On Nov 27, 1:40pm, Rich Kulawiec wrote:
}
} Unless you can figure out a way to uncompromise ~10e8 systems *and
} keep them that way*. Because as long as those systems are out there,
} spammers have the ability to make other people pay for their spam
Maybe we shouldn't care, provided that it's not the receivers who pay.
I don't see a high-profile industry consortium arguing about how to
prevent PBXs from being cracked to make fraudulent calls. When a
phone system gets compromised, someone eventually notices it and does
something, including possibly calling law enforcement.
What fraction of owners of those ~10e8 compromised PCs *ever* find
out they have a problem?
A few misguided anti-virus systems tried sending return email notices
about compromised machines. Bad idea on several levels. But what if
the notices about compromised machines went back through some entirely
other channel, like a hardcopy letter sent by the ISP to which the
compromised machine is connected?
What does it take to get ISPs to monitor the situation, and to send out
those kinds of notices to potentially thousands of customers? What does
it take to get those customers' attention when notified?
Does it really matter if there's a noise level of some compromised PCs
floating around, if there's a way to keep it tamped down? The problem
right now is that it's running amok with no direct feedback.
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
https://www.irtf.org/mailman/listinfo/asrg