Language Selection

English French German Italian Portuguese Spanish

Mock trial shows ISPs aren't to blame

Filed under
Security

Your Internet service provider isn't to blame if your company is hit with a distributed denial-of-service attack. That was the verdict of IT security professionals in a mock trial staged by Gartner at its IT Security Summit last month, in which ISPs were charged with not doing enough to keep subscribers' computers from being compromised and used as tools in attacks on corporate networks.

The plaintiffs, two fictional companies, argued that ISPs could do more to prevent so-called zombie machines from being used in attacks if they scan subscribers' computers, monitor traffic and shut down suspicious network uses. Real-life cybersecurity lawyer Ben Wright compared the ISPs' lack of enforcement to the owner of a dangerous piece of property (such as a shooting range) who doesn't buy a fence to keep others out.

But Stewart Baker, a partner with Steptoe & Johnson, who defended the fictional ISPs, argued that it would be a violation of privacy for ISPs to check subscribers' computers. Baker suggested that it's a computer owner's responsibility to protect against malicious viruses and worms.

The audience of hundreds of IT security professionals served as the jury, using electronic voting boxes to record their opinions. Only 30 percent backed the fictional plaintiffs. Fifty-four percent supported the ISP position, and 16 percent chose neither.

In a distributed denial-of-service attack, hackers often take over thousands of computers by sending out a worm that collects them, through an Internet relay chat server, into a network called a botnet. The bad guys then use these machines to mass attack and crash a Web server.

Source.

More in Tux Machines

In the Market for a Holiday Chromebook? Here's What to Know

Consumer Reports is out with a new evalutation of the best low-cost laptops and gives the nod to some Chromebooks. Meanwhile, some applications you may have thought you'd never use on Chrome OS are going to be available. Here are details. Read more

My life in open source, and the mentors who led the way

I have been working on the Apache http server for almost 20 years now. I've written 9 books about httpd, and spoken at more than fifty conferences. I'm a member of the Apache Software Foundation, where I serve as a board member and as Executive Vice President. I am responsible for putting on ApacheCon, both in North America and Europe, which is the official conference of the ASF. Read more

Open Source Electronic Health Record Alliance Joins Open Source Initiative

The Open Source Electronic Heath Records Alliance, or OSEHRA, a non-profit community dedicated to supporting open source users, developers, service providers, and researchers engaged in advancing health information technology, has joined the Open Source Initiative's (OSI) Affiliate Membership program. OSI Affiliates are organizations committed to public support for open source software and the role the OSI plays therein. The current Affiliate membership is a who's-who of the world of open source software. Read more

How strong is peer review in open source?

An example of a standard open source peer review process begins with a software author submitting their code and documentation to their project's mailing list. It is then examined by other contributors and project managers; potential problems and improvements are discussed amongst the community and author before the changes are either accepted or rejected. GitHub uses the version control software Git to offer a streamlined system in which project managers can oversee their source code while still allowing for code review. Due to its ease of use, GitHub has become a popular host for version control and code review, with over 2,000,000 repositories uploaded to the site as of 2011. Read more