lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-Id: <CC05A4A8-AB70-4346-8A2E-F8683928C381@mcgrewsecurity.com>
Date: Sun, 31 Aug 2008 11:12:13 -0500
From: Wesley McGrew <wesley@...rewsecurity.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Gustav, domain name reportage


On Aug 31, 2008, at 2:46 AM, n3td3v wrote:

> On Sun, Aug 31, 2008 at 8:41 AM,  <Valdis.Kletnieks@...edu> wrote:
>> On Sun, 31 Aug 2008 08:28:08 BST, n3td3v said:
>>
>>> Well I don't see the point in telling the cyber criminals you're
>>> watching before the crime has been committed, because then obviously
>>> the crime won't be committed and yet the bad guys are still going to
>>> be out there being bad some other way that could be less detectable.
>>
>> So you disagree with police in patrol cars, too?
>>
>
> I agree with undercover operations who watch the cyber criminals
> committing the offence, then pouncing out from behind the wall and
> arresting them and getting them out of circulation completely, than
> scaring them off into the shadows to get up to who knows what.


Much, if not most, activities in information security have very little  
to do with law, law enforcement, legal actions, or arresting people.   
To catch a criminal is a great thing to do, but day-to-day, the idea  
is to prevent yourself and the people you are trying to protect from  
becoming victims of an attack in the first place.

Publishing a list of domain names that have the potential to be used  
in scams allows administrators (and savvy end-users that read ISC) to  
be aware of potential upcoming problems.  If publishing the list  
deters the owners from using them in scams, then that's a positive  
outcome too.  If they dropped the (admittedly small) amount of money  
speculating on a domain name they wind up not using, then they might  
think twice about doing it again, knowing that there are people  
watching the registrations.  Personally, I don't think it will keep  
them from using the domain names in scams, as there's plenty of money  
to be made, even after subtracting out the would-be-victims informed  
by this list.

Some of the names may see legitimate use.  The ISC postings even  
acknowledge this.  If they do see legitimate use, then that's great,  
however it's still worth monitoring these domains and setting up  
alerts for them in your organization until it can be verified which  
ones are legitimate.

Wesley
http://mcgrewsecurity.com




Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