[102422] in North American Network Operators' Group
Re: IBM report reviews Internet crime
daemon@ATHENA.MIT.EDU (Tony Finch)
Wed Feb 13 07:11:12 2008
Date: Wed, 13 Feb 2008 12:10:13 +0000
From: Tony Finch <dot@dotat.at>
To: Owen DeLong <owen@delong.com>
cc: michael.dillon@bt.com, nanog@nanog.org
In-Reply-To: <7C2098E2-1A14-451D-8CC5-6C58D3C214F6@delong.com>
Errors-To: owner-nanog@merit.edu
> > * Of all the vulnerabilities disclosed in 2007, only 50 percent can be
> > corrected through vendor patches. [suggests that ISPs need to be
> > proactive about detecting and blocking compromised machines]
>
> I think this conclusion assumes a number of facts not in evidence.
>
> If the vulnerability cannot be corrected through a vendor patch, then,
> one has to wonder what, exactly the vulnerability is. If it is social
> engineering, then, I don't believe that ISP proactivity can really
> address the issue.
It can if the kind of proactivity they mean is taking down phishing web
sites. (Though I wouldn't describe a phishing site as a vulnerability.)
Tony.
--
f.a.n.finch <dot@dotat.at> http://dotat.at/
FISHER GERMAN BIGHT: NORTHWEST VEERING NORTHEAST 3 OR 4, BUT 5 OR 6 IN NORTH
FISHER. SLIGHT OR MODERATE, OCCASIONALLY ROUGH LATER IN FISHER. FOG PATCHES
THEN FAIR. MODERATE OR GOOD, OCCASIONALLY VERY POOR.
