full-disclosure-uk August 2008 archive
Main Archive Page > Month Archives  > full-disclosure-uk archives
full-disclosure-uk: Re: [Full-disclosure] Gustav, domain name re

Re: [Full-disclosure] Gustav, domain name reportage

From: Wesley McGrew <wesley_at_nospam>
Date: Sun Aug 31 2008 - 16:12:13 GMT
To: full-disclosure@lists.grok.org.uk

On Aug 31, 2008, at 2:46 AM, n3td3v wrote:

> On Sun, Aug 31, 2008 at 8:41 AM, <Valdis.Kletnieks@vt.edu> wrote:
>> On Sun, 31 Aug 2008 08:28:08 BST, n3td3v said:
>>
>>> Well I don't see the point in telling the cyber criminals you're
>>> watching before the crime has been committed, because then obviously
>>> the crime won't be committed and yet the bad guys are still going to
>>> be out there being bad some other way that could be less detectable.
>>
>> So you disagree with police in patrol cars, too?
>>
>
> I agree with undercover operations who watch the cyber criminals
> committing the offence, then pouncing out from behind the wall and
> arresting them and getting them out of circulation completely, than
> scaring them off into the shadows to get up to who knows what.

Much, if not most, activities in information security have very little to do with law, law enforcement, legal actions, or arresting people. To catch a criminal is a great thing to do, but day-to-day, the idea is to prevent yourself and the people you are trying to protect from becoming victims of an attack in the first place.

Publishing a list of domain names that have the potential to be used in scams allows administrators (and savvy end-users that read ISC) to be aware of potential upcoming problems. If publishing the list deters the owners from using them in scams, then that's a positive outcome too. If they dropped the (admittedly small) amount of money speculating on a domain name they wind up not using, then they might think twice about doing it again, knowing that there are people watching the registrations. Personally, I don't think it will keep them from using the domain names in scams, as there's plenty of money to be made, even after subtracting out the would-be-victims informed by this list.

Some of the names may see legitimate use. The ISC postings even acknowledge this. If they do see legitimate use, then that's great, however it's still worth monitoring these domains and setting up alerts for them in your organization until it can be verified which ones are legitimate.

Wesley
http://mcgrewsecurity.com



Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/