Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

3/22/2012
02:57 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

U.S. Anti-Bot Code of Conduct For ISPs Unveiled

OTA has been working with the FCC and leading ISPs to develop this ABCs for ISPs

Washington, DC – March 22, 2012 – More than one in ten U.S. computers are infected by difficult-to-detect "bots" or "zombies," which "botmasters" can use for anything from sending spam, to eavesdropping on network traffic, to stealing user passwords.

The Online Trust Alliance (OTA) joined a unanimous vote at the Federal Communications Commission’s (FCC) Communications Security, Reliability and Interoperability Council (CSRIC) meeting today, approving the voluntary U.S. Anti-Bot Code of Conduct for Internet Service Providers (ISPs), also known as the ABCs for ISPs. As a member of the CSRIC appointed by FCC Chairman Julius Genachowski, the OTA has been working with the FCC and leading ISPs to develop this voluntary Code. Under the Chairman’s leadership, this example of private and public sector collaboration is an important step forward to help protect our nation’s critical infrastr ucture and consumer data.

"Today is an example of the importance of self-regulatory efforts to help improve the safety and performance of the internet," said Craig Spiezle, executive director and president, Online Trust Alliance. "Sustainable solutions to contain bots must include all stakeholders in efforts to detect, prevent, and remediate these threats."

Chairman Genachowski said, "The recommendations approved today identify smart, practical, voluntary solutions that will materially improve the cyber security of commercial networks and bolster the broader endeavors of our federal partners."

The development of the ABCs for ISPs was a multi-stakeholder effort over the past 12 months, with the participation of ISPs, trade associations and companies, including OTA members PayPal, Microsoft, Symantec, and Internet Identity, and leading ISPs, including Comcast and CenturyLink. Focusing on residential users, the Code includes five areas of focus for ISPs: education, detection, notification, remediation, and collaboration.

Based on OTA analysis and initial ISP self-reporting, approximately 29 percent (or 23 million) of the 81 million U.S. households who have broadband service are realizing added protection from ISPs who have adopted the Anti-Bot Code of Conduct. The CSRIC report cites research that ISPs also benefited – from reduced upstream traffic, spam, and helpdesk calls – when they took a proactive approach to bot remediation.

Future OTA reports will track adoption, highlighting those ISPs who have asserted their implementation of the Code. As independent organizations committed to enhancing online trust and confidence, ISPs are encouraged to report to OTA. Future reports will include the adoption of similar efforts by other stakeholders and industry segments. Additional information and the link to the Code are posted at https://otalliance.org/botnets.html.

"The ABCs for ISPs is a significant step forward and we applaud those ISPs who have already stepped up to the plate," said Neal O’Farrell, executive director, Identity Theft Council. "We have a shared responsibility to help protect consumers from abuse and identity theft. Consumers should encourage their ISPs and telecommunications carriers to adopt these and other best practices."

Voluntary Code of Conduct Participation Requirements To participate in this Code, an ISP is required to engage in at least one activity (i.e., take meaningful action) in each of the following general areas:

Education - an activity intended to help increase end-user education and awareness of botnet issues and how to help prevent bot infections; Detection - an activity intended to identify botnet activity in the ISP’s network, obtain information on botnet activity in the ISP’s network, or enable end-users to self-determine potential bot infections on their end-user devices; Notification - an activity intended to notify customers of suspected bot infections or enable customers to determine if they may be i nfected by a bot; Remediation - an activity intended to provide information to end-users about how they can remediate bot infections, or to assist end-users in remediating bot infections; Collaboration - an activity to share with other ISPs feedback and experience learned from the participating ISP’s Code activities.

About The Online Trust Alliance (OTA) https://otalliance.org OTA’s mission is to develop and advocate best practices, public policy and self-regulation to mitigate emerging privacy, identity and security threats to online services, brands, government, organizations and consumers. By enhancing online trust and confidence, we can realize the potential of the internet; promote innovation; and further the vitality of commerce.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Edge-DRsplash-10-edge-articles
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
News
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27132
PUBLISHED: 2021-02-27
SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in the download function via the Content-Disposition header.
CVE-2021-25284
PUBLISHED: 2021-02-27
An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.
CVE-2021-3144
PUBLISHED: 2021-02-27
In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)
CVE-2021-3148
PUBLISHED: 2021-02-27
An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py.
CVE-2021-3151
PUBLISHED: 2021-02-27
i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) issues that could allow remote authenticated attackers to inject arbitrary web script or HTML via C__MONITORING__CONFIG__TITLE, SM2__C__MONITORING__CONFIG__TITLE, C__MONITORING__CONFIG__PATH, SM2__C__MONITORING__CONFIG__PATH, C__M...