We talked about botnets before when we reported on how rampant the Srizbi botnet had become.
Now The Messaging Anti-Abuse Working Group (MAAWG) has released a set of guidelines developed by its members to combat the threat of botnets and spam. (Link)
Among these are guidelines for how to handle email sent from dynamic IP addresses and measures on information sharing between ISPs that would assist the efficient blocking of these offending IP address ranges. But the groups are not the only ones suggesting that more can be done by the ISP.
Internet security company Trend Micro have released figures that show the increase in botnets. Three years ago there were about 2.1 million compromised computers sending spam. In 2007 there were about 10 million.
(Link)
Trend Micro’s CTO Dave Rand had this to say:
“The ISPs need to get involved in security. The ISPs know the bot networks are there and they know which users are infected and they’re choosing to turn a blind eye and not inform users.”
Ken O’Driscoll, CTO for IE Internet, agrees. He says that ISPs should be stepping in to the breach, blocking traffic from certain ports on user’s home computers.
Paul Durrant of the Internet Service Providers Association of Ireland (ISPAI) says that spam is a nuisance for them too as it places a heavy load on their infrastructure. He doesn’t agree, however, that interfering in the traffic coming from a user’s computer is a good idea:
“There are data protection issues that we have got to be very cognisant of. You are effectively monitoring people’s types of usage and this is something we have not been doing.”
Rand snaps back:
“The problem is, any time they have contact with a customer, it costs money and their profits vanish after one call.”
Just when you think this is all getting very entertaining you remember that the problem here is that your security is under constant attack. There are other ways to combat spam and phishing at the ISP level and one I can think of offhand begins with “Brandmail” and ends with “Solutions”.
Oh come on, just allow me one shill.
Wargames
Lax computer system security is probably something we associate with the local pet store or solicitor’s office running Windows XP with the firewall turned off. But Scottish computer hacker Gary McKinnon set his sights a bit higher when he hacked in to the US military network in 2001.
McKinnon - who claims to have an obsession with UFOs – decided to see how easy it was to access military computers with highly sensitive information. Now aged 42, he is appealing an extradition order that could see him jailed in the United States for up to 70 years.
(Link)
Surely hacking on this level is very difficult? McKinnon says “no”.
“It was ridiculously easy. I am not some clever criminal mastermind who worked out a strategy. I went on a fishing expedition for blank administrative passwords — ones that had never been changed — and was surprised by how many I found, even at high levels. There were about 5,000 on computers across the military network.”
McKinnon claims there was no malice behind his activities and that he was merely curious. He has appealed the extradition order to The House of Lords in the United Kingdom and if that fails then he will appeal to the European Court of Human Rights.
You know when you sign up for an online service and they inform you about the strength or otherwise of your password? Take note. If a self-confessed Scottish geek can break in to the US military there’s a lesson there for us all.
Big company gets all snooty with eBay
It’s all getting a bit dirty in the online auction business. A French court has just fined eBay €40m (about US$63m) for allowing counterfeit designer goods to be sold on its website. The LVMH group accused eBay of "negligence" in allowing illegal copies of their goods to be sold in online auctions.
In a bid to make eBay a bit less fun they claim that even sales of its legitimate goods are illegal because only specialist dealers were allowed sell them. (Link)
A spokeswoman for eBay, Vanessa Canzini, clenched her fists and snarled:
"Today’s ruling is about an attempt by LVMH to protect uncompetitive commercial practices at the expense of consumer choice and the livelihood of law-abiding sellers that eBay empowers everyday.
"We will fight this ruling on their behalf; we will be seeking leave to appeal.”
As a consumer who enjoys a bargain as much as the next person this ruling is a kick in the teeth and may force eBay to rethink its business model. How many copycat claims are we going to see against eBay and other auction sites globally now?
The winners? Companies like LVMH who recorded record profits in 2007 of US$5.2bn.
