mitigating botnet C&Cs has become useless

• Previous message (by thread): mitigating botnet C&Cs has become useless
• Next message (by thread): mitigating botnet C&Cs has become useless
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

this isn't fun, comments in line.


Sean Donelan wrote:
> 
> On Tue, 8 Aug 2006, Rick Wesson wrote:
>> Last sunday at DEFCON I explained how one consumer ISP cost American 
>> business $29M per month because of the existence of key-logging botnets.
> 
> Why did you attribute responsibility for the cost only to the consumer 
> ISP?  How much of the cost should be attributed the PC OEM, or the 
> software developers, or the American business, or the ....?

Because the numbers are significant. Finding any entity that could 
provide a choke-point for 4% of business side id-theft is an interesting 
  exercise and of significant value to the community.

> 
>> you want to talk economics? Its not complicated to show that 
>> mitigating key-logging bots could save American business 2B or 4% of 
>> =losses to identity theft -- using FTC loss estimates from 2003
> 
> What are the economics of American businesses mitigating key-logging bots?

there is no detectable mitigation, the slope of the infection rate 
continues to rise.

> How much security would you get for an additional $20 per year per on-line
> user?  Spending more than the losses wouldn't save American business money.

depends on how it is spent



-rick

• Previous message (by thread): mitigating botnet C&Cs has become useless
• Next message (by thread): mitigating botnet C&Cs has become useless
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]