[nsp-sec] Follow the Money - the 101 of digging into org crime ....
Chris Morrow
morrowc at ops-netman.net
Wed May 14 00:50:48 EDT 2008
On Tue, 13 May 2008, Barry Raveendran Greene wrote:
> ----------- nsp-security Confidential --------
>
>
> http://rbnexploit.blogspot.com/
>
>
> In a 'conversation' after the last BTF, I asked people are following the
> money. I'm mean real money. Who owns the companies? Who owns the owners of
> those companies?
>
> I feel like a street cop who can only whack the street pushers when the
> kingpins are out partying. :-(
(I do like the effort, but... )
almost all of the info is very old (estdomains has been doing it's thing
for 4+ years now?)
they throw around big numbers as convincing proof of a problem: "The
planet has the most compromised websites: 6000" ... the planet has the
most websites... so of course they will have more #'s then anyone else of
anything, more porn, more gambling, more catholic churches... I think
what's more relevant is the percentage of badness. The Planet has shown
over the years that they care about this problem, they have taken steps to
do the right thing in all cases brought up via nsp-sec (which is my
only real yardstick...)
'domains by proxy'/'privacy protect' are a 'problem'... not if you have a
valid court order are they? (boogeyman being called out for no reason I
can see aside from FUD)
'logicboxes' which it seems turns out a turnkey opensrs system? they get
tarred because someone bad uses their product?? like remington getting
a blackeye because a child shot someone with a parent's unlocked gun.
(bad analogy, but the point is this is aiming the hate canon at the wrong
place).
Of all the things in the article, the only thing I CAN support is the
"Why they hell hasn't ICANN pulled ESTDomains ability to be a registrar?"
(though I'm not sure what taht would do, since you could sign up for
'affiliate access' at just about every other small-time domain registrar
and get programmatic access to the domain system that way...
This sort of article/writing is more damaging I think than helpful :(
because it's distractingly inaccurate and overbroad :(
-Chris
More information about the nsp-security
mailing list