sure, ISPs role is just to move packets from A to B, you need to
clearly define what constitutes abuse and how much of it is considered
a crime.
If I call your home every five minutes to harass you over the phone is
AT
On Jun 9, 2010, at 4:27 AM, Joe Greco wrote:
>> I'm all for that, but, point is that people who fail to meet that standard
>> are
>> currently getting a free ride. IMHO, they should pay and they should have
>> the recourse of being (at least partially) reimbursed by their at-fault
>> software
>
On Wed, 2010-06-09 at 07:02 -0500, Joe Greco wrote:
> There is only so much "proper security" you can expect the average PC user
> to do.
Sure - but if their computer, as a result of their ignorance, starts
belching out spam, ISPs should be able at very least to counteract the
problem. For example
> I'm not opposed to making operating systems and applications safer.
> As I said, just as with cars, the manufacturers should be held liable
> by the consumers. However, the consumer that is operating the
> car that plows a group of pedestrians is liable to the pedestrians.
> The manufacturer is
On Jun 9, 2010, at 5:28 AM, Joe Greco wrote:
>> No, but we can and do require cars to have functional brakes and
>> minimum tread depths, and to be tested periodically.
>>
>> Obviously this is acceptable because the failure modes for cars
>> are worse, but the proposed solution is less intrusi
> > I'm all fine with noting that certain products are particularly awful.
> > However, we have to be aware that users are simply not going to be required
> > to go get a CompSci degree specializing in risk management and virus
> > cleansing prior to being allowed to buy a computer. This implies t
Once upon a time, JC Dill said:
> I'm still truly amazed that no one has sic'd a lawyer on Microsoft for
> creating an "attractive nuisance" - an operating system that is too
> easily hacked and used to attack innocent victims, and where others have
> to pay to clean up after Microsoft's mess.
Once upon a time, Alexander Harrowell said:
> No, but we can and do require cars to have functional brakes and minimum
> tread depths, and to be tested periodically.
Not in this state.
--
Chris Adams
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but mys
Once upon a time, Jorge Amodio said:
> That's why at least in the US by *regulation* you must have insurance
> to be able to operate a car, instead of mitigating the safety issues
> that represents a teenager texting while driving we deal with the
> consequences.
The insurance requirement is a st
> On Jun 9, 2010, at 5:02 AM, Joe Greco wrote:
>
> >> So? If said end customer is operating a network-connected system without
> >> sufficient knowledge to properly maintain it and prevent it from doing
> >> mischief
> >> to the rest of the network, why should the rest of us subsidize her
> >> n
On Jun 9, 2010, at 6:09 AM, Chris Adams wrote:
> Once upon a time, Jorge Amodio said:
>> That's why at least in the US by *regulation* you must have insurance
>> to be able to operate a car, instead of mitigating the safety issues
>> that represents a teenager texting while driving we deal with
>
> On Jun 9, 2010, at 4:27 AM, Joe Greco wrote:
>
> >> I'm all for that, but, point is that people who fail to meet that standard
> >> are
> >> currently getting a free ride. IMHO, they should pay and they should have
> >> the recourse of being (at least partially) reimbursed by their at-fault
> On Wed, 2010-06-09 at 07:02 -0500, Joe Greco wrote:
> > There is only so much "proper security" you can expect the average PC use=
> r
> > to do.
>
> Sure - but if their computer, as a result of their ignorance, starts
> belching out spam, ISPs should be able at very least to counteract the
> pr
On Jun 9, 2010, at 6:17 AM, Joe Greco wrote:
>> On Jun 9, 2010, at 5:02 AM, Joe Greco wrote:
>>
So? If said end customer is operating a network-connected system without
sufficient knowledge to properly maintain it and prevent it from doing
mischief
to the rest of the network
> > Grandma does not go check her tread depth or check her own brake pads and
> > discs for wear. She lets the shop do that. I was hoping I didn't have to
> > get pedantic and that people could differentiate between "I pay the shop a
> > few bucks to do that for me" and "I take responsibility per
:I think anyone in their right mind would agree that if a provider see
:criminal activity, they should take action, no?
