-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Apologies for the noise, but I'd like to go ahead and provide references for a couple of data points which I plan to mention tomorrow during my brief presentation -- they are not referenced in my presentation slides, but they do highlight the issues I'm trying to address. Each are very recently announced studies, papers, or announced statistics. The first one is a study conducted by the fine folks at Google, wherein they "...investigated billions of URLs and found more than three million unique URLs on over 180,000 web sites automatically installing malware". The paper is located here: "All Your iFrame Are Point to Us" http://research.google.com/archive/provos-2008a.pdf ...and associated blog entry here: http://googleonlinesecurity.blogspot.com/2008/02/all-your-iframe-are-point- to-us.html This study reinforces what we are seeing -- literally hundreds of thousands of compromises on the web and server -side. Second, is a paper recently jointly released/presented by Ga. Tech and Google on the the rampant escalation of rogue/malicious DNS resolution paths: http://www.citi.umich.edu/u/provos/papers/ndss08_dns.pdf The numbers are somewhat... staggering. The two issues above contribute directly, and overlap, more than most people are aware. And thirdly is a figure that some folks may already be aware of; the fact that identity theft was the number one source of consumer fraud complaints submitted to the U.S. Federal Trade Commission in 2007. According to the agency's yearly report on fraud complaints for 2007, of 813,899 total complaints received in 2007, 258,427, or 32 percent, were related to identity theft: http://www.ftc.gov/opa/2008/02/fraud.pdf According to the FTC, total consumer fraud losses totaled $1.2 billion, with the average monetary loss for an individual at $349. Credit card fraud was the most common form of reported identity theft at 23 percent, followed by utilities fraud at 18 percent, employment fraud at 14 percent, and bank fraud at 13 percent. Now, there is a certain "fudge factor" in these numbers, of course, but I only mention these issues as a preface for the topics that I plan to solicit the NANOG community's assistance in addressing. Thanks, and see you tomorrow! :-) - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFHunbjq1pz9mNUZTMRAri9AKD8wY2qH07AMhpDc2dZpJkdFAHVFQCdEa+t uI1Cwhy1TlHjI6DlQHy5SCM= =V9Dm -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/