funsec mailing list archives

Re: Good, bad or indifferent?


From: Benjamin Brown <optikali () gmail com>
Date: Mon, 25 Jan 2010 16:07:41 -0500

My mistake. This is not in fact legislation proper:

"The internet industry's voluntary code of conduct is being pushed by the
federal Department of Broadband, Communications and the Digital Economy.

The department has told a parliamentary inquiry into cyber-crime that the
voluntary code is faster than introducing legislation."


I wonder how many will actually sign-on to this?

On Mon, Jan 25, 2010 at 4:04 PM, Benjamin Brown <optikali () gmail com> wrote:

Ah but the caveat here is that it is a federal mandate brought down on the
ISPs leaving them without the option to back down. I am interested in seeing
just how the government will choose to enforce/enact such wide-sweeping
legislation.



On Mon, Jan 25, 2010 at 3:10 PM, Dave Dennis <dmd () speakeasy org> wrote:

On Mon, Jan 25, 2010 at 2:20 PM, Thomas Raef
<TRaef () wewatchyourwebsite com>wrote:


http://tech.slashdot.org/story/10/01/25/1458231/Australian-ISPs-To-Disconnect-Botnet-Zombies?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29
Please share your thoughts.



Thomas J. Raef


The usual mess of uninformed, speculative, hearsay and panic on /.

So.

If the IsP is doing captive portal surfing and attempting to provide
malware
detection/cleaning tools, they have a noble purpose, but could run into
interesting legal liability if the idiot home user managed to screw the
pooch
and make an unbootable system as a result.  The logic in the captive
portal
would possibly need to be bright enough to handle every besotted version
of
Windows from 95 to present, with all interop of old applications accounted
for
or at least not a concern.  Thats a tall ask.  So once they start breaking
heretofore "not broken" (as far as the home user is concerned) systems,
then
what ?  Its easily provable the home user PC was infected due to
traffic/signature/activity logged, but thats not going to mean anything to
the
home user if he/she can't boot up and play mafia wars.

I think fwiw this is usually where the conversation breaks down in the USA
on
this subject: To do the home fix the infected PC dance actually takes a
little
bit more than just malware removal: it takes behavior modification, it
takes
browser locking down / ad network blocking, it takes somehow coming up
with a
fix to years of really poor decisions on the part of the user, who
presumably is
running an old, unpatched, botched registry full of half-uninstalled
malware and
spyware and various apps, any of which may or may not be able to withstand
a
thorough clean/replace of some fairly important DLL.

So you get them to sign off on this, but their PC is mangled (to them)
afterwards, now what.  Customer support beat down, loads of posts to
various
dumbass consumer sites like Consumerist, "My ISP Broke My Computer" and
various
crying youtubes later, and will the ISP have the balls to stick to their
guns?

Or will they back down and cave in?

I don't see how they can avoid caving in.  Most users are monumentally
uninformed with regard to spyware / malware, their own risk averse
behavior, and
what even happened a week ago on the same PC.


My .02

-Dave D



+-------------------------
+ Dave Dennis
+ Seattle, WA
+ Speakeasy, Inc.
+ dmd () speakeasy net
+ http://www.speakeasy.net
+-------------------------
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.



_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread: