mitigating botnet C&Cs has become useless
Peter Dambier
peter at peter-dambier.de
Tue Aug 8 23:38:58 UTC 2006
Mikael Abrahamsson wrote:
>
> On Tue, 8 Aug 2006, Rick Wesson wrote:
>
>> Last sunday at DEFCON I explained how one consumer ISP cost American
>> business $29M per month because of the existence of key-logging botnets.
>>
>> you want to talk economics? Its not complicated to show that
>> mitigating key-logging bots could save American business 2B or 4% of
>> =losses to identity theft -- using FTC loss estimates from 2003
>>
>> just because an ISP looses some money over transit costs does not
>> equate to the loss american business+consumers are loosing to fraud.
>
>
> I am sure that the total cost would be less if everybody cleaned up
> their act. It doesn't change the fact that the individual ISP has to
> spend money it will never see returns on, for this common good to emerge.
>
> If the government wants to do this, then I guess it should start
> demanding responsibility from individuals as well, otherwise I don't see
> this happening anytime soon. Microsoft has a big cash reserve, perhaps
> the US government should start demanding them clean up their act and
> release more secure products, and start fining people who don't use
> their products responsibly. Oh, and go after the companies installing
> spyware, in ernest? And to find these, they have to start wiretapping
> everybody to collect the information they need.
>
I remember working in the sysops group of a big company we made our
own law:
Leaving your terminal without logoff would cost you a bottle of cognac.
Writing your password under the keyboard would cost you a bottle of cognac.
...
My boss used to have stomach aches. That is why arround noon you would
find most of us in the machine room - sorting tapes :) It was the
coldest place in the building. Right to cool down our red faces :)
It might be cool if an ISP was to charge his costumers a bottle of Pepsi
everytime they got hacked.
It might be even more cool if the costumer succeeded to charge Microsoft
if they were the culprit :)
> Otoh this added security might add up to more losses than 2B per year in
> less functionality and more administration and procedures (overhead), so
> perhaps those 2B is the price we pay for freedom and liberty in this space?
>
> Always hard to find the balance.
>
No more balance after that bottle of cognac :)
Cheers
Peter and Karin
--
Peter and Karin Dambier
Cesidian Root - Radice Cesidiana
Graeffstrasse 14
D-64646 Heppenheim
+49(6252)671-788 (Telekom)
+49(179)108-3978 (O2 Genion)
+49(6252)750-308 (VoIP: sipgate.de)
mail: peter at peter-dambier.de
mail: peter at echnaton.serveftp.com
http://iason.site.voila.fr/
https://sourceforge.net/projects/iason/
More information about the NANOG
mailing list