An email to a user notifying them they're likely compromised costs
basically nothing. An email to their entire subscriber base also costs
nothing. If you find me an ISP that can't afford to notify users, I'll show
you one that shouldn't be in business anyways.
There's this presumption of guilt here, that Sony is right, and Simon's
subscribers are doing something malicious, yet they won't provide any
evidence of that. Even if they didn't know what it was, come back with
'We're seeing weird bursts of [traffic characteristics] aimed at PSN during
these times. We're not quite sure what it is, but it's causing [problem
X].' It would still be a question of maliciousness or not, but it would be
something to work with. Providing nothing just perpetuates this finger
pointing game, and nothing gets solved.
On Sun, Sep 18, 2016 at 9:58 AM, Florian Weimer <f...@deneb.enyo.de> wrote:
> * Tom Beecher:
> > Simon's getting screwed because he's not being given any information to
> > and solve the problem, and because his customers are likely blaming him
> > because he's their ISP.
> We don't know that for sure. Another potential issue is that the ISP
> just cannot afford to notify its compromised customers, even if they
> were able to detect them.