Naming and Shaming "Bad" ISPs 79
An anonymous reader writes "Brian Krebs takes a provocative look at ISP reputations, collecting data from 10 different sources that track 'badness' from a multitude of angles, from phishing to malware to botnet command and control centers. Some of the lists show very interesting and useful results; the ISPs that are most common among the various reputation services are some of the largest ISPs and hosting providers, including ThePlanet and Softlayer. The story has generated quite a bit of discussion in the security community as to whether these various efforts are measuring the wrong things, or if it is indeed valid and useful to keep public attention focused on the bigger providers, since these are generally US-based and have the largest abuse problems in terms of overall numbers."
Re:New Jersey (Score:5, Informative)
True, but you also have to prepare a budget for it. You can choose the contracts for careless or even malicious customers who would not accept a more sane or secure overall environment, including spammers and l33t d00dz who insist that "the Internet is free!!!" and "why can't I run my own NFS/SMB/HTTP/SMTP/FTP/IRC/Bittorrent server, I paid my $19.99/month!!!!" And slapping them down and turning them away lowers your potential customer base: a lot of ISP's worry a lot about "market penetration", and rely on being the locally dominant player. Following up properly on complaints against those abuse customsers also takes serious engineering and legal reources, none of which generates revenue.
Conversely, some ISP's do well with the superior service being security aware can provide. They don't get overwhelmed by surprise Bittorrent or FTP deluges against hosted servers, they channel outbound SMTP through servers that require authentication so the spambots can achieve nothing without passwords and they disconnect machines spewing Windows worms around their local network. and they keep their routers up-to-date with security patches to avoid getting re-routed. Some of us appreciate the resulting protection, and pay for it in our monthly bill rather than in expensive internal engineering cleaning up the messes.
Major domains being exploited (Score:5, Informative)
We've been doing something like this at SiteTruth for two years. We have the list of major domains being exploited by active phishing scams [sitetruth.com]. This is simply a list of domains that are both in PhishTank (about 100,000 entries) and Open Directory (about 1.5 million entries). Today, 84 domains are in both. There's been a surge; it was 54 two days ago.
Domains are on this list for one of several reasons.
While this is to some extent a "blame the victim" approach, it's more effective than "phishing education" aimed at end users. Hundreds of webmasters have to be educated, not hundreds of millions of end users.