mitigating botnet C&Cs has become useless

----- Original Message Follows -----

> there has to be a technical way to do this, rather
> than a diplomatic way as the diplomatic ways
> historically have not worked in the other areas
> mentioned, so they probably won't work here, either.
> Or we have to keep going until one can be contrived.
> Many good attempts have been made and there will be
> more to come until we hopefully rid ourselves of the
> sickness others of lower values force on us daily...

I have nothing against technical solutions tho after over
ten years of a lot of smart people trying, and a grand
prize of probably a billion dollars increase in personal
wealth, it doesn't seem forthcoming.

However, I do take exception to the assertion that
"diplomatic ways historically have not worked in other
areas mentioned".

I think what you mean is that they haven't worked
perfectly, but slipped the semantics a little. Surely you
didn't mean to say that all efforts to oppose, e.g., the
human slave trade have been in vain?

The effectiveness has a lot to do with the profitability
making the risk worthwhile (e.g., drug trade), and who the
crime appeals to; some poor, desparate people will take
risks others won't (e.g., high-seas piracy.)

Unfortunately all this reasoning might be edifying but it
leads nowhere.

Yes, you're correct. I didn't mean to say the things you
mentioned haven't worked at all. I'm just saying that there
has to be a better way than police-type actions on a global
scale. Also, I'm sure many more smart people will work on
it for many more years and others will make billions more
before it's solved. But it needs to be solved on the same
playing field that the ugliness is occurring on. You don't
solve San Diego's slave trade by kicking ass on Indonesia's

Last, you're also correct that this is leading nowhere. I
made my point and have now beat it to death. Thanks for

scott ("Scott Weeks") writes:

... I'm just saying that there has to be a better way than police-type
actions on a global scale. ...

no, there doesn't have to be such a way. where the stakes are in meatspace
(pun unintended), the remediation has to be in meatspace. cyberspace is
just a meatspace overlay, it can only pretend to have different laws when
nothing outside of cyberspace is at stake. i think that the days when
botnets were mostly used for kiddie-on-kiddie violence or even gangster-on-
gangster violence are permanently behind us. it's up to the real LEOs now,
because it's on their turf now, which is to say, it's in the real world now.

as was true of spam when i said this about spam ten years ago, it is true
now of botnets that the only technical solution is "gated communities". but
the internet's culture, which merely mirrors the biases of those who use it,
requires the ability for children to go door to door selling girl scout
cookies, without necessarily having the key code to every one of the doors.

so the internet community has no appetite for the trappings of any technical
solution to botnets. the meatspace community and their LEOs absolutely *do*.

Pardon the oddball formatting, as much as I loathe Outlook, it is our
internal standard for corporate mail.

I'd just like to point out Paul, that while we may rely on police to
handle crimes in the real world, we still lock our doors.

Jamie Bowden

I agree with this in a number of dimensions.

One, look at mankind's physical security over the centuries. Walled cities were once in vogue for defense. (Sieges were a DOS attack.) Walled defenses evolved over time, yet there was always a need to have gates for commerce. Eventually walls have become unimportant (mere tourist curiosities) as wealth has shifted from the physical to monetary realm (and then from gold bars to electronic accounts).

The goals of attacks, and the methods of attack shift. Defensive strategies must, okay, ought to shift too.

Two, look at the DHS recommendation to secure the Internet via DNSSEC and enhancing BGP. What amounts to an unfunded mandate to everyone to "protect themselves" hasn't given much impetus to everybody pitching in and making a safer Internet. My recommendation would have been for the DHS to say to the (US Federal) government "the Internet's an unsafe place, protect your self in dealing with contractors and bidders but requiring all transactions be done with suitable security." Basically protect your own first, recommend safer actions for others, and allow those that want to be at risk to continue doing so.

What I mean here is that building a gated community is more likely to happen around the assets the government needs to protect than the government is going to get others to voluntarily spend more resources to defend against boogymen that may or may not exist. Money is more easily spent to answer a need you know than to follow a recommendation from someone you don't.

What is considered an acceptable level of safety is relative. For those who get to ride in cars (taxis) around the world, how many times have you been in a cab that has done something illegal in your home country but is considered safe in another (because the action is 'expected')?

Gated communities, wall gardens, same thing. Both are counter to the philosophy of which spawned the Internet. But they may also be the only way to make the Internet a reliable tool for mankind and not just an academic exercise run amok.

It was pointed out to me that I'm even less of a historian than a lawyer...walls became unimportant (security-wise) when warfare changed. But still, what's being defended has also changed.

And, in most neighborhoods, feel reasonably safe with locked doors and
glass windows (particularly for our vehicles.)

The problem starts when the best suggestion is to board up all the
windows because they're so easily broken and entered.

That is, when security measures become so onerous that they devalue
the quality of life.

At some point it's time to put the onus on the bad guys and make
*them* afraid.

P.S. A trick I learned working with the Boston Fire Dept: Many
buildings with solid locked doors and barred windows can be cut into
right thru the wall in a minute with common handtools, at least enough
to reach around and unlock the door. Sound familiar?