Re: dumb. Comcast pop-ups

[Dave Dennis <dmd () speakeasy org>]

On Sat, 10 Oct 2009, der Mouse wrote:

> > This is at least a step forward in network hygiene and I'm not
> > impressed with the notion that this sets up spoof messages; you could
> > say the same thing about any communications from an ISP.  How else
> > should Comcast notify users?
>
> I would suggest picking up the phone.  I've worked at an ISP that _did_
> notify users who appeared to have pwn3d boxes, and that's what we did.

If professional malware known to harvest data is confirmed present on the
customer computer, and the ISP has knowledge, it could be considered in the
customers' best interest if the ISP NOT allow them back on.  Preventing ID theft
and data theft is a valuable service.  It might even come to be some day that
there is a requirement of some kind not to allow PC that 'test positive' to
connect.

ID theft is rampant today.  At some point the parties being harmed are going to
expect that the loopholes start being closed.  After-the-fact anti-virus is hit
and miss at best.  We will I believe see required traffic dropping for signature
matches or some other confirmed metric.  It could already be considered best
practices.



+-------------------------
+ Dave Dennis
+ Seattle, WA
+ Speakeasy, Inc.
+ dmd () speakeasy net
+ http://www.speakeasy.net
+-------------------------
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.