Is it an ISP's responsibility to combat botnets, asks SC Magazine Executive Editor Dan Kaplan.
The U.S. Commerce and Homeland Security departments are seeking public feedback on a recommended program by which internet service providers would "voluntarily and timely detect and notify end-users that their machines have been infected," a move designed help eradicate botnets. According to a notice posted this week in the Federal Register, the agencies are weighing how such an approach would be implemented, for example, incentives may be offered to service providers that participate, and who would be responsible for running the program - industry, the public sector or a partnership between both. Public comments, which must be received by Nov. 4, are expected to examine a number of areas, including the privacy implications of such an approach.
While McAfee's recently released "Shady RAT" report concentrated on the victims of a mass cyberespionage ring, another researcher has decided to focus his attention on the adversaries behind such attacks. In a video recorded last week at the Black Hat conference in Las Vegas, Joe Stewart of Dell SecureWorks explains how he was able to trace 60 families of custom malware thanks to error messages yielded by a "connection bouncer" tool used by the hackers to hide their tracks, but which inadvertently pointed back to about a dozen command-and-control centers hosted by ISPs in China. Two of the malware families are known to have been used in the RSA SecurID breach. "It gives you a better line on attribution," Stewart told SCMagazineUS.com.
Privacy advocates appear to be on the losing end of an initiative from the Department of Justice mandating the retention of user data by internet service providers (ISPs).
Chinese and American technology experts have joined forces to draft a report that, among other measures, will recommend internet service providers do more.
Advocacy groups and independent media face a variety of damaging cyberattacks, and there is little they can do to stop them, a new study from Harvard University concludes.
Sign up to our newsletters
SC Magazine Articles
- Oracle PeopleSoft attack could enable big data breaches
- Zero-day in Fiat Chrysler feature allows remote control of vehicles
- Cyber attack on U.S. power grid could rack up $1 trillion in losses, study says
- All smartwatches are vulnerable to attack, finds study
- 'GSMem' malware designed to infiltrate air-gapped computers, steal data
- Report delves into RAT videos on YouTube
- Tor Project, Library Freedom Project to establish Tor exit nodes in libraries
- PagerDuty requires password change for all customers following breach
- Cisco: Attackers innovating, evading defenses in first half of 2015
- Does Windows 10 Wi-Fi Sense spell end of private wireless networks?