North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: mitigating botnet C&Cs has become useless
- From: Peter Dambier
- Date: Tue Aug 08 19:40:16 2006
Mikael Abrahamsson wrote:
On Tue, 8 Aug 2006, Rick Wesson wrote:
Last sunday at DEFCON I explained how one consumer ISP cost American
business $29M per month because of the existence of key-logging botnets.
you want to talk economics? Its not complicated to show that
mitigating key-logging bots could save American business 2B or 4% of
=losses to identity theft -- using FTC loss estimates from 2003
just because an ISP looses some money over transit costs does not
equate to the loss american business+consumers are loosing to fraud.
I am sure that the total cost would be less if everybody cleaned up
their act. It doesn't change the fact that the individual ISP has to
spend money it will never see returns on, for this common good to emerge.
If the government wants to do this, then I guess it should start
demanding responsibility from individuals as well, otherwise I don't see
this happening anytime soon. Microsoft has a big cash reserve, perhaps
the US government should start demanding them clean up their act and
release more secure products, and start fining people who don't use
their products responsibly. Oh, and go after the companies installing
spyware, in ernest? And to find these, they have to start wiretapping
everybody to collect the information they need.
I remember working in the sysops group of a big company we made our
Leaving your terminal without logoff would cost you a bottle of cognac.
Writing your password under the keyboard would cost you a bottle of cognac.
My boss used to have stomach aches. That is why arround noon you would
find most of us in the machine room - sorting tapes :) It was the
coldest place in the building. Right to cool down our red faces :)
It might be cool if an ISP was to charge his costumers a bottle of Pepsi
everytime they got hacked.
It might be even more cool if the costumer succeeded to charge Microsoft
if they were the culprit :)
Otoh this added security might add up to more losses than 2B per year in
less functionality and more administration and procedures (overhead), so
perhaps those 2B is the price we pay for freedom and liberty in this space?
Always hard to find the balance.
No more balance after that bottle of cognac :)
Peter and Karin
Peter and Karin Dambier
Cesidian Root - Radice Cesidiana
+49(179)108-3978 (O2 Genion)
+49(6252)750-308 (VoIP: sipgate.de)