mitigating botnet C&Cs has become useless

• Previous message (by thread): mitigating botnet C&Cs has become useless
• Next message (by thread): mitigating botnet C&Cs has become useless
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Mikael Abrahamsson wrote:
> 
> On Tue, 8 Aug 2006, Rick Wesson wrote:
> 
>> Last sunday at DEFCON I explained how one consumer ISP cost American 
>> business $29M per month because of the existence of key-logging botnets.
>>
>> you want to talk economics? Its not complicated to show that 
>> mitigating key-logging bots could save American business 2B or 4% of 
>> =losses to identity theft -- using FTC loss estimates from 2003
>>
>> just because an ISP looses some money over transit costs does not 
>> equate to the loss american business+consumers are loosing to fraud.
> 
> 
> I am sure that the total cost would be less if everybody cleaned up 
> their act. It doesn't change the fact that the individual ISP has to 
> spend money it will never see returns on, for this common good to emerge.
> 
> If the government wants to do this, then I guess it should start 
> demanding responsibility from individuals as well, otherwise I don't see 
> this happening anytime soon. Microsoft has a big cash reserve, perhaps 
> the US government should start demanding them clean up their act and 
> release more secure products, and start fining people who don't use 
> their products responsibly. Oh, and go after the companies installing 
> spyware, in ernest? And to find these, they have to start wiretapping 
> everybody to collect the information they need.
> 

I remember working in the sysops group of a big company we made our
own law:

Leaving your terminal without logoff would cost you a bottle of cognac.

Writing your password under the keyboard would cost you a bottle of cognac.

...

My boss used to have stomach aches. That is why arround noon you would
find most of us in the machine room - sorting tapes :) It was the
coldest place in the building. Right to cool down our red faces :)


It might be cool if an ISP was to charge his costumers a bottle of Pepsi
everytime they got hacked.

It might be even more cool if the costumer succeeded to charge Microsoft
if they were the culprit :)


> Otoh this added security might add up to more losses than 2B per year in 
> less functionality and more administration and procedures (overhead), so 
> perhaps those 2B is the price we pay for freedom and liberty in this space?
> 
> Always hard to find the balance.
> 


No more balance after that bottle of cognac :)

Cheers
Peter and Karin

-- 
Peter and Karin Dambier
Cesidian Root - Radice Cesidiana
Graeffstrasse 14
D-64646 Heppenheim
+49(6252)671-788 (Telekom)
+49(179)108-3978 (O2 Genion)
+49(6252)750-308 (VoIP: sipgate.de)
mail: peter at peter-dambier.de
mail: peter at echnaton.serveftp.com
http://iason.site.voila.fr/
https://sourceforge.net/projects/iason/

• Previous message (by thread): mitigating botnet C&Cs has become useless
• Next message (by thread): mitigating botnet C&Cs has become useless
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]