North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: IBM report reviews Internet crime
- From: Owen DeLong
- Date: Tue Feb 12 14:22:37 2008
Some highlights from the Management summary with my comments in
* Although total vulnerability disclosures went down, the number of
severity vulnerabilities increased by 28 percent in comparison with
* The busiest day of the week for vulnerability disclosures
with 1,361 new vulnerabilities disclosed on this day of the week in
* Of all the vulnerabilities disclosed in 2007, only 50 percent can be
vendor patches. [suggests that ISPs need to be proactive about
and blocking compromised machines]
I think this conclusion assumes a number of facts not in evidence.
If the vulnerability cannot be corrected through a vendor patch, then,
one has to wonder what, exactly the vulnerability is. If it is social
engineering, then, I don't believe that ISP proactivity can really
address the issue. Much more detail on the nature of these
vulnerabilities which cannot be corrected by vendor patches is
needed before any useful conclusion about the correct solution can
* Critical vulnerabilities for Mozilla Firefox were dramatically lower
compared to 2006.
[If you still distribute any kind of software kits that do not install
FireFox, you are doing your customers a disservice and making your
detection and blocking task that much bigger. When you contact
with compromised machines you might want to make it mandatory to
Firefox from your servers before re-enabling Internet access]
Huh? Why should everyone ship a browser with their software kit?
Browsers are like religion. You're really not going to have a lot of
success trying to force one down your customers' throats.
It's great that Firefox security has improved, but, this statement alone
does not really provide any details about the current relative level
of vulnerability between Firefox and any other browser.
Considering that the US is also consistently among the top three sources
* The U. S. and Germany were the only two countries consistently among
the top three
hosting sources for each type of "unwanted" Internet content monitored
[Suggests that NANOG members need to raise the bar considerably to
up their own backyard. What do you know about your own Internet
of desirable content, I'm not sure that this ranking necessarily
of anything, but, I do agree that ISPs could do a better job of
* Trojans represent the largest category of malware in 2007 - 109,246
account for 26 percent of all malware.
* The most frequently occurring malware on the Internet was
26,573 varieties in 2007 account for 24 percent of all Trojans.
* The most common worm in 2007 was Net-Worm.Win32.Allaple with 21,254
varieties. It is a family of polymorphic worm that propagates by
Windows(r) vulnerabilities instead of using e-mail.
[This suggests that targetting these specific attack vectors could
up a significant amount of the problem and correspondingly recduce
costs for detection and blocking of compromised machines.]
It also suggests that taking Windows off the net could do a lot to
the level of vulnerability, but, I'm not holding my breath until that