Re: Nato warns of strike against cyber attackers

[Brielle Bruns <bruns () 2mbit com>]

On 6/9/10 2:56 PM, Owen DeLong wrote:
> On Jun 9, 2010, at 8:26 AM, Brielle Bruns wrote:
>
> > On 6/9/10 6:27 AM, Jorge Amodio wrote:
> > > Going back then to a previous question, do we want more/any
> > > regulation ?
> >
> > Laws and regulation exist because people can't behave civilly and
> > be expected to respect the rights/boundries/property others.
> >
> > CAN-SPAM exists because the e-mail marketing business refused to
> > self regulate and respect the wishes of consumers/administrators
> Which is good, because it certainly eliminated most of the SPAM. --
> NOT!
>
> > FDCPA exists because the debt collectors couldn't resist the
> > temptation to harass and intimidate consumers, and behave
> > ethically.
> And of course, it has caused them all to do so, now, right? -- NOT!


These may not solve all problems, but it does give victims (at least in 
the case of debt collectors) the ability to club them in the face in 
court a few times to the tune of a thousand bucks or so an incident.

Nothing is more satisfying then being able to offer a debt collector the 
option to settle for $X amount.  :)

> > Lately, the courts have been ruling that companies like LimeWire
> > are responsible for their products being used for
> > piracy/downloading because they knew what was going on, but were
> > turning a blind eye.
> This is a positive step, IMHO, but, now companies like Apple and
> Micr0$0ft need to be held to similar standards.


Problem is, Microsoft and Apple, though being lax in their coding 
practices, can't entirely help it.  Open Source software has the same 
problems, but do you really think that we should be charging Linus every 
time a Linux box is owned?

There comes a point where a program is so large and expansive that 
holes/exploits is a fact of life.


> > Why not apply the same standards to ISPs?  If it can be shown that
> > you had knowledge of specific abuse coming from your network, but
> > for whatever reason, opted to ignore it and turn a blind eye, then
> > you are responsible.
> I agree.
>
> > When I see abuse from my network or am made aware of it, I isolate
> > and drop on my edge the IPs in question, then investigate and
> > respond.  Most times, it takes me maybe 10-15 minutes to track down
> > the user responsible, shut off their server or host, then terminate
> > their stupid self.
> Yep.
>
> > A little bit of effort goes a long way.  But, if you refuse to put
> > in the effort (I'm looking at you, GoDaddy Abuse Desk), then of
> > course the problems won't go away.
> Agreed.


Now if only we could get certain providers to put some effort into it...

--
Brielle Bruns
The Summit Open Source Development Group
http://www.sosdg.org    /     http://www.ahbl.org