What a provider "should" do and what makes sense under the law of the
land are two different things.
:If that also holds true, then why doesn't it happen?
The laws pertaining t
On 6/9/2010 01:11, JC Dill wrote:
> Owen DeLong wrote:
>>
>> Heck, at this point, I'd be OK with it being a regulatory issue.
>
> What entity do you see as having any possibility of effective regulatory
> control over the internet?
Doesn't matter as long as it enables radial outbound finger poi
On Jun 9, 2010, at 6:50 AM, Joe Greco wrote:
>> On Wed, 2010-06-09 at 07:02 -0500, Joe Greco wrote:
>>> There is only so much "proper security" you can expect the average PC use=
>> r
>>> to do.
>>
>> Sure - but if their computer, as a result of their ignorance, starts
>> belching out spam, ISPs
> > I am pretty sure I saw stats that suggested that old cars that crashed into
> > new cars did substantially more damage to the new car and its occupants than
> > an equivalent crash between two new cars, something to do with the old car
> > not absorbing about half the impact into its own (nonex
On 6/9/2010 01:14, Paul Ferguson wrote:
> To cut through the noise and non-relevant discussion, let's see if we can
> boil this down to a couple of issues:
If I may offer a few edits and comments .
> 1. Should ISPs be responsible for abuse from within their customer base?
> 1. Should ISPs be
Original message
Generally speaking, nobody wants to be the cop that makes that call.
Theoretically an ISP *might* be able to do that, but most are unwilling,
and those of us that do actually play BOFH run the risk of losing
customers to a sewerISP that doesn't.
Our experience
On 6/9/2010 06:11, Owen DeLong wrote:
>
> On Jun 8, 2010, at 11:11 PM, JC Dill wrote:
>
>> Owen DeLong wrote:
>>>
>>> Heck, at this point, I'd be OK with it being a regulatory issue.
>>
>> What entity do you see as having any possibility of effective regulatory
>> control over the internet?
>>
On 6/9/2010 06:14, Owen DeLong wrote:
>
> On Jun 8, 2010, at 11:14 PM, Paul Ferguson wrote:
>
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA1
>>
>> To cut through the noise and non-relevant discussion, let's see if we can
>> boil this down to a couple of issues:
>>
>> 1. Should ISPs be respon
On Wed, 2010-06-09 at 08:50 -0500, Joe Greco wrote:
> Primarily because the product that they've been given to use is defective
> by design.
Indeed. So one approach is to remove the protection such defective
designs currently enjoy.
> supposed to play out for the single mom with a latchkey kid?
On 6/9/2010 07:39, Jorge Amodio wrote:
>> 1. Should ISPs be responsible for abuse from within their customer base?
>
> Not sure, ISPs role is just to move packets from A to B, you need to
> clearly define what constitutes abuse and how much of it is considered
> a crime.
>
> If I call your home e
On 6/9/2010 07:39, Jorge Amodio wrote:
>> 1. Should ISPs be responsible for abuse from within their customer base?
>
> Not sure, ISPs role is just to move packets from A to B, you need to
> clearly define what constitutes abuse and how much of it is considered
> a crime.
>
> If I call your home e
On 6/9/2010 08:05, Chris Adams wrote:
> Once upon a time, JC Dill said:
>> I'm still truly amazed that no one has sic'd a lawyer on Microsoft for
>> creating an "attractive nuisance" - an operating system that is too
>> easily hacked and used to attack innocent victims, and where others have
>>
It appears that verizon.net has one email server[1] (out of a sizeable
pool) that is not able to perform a proper MX lookup for our domain.
Does anyone have contact information for a clue-ful individual that
would have responsibility for email server maintenance at verizon.net?
Josh
[1] Rep
On 6/9/2010 08:08, Chris Adams wrote:
> Once upon a time, Alexander Harrowell said:
>> No, but we can and do require cars to have functional brakes and minimum
>> tread depths, and to be tested periodically.
