Re: dumb. Comcast pop-ups

["Larry Seltzer" <larry () larryseltzer com>]

> > A spam-spewing bot sticks out like a sore thumb, but a compromised
system which is not making itself so readily visible may go undetected
indefinitely.
> > Given what we've observed during this decade about botnet operators, I
think they are *easily* smart enough to hold huge numbers of systems in
reserve.

First you complain about false positives, now you switch the subject to
false negatives? Yes, the method Comcast is probably using probably only
identifies the conspicuous ones. Just because it doesn't find them all
is no reason not to find these ones.

> > Of course there isn't.  But do you really think that people clever
enough to rewrite bank statements on the fly will have any technical
difficulty at all deploying the code to block those pop-ups?

Right, and when that happens and when it becomes a serious impediment
then they'll have to deal with it. There's an awful lot of malware out
there right now that doesn't do it.

> > More broadly: one of the reasons we find ourselves where we do is that
we think too much about what the adversary IS doing instead of what the
adversary COULD be doing.  It's a failure of imagination.  It's why
they're so far ahead of us and pulling further away every day.

What do you actually expect Comcast to do by themselves, while still
serving a broad market of clueless average users? They're in a tough
spot and broad condescension like this doesn't contribute anything to
the debate.

Larry Seltzer
Contributing Editor, PC Magazine
larry_seltzer () ziffdavis com 
http://blogs.pcmag.com/securitywatch/

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.