nanog mailing list archives

RE: "Everyone should be deploying BCP 38! Wait, they are ...."

From: Adam Vitkovsky <adam.vitkovsky () swan sk>
Date: Thu, 20 Feb 2014 15:37:29 +0100

Actually, it would be nice if someone who writes security software 
like NOD32 or Malwarebytes, or spybot, adaware, etc, would 
integrate it into their test suite.  Then you get the thousands of 
users from them added to the results.


I have just sent an email to ESET promoting participation on the BCP38
initiative by incorporating spoofer projects program in their program suite.

If there's more of us maybe we can make a change.


adam
-----Original Message-----
From: Robert Drake [mailto:rdrake () direcpath com] 
Sent: Tuesday, February 18, 2014 9:56 PM
To: nanog () nanog org
Subject: Re: "Everyone should be deploying BCP 38! Wait, they are ...."


On 2/18/2014 2:19 PM, James Milko wrote:

Is using data from a self-selected group even meaningful when 
extrapolated?  It's been a while since Stats in college, and it's very 
likely the guys from MIT know more than I do, but one of the big 
things they pushed was random sampling.

JM

Isn't it probable that people who know enough to download the spoofer
projects program and run it might also be in position to fix things when
it's broken, or they may just be testing their own networks which they've
already secured, just to verify they got it right.

I may put it on my laptop and start testing random places like Starbucks, my
moms house, conventions and other things, but if I'm running it from my home
machine it's just to get the gold "I did this" star.

So yeah, data from the project is probably meaningless unless someone uses
it as a worm payload and checks 50,000 computers randomly (of course I don't
advise this.  I just wish there was a way to really push this to be run by
everyone in the world for a week)

Maybe with enough hype we could get CNN to advise people to download it.
Actually, it would be nice if someone who writes security software like
NOD32 or Malwarebytes, or spybot, adaware, etc, would integrate it into
their test suite.  Then you get the thousands of users from them added to
the results.

Current thread:

Re: "Everyone should be deploying BCP 38! Wait, they are ....", (continued)
- - - Re: "Everyone should be deploying BCP 38! Wait, they are ...." Jared Mauch (Feb 18)
    - Changing the way we talk about BCP38 [Was: Re: "Everyone should be deploying BCP 38! Wait, they are ...."] Paul Ferguson (Feb 18)
    - Re: Changing the way we talk about BCP38 [Was: Re: "Everyone should be deploying BCP 38! Wait, they are ...."] Dobbins, Roland (Feb 18)
    - Re: "Everyone should be deploying BCP 38! Wait, they are ...." Tony Tauber (Feb 18)
    - Re: "Everyone should be deploying BCP 38! Wait, they are ...." Dobbins, Roland (Feb 18)
  - Re: "Everyone should be deploying BCP 38! Wait, they are ...." Jay Ashworth (Feb 18)
- Re: "Everyone should be deploying BCP 38! Wait, they are …." Larry Sheldon (Feb 18)
  - Re: "Everyone should be deploying BCP 38! Wait, they are ...." James Milko (Feb 18)
    - Re: "Everyone should be deploying BCP 38! Wait, they are ...." Robert Drake (Feb 18)
    - Re: "Everyone should be deploying BCP 38! Wait, they are ...." Jay Ashworth (Feb 18)
    - RE: "Everyone should be deploying BCP 38! Wait, they are ...." Adam Vitkovsky (Feb 20)
    - Re: "Everyone should be deploying BCP 38! Wait, they are ...." Jay Ashworth (Feb 20)