On Sat, Oct 10, 2009 at 09:29:13AM -0700, Alex Lanstein wrote: > I like that Comcast is at least trying /something/ to protect their users.
This is a very feeble attempt. Consider: they are going to send these pop-ups to systems that they have reason to believe -- based on externally-visible evidence -- are compromised. So, either those systems are compromised or they're not. If they're not, then they're annoying people who have nothing to fix, and the result of this will be training those people to ignore the pop-ups. If they are, then what POSSIBLE reason is there to believe that the users will actually see these pop-ups? It is, after all, not in the best interests of the new owners of those compromised systems to permit the former owners to be alerted to what's going on. Keep in mind that these new owners are the people who crafted Sobig et.al. and turned running botnets into a scalable, profitable, effective business model. Surely nobody with any clue at all thinks that these people will just stand by while Comcast inconveniences them? I think it's far more likely that they will take note of what Comcast's doing, how they're doing it, and shortly thereafter deploy code to render it moot. Which means that all of this is merely grandstanding by Comcast, and will have no meaningful effect -- other than, as I pointed out above, training people to ignore the pop-ups. ---Rsk _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