>
> Not in this state.
You might not have the state inspection rip-off, but I'll bet th
On 6/9/2010 08:09, Chris Adams wrote:
> Once upon a time, Jorge Amodio said:
>> That's why at least in the US by *regulation* you must have insurance
>> to be able to operate a car, instead of mitigating the safety issues
>> that represents a teenager texting while driving we deal with the
>> cons
On 6/9/2010 08:21, Joe Greco wrote:
> Your car emits lots of greenhouse gases. Just because it's /less/ doesn't
> change the fact that the Prius has an ICE. We have a Prius and a HiHy too.
Did Godwin say anything about rand discussions degenerating to
mythologies like "gorebull warming"?
--
S
On 6/9/10 6:27 AM, Jorge Amodio wrote:
Going back then to a previous question, do we want more/any regulation ?
Laws and regulation exist because people can't behave civilly and be
expected to respect the rights/boundries/property others.
CAN-SPAM exists because the e-mail marketing business
On Wed, Jun 09, 2010, Larry Sheldon wrote:
> You might not have the state inspection rip-off, but I'll bet that if
> your state accepts federal highway money, you have mechanical condition
> standards that include tires, brakes, seat belts and a lot of other things.
.. and a change in the minimum
Root Zone DNSSEC Deployment
Technical Status Update 2010-06-09
This is the eighth of a series of technical status updates intended
to inform a technical audience on progress in signing the root zone
of the DNS.
RESOURCES
Details of the project, including documentation published to date,
can be
On 6/9/10 8:43 AM, Michiel Klaver wrote:
Our experiences from the Dutch ISP market indicate otherwise, customers
are more than happy to be informed they might have been infected by a
virus/worm. Most customers are too afraid of loosing valuable documents
due to a file-eating virus for example, or
>
>> What I don't want to see which you are advocating... I don't want to see
>> the end users who do take responsibility, drive well designed vehicles
>> with proper seat belts and safety equipment, stay in their lane, and
>> do not cause accidents held liable for the actions of others. Why shoul
> Yes, it's complex, but, it is the only mechanism the law provides
> for the transfer of liability. You can't leap-frog the process and
> have the SPAM victims going directly after LatchKeyMom's
> OS Vendor because there's no relationship there to provide
> a legal link of liability.
This leads
On 6/9/2010 10:58, Owen DeLong wrote:
>> What happened to the acronyms "AUP" and "TOS"?
>>
> I'm not sure what you mean by that. I'm talking about an ISPs liability to
> third party victims, not to their customers.
"Acceptable Use Policy" and "Terms of Service"
>
> AUP/TOS are between the ISP a
Larry Sheldon wrote:
> On 6/9/2010 10:58, Owen DeLong wrote:
>
>
>>> What happened to the acronyms "AUP" and "TOS"?
>>>
>>>
>> I'm not sure what you mean by that. I'm talking about an ISPs liability to
>> third party victims, not to their customers.
>>
>
> "Acceptable Use Policy" an
On 6/9/2010 11:50, J. Oquendo wrote:
[Lots of good stuff snipped.]
> Don't blame the software vendors blame oneself. I've seen even the most
> savvy users using OS' *other* than Windows get compromised. I performed
> an incident response about 8 months ago... 42 machines 41 Linux, 1
> Windows...
> --=-sFVAwQY0p26r8nFOk9Ww
> Content-Type: text/plain
> Content-Transfer-Encoding: quoted-printable
>
> On Wed, 2010-06-09 at 08:50 -0500, Joe Greco wrote:
> > Primarily because the product that they've been given to use is defective
> > by design.
>
> Indeed. So one approach is to remove the pro
d...@bungi.com (Dave Rand) writes:
> ...
> With more than 100,000,000 compromised computers out there, it's really
> time for us to step up to the plate, and make this happen.
+1.
