'Re: [Full-disclosure] Gustav, domain name reportage'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    Re: [Full-disclosure] Gustav, domain name reportage
From:       Wesley McGrew <wesley () mcgrewsecurity ! com>
Date:       2008-08-31 16:12:13
Message-ID: CC05A4A8-AB70-4346-8A2E-F8683928C381 () mcgrewsecurity ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


On Aug 31, 2008, at 2:46 AM, n3td3v wrote:

> On Sun, Aug 31, 2008 at 8:41 AM,  <Valdis.Kletnieks@vt.edu> wrote:
>> On Sun, 31 Aug 2008 08:28:08 BST, n3td3v said:
>>
>>> Well I don't see the point in telling the cyber criminals you're
>>> watching before the crime has been committed, because then obviously
>>> the crime won't be committed and yet the bad guys are still going to
>>> be out there being bad some other way that could be less detectable.
>>
>> So you disagree with police in patrol cars, too?
>>
>
> I agree with undercover operations who watch the cyber criminals
> committing the offence, then pouncing out from behind the wall and
> arresting them and getting them out of circulation completely, than
> scaring them off into the shadows to get up to who knows what.


Much, if not most, activities in information security have very little  
to do with law, law enforcement, legal actions, or arresting people.   
To catch a criminal is a great thing to do, but day-to-day, the idea  
is to prevent yourself and the people you are trying to protect from  
becoming victims of an attack in the first place.

Publishing a list of domain names that have the potential to be used  
in scams allows administrators (and savvy end-users that read ISC) to  
be aware of potential upcoming problems.  If publishing the list  
deters the owners from using them in scams, then that's a positive  
outcome too.  If they dropped the (admittedly small) amount of money  
speculating on a domain name they wind up not using, then they might  
think twice about doing it again, knowing that there are people  
watching the registrations.  Personally, I don't think it will keep  
them from using the domain names in scams, as there's plenty of money  
to be made, even after subtracting out the would-be-victims informed  
by this list.

Some of the names may see legitimate use.  The ISC postings even  
acknowledge this.  If they do see legitimate use, then that's great,  
however it's still worth monitoring these domains and setting up  
alerts for them in your organization until it can be verified which  
ones are legitimate.

Wesley
http://mcgrewsecurity.com




[Attachment #5 (text/html)]

<html><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: \
after-white-space; "><br><div><div>On Aug 31, 2008, at 2:46 AM, n3td3v wrote:</div><br \
class="Apple-interchange-newline"><blockquote type="cite"><div>On Sun, Aug 31, 2008 at 8:41 AM, \
&nbsp;&lt;<a href="mailto:Valdis.Kletnieks@vt.edu">Valdis.Kletnieks@vt.edu</a>> \
wrote:<br><blockquote type="cite">On Sun, 31 Aug 2008 08:28:08 BST, n3td3v \
said:<br></blockquote><blockquote type="cite"><br></blockquote><blockquote \
type="cite"><blockquote type="cite">Well I don't see the point in telling the cyber criminals \
you're<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">watching \
before the crime has been committed, because then \
obviously<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">the \
crime won't be committed and yet the bad guys are still going \
to<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">be out there \
being bad some other way that could be less \
detectable.<br></blockquote></blockquote><blockquote type="cite"><br></blockquote><blockquote \
type="cite">So you disagree with police in patrol cars, too?<br></blockquote><blockquote \
type="cite"><br></blockquote><br>I agree with undercover operations who watch the cyber \
criminals<br>committing the offence, then pouncing out from behind the wall and<br>arresting \
them and getting them out of circulation completely, than<br>scaring them off into the shadows \
to get up to who knows what.<br></div></blockquote></div><div><br></div><div>Much, if not most, \
activities in information security have very little to do with law, law enforcement, legal \
actions, or arresting people. &nbsp;To catch a criminal is a great thing to do, but day-to-day, \
the idea is to prevent yourself and the people you are trying to protect from becoming victims \
of an attack in the first place.</div><div><br></div><div>Publishing a list of domain names \
that have the potential to be used in scams allows administrators (and savvy end-users that \
read ISC) to be aware of potential upcoming problems. &nbsp;If publishing the list deters the \
owners from using them in scams, then that's a positive outcome too. &nbsp;If they dropped the \
(admittedly small) amount of money speculating on a domain name they wind up not using, then \
they might think twice about doing it again, knowing that there are people watching the \
registrations. &nbsp;Personally, I don't think it will keep them from using the domain names in \
scams, as there's plenty of money to be made, even after subtracting out the would-be-victims \
informed by this list.</div><div><br></div><div>Some of the names may see legitimate use. \
&nbsp;The ISC postings even acknowledge this. &nbsp;If they do see legitimate use, then that's \
great, however it's still worth monitoring these domains and setting up alerts for them in your \
organization until it can be verified which ones are legitimate.</div><br><div \
apple-content-edited="true"> <span class="Apple-style-span" style="border-collapse: separate; \
color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: \
normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; \
text-align: auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; \
word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: \
0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; \
-webkit-text-stroke-width: 0; "><div style="word-wrap: break-word; -webkit-nbsp-mode: space; \
-webkit-line-break: after-white-space; "><div>Wesley</div><div><a \
href="http://mcgrewsecurity.com">http://mcgrewsecurity.com</a></div><div><br></div></div></span><br \
class="Apple-interchange-newline"> </div><br></body></html>



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic