Posts on various technologies and techniques for discovering, mitigating and removing botnets
The recent TF-CSIRT meeting in Zurich included a talk by the Swiss telecoms regulator (like ours, called Ofcom, though their ‘F’ stands for Federal!) on the law covering websites in the .ch domain that distribute malware, normally as the result of a compromise. Under this law a designated authority can order the temporary or permanent […]
The EU has finally adopted a new Directive on attacks against information systems, first proposed in 2010. The Directive will require Member States, within two years, to ensure they meet its requirements on Activities that must be considered crimes; Effective sentences for those convicted of the crimes (including higher maximum sentences for aggravating circumstances such […]
Nominet have published an interesting analysis of the legal issues around any possible process for suspending domains associated with criminal activity. This raises the rather worrying issue that the legal position is not clear if a registry is informed of unlawful conduct somewhere in their domain and decides that the evidence is not strong enough […]
Nominet’s Issue Group on dealing with domain names used in connection with criminal activity has published its draft recommendations, which seem reassuringly close to the JANET submission to the original request for comments. Expedited suspension of a domain is regarded as a last resort, to be used only where alternative approaches via the registrar or […]
With various Governments looking at the Domain Name Service (DNS) as a tool to implement national policy (for example the USA’s SOPA and PIPA proposals) Rod Rasmussen’s talk at the FIRST conference was a timely reminder of the possible problems with this approach. DNS is a critical part of the Internet, providing the conversion between […]
An interesting paper from ENISA and the NATO Cyberdefence Centre illustrates the narrow space that the law allows for incident response, and the importance of ensuring that new laws don’t prevent incident response teams from protecting networks, systems, their users and information against attack. By comparing the details of German and Estonian law, the report […]
I’ve submitted a Janet response to a European consultation on a future EU Network and Information Security legislative initiative. The consultation itself seems to suffer from “if you only have a hammer” syndrome: if you’re a legislator then it must be tempting to think that all problems (lack of reporting of “cybercrimes”, insecure end-user computers, […]
Earlier in the year I wrote about the German ISP Association’s scheme to remove the economic disincentive for ISPs to inform their customers of botnet infections on their PCs by providing a centrally-funded helpdesk. In Latvia a different approach has been taken: providing a “responsible ISP” mark that consumer networks can use on their websites […]
I had an interesting discussion last week with Thorsten Kraft of the German ISP association, eco, on how German network providers cooperate to help reduce the number of their users’ PCs that are infected with malware. The UK Government has recently added this as an aim in our national Cyber Security Strategy so the German […]
Questions about my last posting on Nominet’s DNS domain suspension discussions, have got me thinking a bit more about my idea of “domains registered for a criminal purpose”. My suggestion is that these should be the only domains that a top-level registry can remove on its own, rather than asking for the decision to be […]