--
Paul Vixie
KI6YSY
> >> What I don't want to see which you are advocating... I don't want to see
> >> the end users who do take responsibility, drive well designed vehicles
> >> with proper seat belts and safety equipment, stay in their lane, and
> >> do not cause accidents held liable for the actions of others. Why
On 6/9/2010 12:17, Joe Greco wrote:
What I don't want to see which you are advocating... I don't want to see
the end users who do take responsibility, drive well designed vehicles
with proper seat belts and safety equipment, stay in their lane, and
do not cause accidents held li
> You buy a car and as you're driving along a message comes into the
> dashboard: "Car Update needed, to fix A/C" you ignore it. Don't update
> it who cares, you're driving smoothly. Another alert comes into the car
> dashboard: "Critical alert, your breaks need this patch"... You ignore
> it and d
> > So, just so we're clear here, I go to Best Buy, I buy a computer, I
> > bring it home, plug it into my cablemodem, and am instantly Pwned by
> > the non-updated Windows version on the drive plus the incessant cable
> > modem scanning, resulting in a bot infection... therefore I am
> > neglig
On Wed, 09 Jun 2010 12:32:54 CDT, Larry Sheldon said:
> On 6/9/2010 12:17, Joe Greco wrote:
> > So, just so we're clear here, I go to Best Buy, I buy a computer, I
> > bring it home, plug it into my cablemodem, and am instantly Pwned by
> > the non-updated Windows version on the drive plus the inc
Larry Sheldon wrote:
On 6/9/2010 08:05, Chris Adams wrote:
Once upon a time, JC Dill said:
I'm still truly amazed that no one has sic'd a lawyer on Microsoft for
creating an "attractive nuisance" - an operating system that is too
easily hacked and used to attack innocent victims, and
Larry Sheldon wrote:
On 6/9/2010 01:11, JC Dill wrote:
Owen DeLong wrote:
Heck, at this point, I'd be OK with it being a regulatory issue.
What entity do you see as having any possibility of effective regulatory
control over the internet?
Doesn't matter as long as it enab
Jorge Amodio wrote:
> Unfortunately in the software industry you get (when you do, not
> always) the alert and the patch after the fact, ie the exploit has
> been already out there and your machine may probably have been already
> compromised.
>
> I never seen any operating system coming with a sig
On 6/9/2010 13:35, JC Dill wrote:
> IMHO it is impossible to regulate the internet as a whole.
Exactly so.
That is precisely why you don't want somebody else to attempt it.
The only hope is for everybody to take personal responsibility for their
little piece of it.
--
Somebody should have sai
The original article is FUD. The Times newspaper is historically known as MI5,
MI6's newspaper of choice.
Andrew
http://sites.google.com/site/n3td3v/
On 6/9/2010 1:43 PM, Larry Sheldon wrote:
On 6/9/2010 13:35, JC Dill wrote:
IMHO it is impossible to regulate the internet as a whole.
Exactly so.
That is precisely why you don't want somebody else to attempt it.
The only hope is for everybody to take personal responsibility for their
litt
On Wed, 2010-06-09 at 12:08 -0500, Joe Greco wrote:
> That's not going to happen (but I'll be happy to be proven wrong).
Oh, there are so many things that are "not going to happen", aren't
there? And because of that we shouldn't even bother suggesting
regulation as a solution to anything because "
On 6/9/2010 14:37, Karl Auer wrote:
[good stuff]
> Try thinking about what *could* happen rather than what *can't* happen.
Even better: Think "here is what I can do". And then do it.
--
Somebody should have said:
A democracy is two wolves and a lamb voting on what to have for dinner.
Freedom
On June 8, 2010 at 21:05 fergdawgs...@gmail.com (Paul Ferguson) wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On Tue, Jun 8, 2010 at 8:59 PM, JC Dill wrote:
>
> >
> > I'm still truly amazed that no one has sic'd a lawyer on Microsoft for
> > creating an "attractive nuisan
On Jun 9, 2010, at 8:26 AM, Brielle Bruns wrote:
> On 6/9/10 6:27 AM, Jorge Amodio wrote:
>> Going back then to a previous question, do we want more/any regulation ?
