The Channel logo
Posted in 'Wild West' internet needs a sheriff
Posted Friday 10th August 2007 13:07 GMT
Colin McKinnon

Follow the money.

+ instead of either acting itself or providing incentives for the private sector

+ the government insists that users are ultimately responsible for their own security

...but apparrently not *liable* for their failures. If someone runs an open SMTP relay, or fails to install patches or does not have an adequate firewall they will become the unwitting accomplices of the black-hats. While establishing a basic standard of culpability is nearly impossible (although IIRC the London Stock Exchange require listed companies to demonstrate compliance with at least part of BS7799) without accountability in such cases there is little hope of decreasing the amount of abuse and the authorities have little opportunity to track back to the origin of the problem.

It is not simply a problem of jurisdiction which prevents states from implementing effective controls - the biggest barrier is that the problem has already got totally out of control.

I'd like to believe that the newer generation will pressure service providers to provide good and effective security which works both ways (other than its SSL certificate - how does your bank/betting site/ISP... demonstrate that it truly is the organisation you have chosen to place your trust in?) but am far from impressed by the quality nor the independence of IT education in schools.

+ In the case of phishing sites, surely the first defence should be that the ISP

+ running the phishing site has an 24 hours per day instant take-down

+ obligation

Please! This would open the flood gates to a whole new denial of service vector - one which is already being exploited, but fortunately only in a few cases. I can see this would be attractive to the state because it moves the problem out of their domain into that of private litigation. This would automatically favour those who would abuse the system and disadvantages the ISP, the site owner and the end user.

I don't have the answer to these problems (unless its to install Linux!). Certainly as far as the vendor is concerned it seems to demonstrate how a market for lemons evolves and the problems inherent in monopolies.

C.

Forums

Forgotten password

Opinion

David McLeman

How I went from Unix engineering to flogging Google apps
My 25 years of comical IT buzzwords
euros_channel_money

Tim Worstall

Why on Earth is Microsoft moving to Euro pricing now?
Time to take a sniff at the coffee, perhaps
joe_tucci_emc_channel

Chris Mellor

EMC's hunt for Joe Tucci replacement continues
Will they have to drag him back like last time?
chain_relationship_channel

Peter O'Neill

Some vendors know how to treat a channel
Are you getting what you want?

Features

cloud_accounting
Reg readers love Private Cloud (true)
Playing the SLA long game
channel_teaser_money_top
IT distributors: The only people adding value to the world economy
More than just middlemen...
cloud computing Fight
The Great El Reg Private Cloud survey: Results are in!
Applications must work for the cloud to float
Paul Cormier, Red Hat
Red Hat hits 10-year, $1bn Enterprise Linux birthday
How a Unix killer crawled from the dot-com bust