Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Spamhaus Shows What's Next For Block Listing
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
Shepy
50%
50%
Shepy,
User Rank: Apprentice
11/28/2013 | 7:14:57 AM
Needs more
  • Legitimate organizations and users will abandon providers with poor reputations and flock to those with better reputations.
  • Providers with poor reputations will take remedial actions to avoid or recover from customer attrition and continued erosion of their reputation.
  • Users or organizations that switch will get better services from their new provider.
  • Providers with poor reputations cannot inflict reputational harm on their industry segments.

    In a perfect world this sounds ideal, but it's really starting to feel like SMTP needs an overhaul from the ground up, it's too long in the tooth and doesnt cate for spam prevention among other things nearly enough
davepiscitello
50%
50%
davepiscitello,
User Rank: Apprentice
11/26/2013 | 5:29:30 PM
Re: How can we trust them?
I work with folks from many of the reputation, block list, or "intervenor/responder" communities. My experience is that block listing relies heavily on information sharing and collaboration, and that these processes put a great deal of time and consideration to minimize false positives or collateral harm. 

I think these checks and balances make reputation scoring more reliable and much less prone to malice or retaliation or vigilantism than user submitted phish or web trust sites. 

 
a_synonymous
50%
50%
a_synonymous,
User Rank: Apprentice
11/26/2013 | 3:31:56 PM
How can we trust them?
Hi Dave,

You mentioned that there was no public outcry or condemnation.  The question is:  are we allowed to publicly oppose Spamhaus?  Recently, a person had edited their Wikipedia article to mention the recent conflict with the group "Stophaus".  The edit was immediately reverted by someone from Spamhaus, and the editor's IP was added to Spamhaus' blocklist.  People in the ISP community walk on eggshells around Spamhaus out of fear of reprisal.

In regards to reptuation scores, have you ever had someone say they hate your favorite restaurant or sports team?  How can businesses be sure that they are receiving all their legitimate correspondence when they rely on the subjective opinions of a group of people that assumes no responsibility for their actions, and triggers blocking of email from entire swathes of the internet with impunity?

Synonymous
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
11/25/2013 | 10:55:52 AM
Re: Malicious blacklisting is never acceptable> Or is it?
Thanks for calling attention to the Web index for 2013, Brian. I totally agree with your point relating economic development with freedom and human rights. It's good to see it quantified. 

As for the "gray area"  of block listing, I think Dave lays out a pretty good case about the reasons organizations may choose to blocklist. Those that do, (as he added on his comment) take those actions when they reach the point that  harm to their  users is at greater risk than not blocking. 

I'm not sure that the industry is at a point where it's necessary to codify those malicious behaviors into standards. But it's certainly a subject worth considering and discussing. 
Brian.Dean
100%
0%
Brian.Dean,
User Rank: Apprentice
11/24/2013 | 2:48:11 PM
Re: Malicious blacklisting is never acceptable> Or is it?
Thank you for the links Dave, and yes I agree that blocking is an area where choosing sides are of no value, understanding motives and reacting according is where we can find value.

The World Wide Web Foundation has recently released a Web index for 2013 that measures development by evaluating universal access, relevant content, freedom, openness, impact and empowerment of different countries -- it is not surprising to see that the five countries at the bottom of this list also have low performing economies at the moment. I guess it means that blocking powers are being misused in those economies. In our global village we also have malware like i2ninja etc that is created with the exact intention to cause harm, I feel this is where a block can be justified.

Basically, it is all a gray areas until and unless we look deeply into the motives behind a block.
davepiscitello
50%
50%
davepiscitello,
User Rank: Apprentice
11/23/2013 | 3:52:24 PM
Re: Malicious blacklisting is never acceptable> Or is it?
Good points, all Brian.

FWIW, I have also written columns that explain how blocking actions typically taken by private network admins have different affects - and can result in unacceptable collateral harm - when taken by public operators, ISPs, or governments. 

You can find a summary of these and links to three related articles at Making Sense of Shutdowns, Takedowns, Seizures and More...
davepiscitello
50%
50%
davepiscitello,
User Rank: Apprentice
11/23/2013 | 3:45:17 PM
Re: Malicious blacklisting is never acceptable> Or is it?
Hi Marilyn,

I'm neither advocating or opposing block listing but as you say, positing a future direction that block listing may take if (or when) harm to an organization's own users vs collateral harm reaches a tipping point.