>
> Laws and regulation exist because people can't behave civilly and be expected
> to respect the rights/boundries/property othe
On June 9, 2010 at 07:39 jmamo...@gmail.com (Jorge Amodio) wrote:
> > 1. Should ISPs be responsible for abuse from within their customer base?
>
> Not sure, ISPs role is just to move packets from A to B, you need to
> clearly define what constitutes abuse and how much of it is considered
> a
On 6/9/2010 15:56, Owen DeLong wrote:
>
> On Jun 9, 2010, at 8:26 AM, Brielle Bruns wrote:
>
>> On 6/9/10 6:27 AM, Jorge Amodio wrote:
>>> Going back then to a previous question, do we want more/any regulation ?
>>
>> Laws and regulation exist because people can't behave civilly and be
>> expect
>
> Again, apples and oranges to a degree. Car owners don't receive a "use
> at your own risk" disclaimer either. Yet some Toyota owners faced
> horrifying instances of "subpar" prechecks. GM recalled a million or so
> cars and the list will always go on and on. Mistakes happen period and
> when m
On Jun 9, 2010, at 2:05 PM, Larry Sheldon wrote:
> On 6/9/2010 15:56, Owen DeLong wrote:
>>
>> On Jun 9, 2010, at 8:26 AM, Brielle Bruns wrote:
>>
>>> On 6/9/10 6:27 AM, Jorge Amodio wrote:
Going back then to a previous question, do we want more/any regulation ?
>>>
>>> Laws and regulatio
Your humor has me roflmao
-henry
From: Paul Vixie
To: na...@merit.edu
Sent: Wed, June 9, 2010 10:14:34 AM
Subject: Re: Nato warns of strike against cyber attackers
d...@bungi.com (Dave Rand) writes:
> ...
> With more than 100,000,000 compromised computers out
> On Wed, 2010-06-09 at 12:08 -0500, Joe Greco wrote:
> > That's not going to happen (but I'll be happy to be proven wrong).
>
> Oh, there are so many things that are "not going to happen", aren't
> there? And because of that we shouldn't even bother suggesting
> regulation as a solution to anythi
> On 6/9/2010 14:37, Karl Auer wrote:
> [good stuff]
>
> > Try thinking about what *could* happen rather than what *can't* happen.
>
> Even better: Think "here is what I can do". And then do it.
Some of us already do:
Implement BCP38
Implement spam scanning for e-mail
Have a responsive abuse
On 6/9/2010 18:04, Joe Greco wrote:
>> On 6/9/2010 14:37, Karl Auer wrote:
>> [good stuff]
>>
>>> Try thinking about what *could* happen rather than what *can't* happen.
>>
>> Even better: Think "here is what I can do". And then do it.
>
> Some of us already do:
>
> Implement BCP38
> Implement
Cyber Threats Yes, But Is It Cyber War?
http://www.circleid.com/posts/20100609_cyber_threats_yes_but_is_it_cyberwar/
-J
Owen DeLong wrote:
Software has been out of control for a long time and I hope that the gov't will start by
ruling the "not responsible for our negligence or the damage it causes" clauses
of software licenses invalid.
The beauty of my "attractive nuisance" argument is that the EULA doesn't
Hi,
Am getting the following error from my SCO UNIX box.
Any idea as to what they mean.
proto: 0, age: 1274191185
locks: inits:
sockaddrs:
172.16.3.12 172.16.1.254
route: got message of size 120
RTM_LOSING: Kernel Suspects Partitioning: len 120, pid: 0, seq 0, errno 0, flags
:
proto:
On Wed, 2010-06-09 at 23:40 -0700, jacob miller wrote:
> Hi,
>
> Am getting the following error from my SCO UNIX box.
They mean "use an operating system not made by crackheads." There's a
reason why SCO switched from UNIX sales to Intellectual Property
trolling after all.
William
84 matches
Mail list logo
