funsec mailing list archives
Re: I would like to be the first to welcome our new masters...
From: Rich Kulawiec <rsk () gsp org>
Date: Fri, 14 May 2010 10:05:18 -0400
On Fri, May 14, 2010 at 09:27:18AM -0400, Valdis.Kletnieks () vt edu wrote:
Except that by and large, it isn't the service providers that have the security issues. How about we put certifications where they *matter*: 1) Certify the security of *customers* and *web hosting* companies. 2) Certify the provider's ability/willingness to *cut off abusive customers*.
+2. One of the points that seems to repeatedly escape many (but not of course those august luminaries gathered *here* ;-) ) is that attacks and abuse do not magically fall out of the sky: they originate on *somebody's* network, on *somebody's* host. Whether that's the result of hostile intent or a mistake or an intrusion or anything else is difficult to distinguish except by extensive post-mortem analysis on the originating site -- and this is rarely done by independent third parties. But whatever the underlying reason, the operational impact is the same. One of our major failures has been not holding people responsible for that impact. We have not displayed the necessary collective will to deny privileges to abuse/attack-sourcing operations, and as a result, they have no motivation to do anything about the situation. (Well, that's not quite true: if they're being well-paid to facilitate this impact, then they're highly motivated to facilitate more of it.) In my own area of expertise, as I've pointed out many times, we have held the solution for most of the spam problem in our hands for many years. We just don't have the guts to use it, which is in part why we fully deserve the ensuing misery. ---Rsk _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- I would like to be the first to welcome our new masters... phester (May 14)
- Re: I would like to be the first to welcome our new masters... Valdis . Kletnieks (May 14)
- Re: I would like to be the first to welcome our new masters... Rich Kulawiec (May 14)
- Re: I would like to be the first to welcome our new masters... Valdis . Kletnieks (May 14)