-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, Jun 8, 2010 at 1:30 PM, Brielle Bruns <bruns@2mbit.com> wrote:
On 6/8/10 2:12 PM, Dave Rand wrote:
It's really way, way past time for us to actually deal with compromised computers on our networks. Abuse desks need to have the power to filter customers immediately on notification of activity. We need to have tools to help us identify compromised customers. We need to have policies that actually work to help notify the customers when they are compromised.
None of this needs to be done for free. There needs to be a "security fee" charged _all_ customers, which would fund the abuse desk.
With more than 100,000,000 compromised computers out there, it's really time for us to step up to the plate, and make this happen.
Problem is, there's no financial penalties for providers who ignore abuse coming from their network.
Actually, the real problem is that if providers *don't* start doing something to remediate abuse originating within their customer base -- and begin policing themselves -- I don't think they will like someone else (e.g. the gummint) forcing them to do something (which actually may be worse). The opportunity for providers to address this problem by policing themselves is being overshadowed by the real possibility that the government may step in and force them to do so, unfortunately. $.02, - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) wj8DBQFMDrt9q1pz9mNUZTMRAl7nAKC3hrq4Jbyq3HzOPJBrQFSDAESroACgxzPu ZiRk4x2DQGNqPcLOn/iqDIA= =x4JB -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/