One answer to your question " Are there acceptable limits to malware blacklisting?" is answered nearly every day: risk tolerance dictates limits for private network admins, and risk from malware has become a largely untolerated risk.

I, too, welcome public outcry.

Especially when it takes the form of informed, reasoned debate. 
davepiscitello
50%
50%
davepiscitello,
User Rank: Apprentice
11/23/2013 | 3:35:48 PM
Re: Malicious blacklisting is never acceptable
Thanks for your post. Let me set some facts before you, since you may not have found time to look at the chronology of events leading to Spamhaus' action.
  1. Spamhaus had identified 92 violations as far back as 2010. These went unresolved. They were listed at http://www.spamhaus.org/sbl/query/SBL201751 but you now have to go into the archives.
  2. The violations included botnet spam hosting, malware hosting, malware dropper hosting, DDoS botnet controllers and more. Using the SBL does more for an organization than block occasional junk messages: it protects users against the very botnets that you claim generate spam.
  3. They did not act zealously or without care, they did give CHINANET-GD time to resolve.

I'm most disappointed that you appear to have missed the important point that the use of SBL is a voluntary act by organizations who made the decision to protect their own users against malware distribution, spam, or DDoS at the expense of not processing mail from addresses on the block list.

 

 
Brian.Dean
100%
0%
Brian.Dean,
User Rank: Apprentice
11/23/2013 | 1:44:26 PM
Re: Malicious blacklisting is never acceptable> Or is it?
Marilyn, excellent point as debates are good. From a business standpoint that wants to protect its customers from spam, I think blocking an ISP is a very small matter as any business that truly respects its customers would even get their own domain blocked, if they suspected their own domain to be spamming customers. From an economic perspective things are different, blocking anything becomes a mathematical equation that will eventually reduce or limit productivity on both ends, and roads etc were blocked in the past when roads were our main source of commerce. Today in this information age, information highways are blocked. As for customers, well I think every customer would like to open their spam folder and get the message "Hooray, no spam here!", and their main inbox would be no exception.

Definitely, it is a complex topic and it is extremely interesting to know about the "rapid chain of events" and moreover that it was "accepted without public outcry or condemnation", changing times I guess.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
11/23/2013 | 11:25:10 AM
Re: Malicious blacklisting is never acceptable> Or is it?
Andrew, I really appreciate your passionate opposition to malicious malware blacklisting and for taking the time to share your strongly-held views with InformationWeelk . While the author, Dave Piscitello, VP Security at ICANN, posits an opposing -- and apparently controversial --  point of view, I can assure you that he is no idiot and is very well-informed about the issues he raises in this column. 

I'll let Dave respond to the specific points in your post, but one thing in his column that stood out when I read it was his observation that the "rapid chain of events'" that lead to the Spamhaus blacklisting was "accepted without public outcry or condemnation." 

I can see by your comment, and another by 0id, that the public outcry has arrived at InformationWeek -- and we're delighted to have it. Let's have a thoughtful debate on the merits. Are there acceptable limits to malware blacklisting? If so, what are they? If not, why not. 

 
Page 1 / 2   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Data Breaches Affect the Enterprise
Data breaches continue to cause negative outcomes for companies worldwide. However, many organizations report that major impacts have declined significantly compared with a year ago, suggesting that many have gotten better at containing breach fallout. Download Dark Reading's Report "How Data Breaches Affect the Enterprise" to delve more into this timely topic.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-44093
PUBLISHED: 2021-11-28
A Remote Command Execution vulnerability on the background in zrlog 2.2.2, at the upload avatar function, could bypass the original limit, upload the JSP file to get a WebShell
CVE-2021-44094
PUBLISHED: 2021-11-28
ZrLog 2.2.2 has a remote command execution vulnerability at plugin download function, it could execute any JAR file
CVE-2021-4020
PUBLISHED: 2021-11-27
janus-gateway is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-23654
PUBLISHED: 2021-11-26
This affects all versions of package html-to-csv. When there is a formula embedded in a HTML page, it gets accepted without any validation and the same would be pushed while converting it into a CSV file. Through this a malicious actor can embed or generate a malicious link or execute commands via C...
CVE-2021-43785
PUBLISHED: 2021-11-26
@joeattardi/emoji-button is a Vanilla JavaScript emoji picker component. In affected versions there are two vectors for XSS attacks: a URL for a custom emoji, and an i18n string. In both of these cases, a value can be crafted such that it can insert a `script` tag into the page and execute malicious...