Nato warns of strike against cyber attackers
owen at delong.com
Wed Jun 9 15:56:40 CDT 2010
On Jun 9, 2010, at 8:26 AM, Brielle Bruns wrote:
> On 6/9/10 6:27 AM, Jorge Amodio wrote:
>> Going back then to a previous question, do we want more/any regulation ?
> Laws and regulation exist because people can't behave civilly and be expected to respect the rights/boundries/property others.
> CAN-SPAM exists because the e-mail marketing business refused to self regulate and respect the wishes of consumers/administrators
Which is good, because it certainly eliminated most of the SPAM. -- NOT!
> FDCPA exists because the debt collectors couldn't resist the temptation to harass and intimidate consumers, and behave ethically.
And of course, it has caused them all to do so, now, right? -- NOT!
> It's just a matter of time, and really unavoidable. The thing is, these industries have no one to blame but themselves. In all cases, these laws/regulation only came into affect AFTER situations got out of control.
Software has been out of control for a long time and I hope that the gov't will start by ruling the "not responsible for our negligence or the damage it causes" clauses of software licenses invalid. That would actually be a major positive step because it would allow consumers to sue software manufacturers for their defects and the damages they cause leading to a radical change in the nature of how software developers approach responsibility for quality in their products. Right now, most consumer operating systems are "unsafe at any speed".
> Lately, the courts have been ruling that companies like LimeWire are responsible for their products being used for piracy/downloading because they knew what was going on, but were turning a blind eye.
This is a positive step, IMHO, but, now companies like Apple and Micr0$0ft need to be held to similar standards.
> Why not apply the same standards to ISPs? If it can be shown that you had knowledge of specific abuse coming from your network, but for whatever reason, opted to ignore it and turn a blind eye, then you are responsible.
> When I see abuse from my network or am made aware of it, I isolate and drop on my edge the IPs in question, then investigate and respond. Most times, it takes me maybe 10-15 minutes to track down the user responsible, shut off their server or host, then terminate their stupid self.
> A little bit of effort goes a long way. But, if you refuse to put in the effort (I'm looking at you, GoDaddy Abuse Desk), then of course the problems won't go away.
More information about the NANOG