Microsoft Readying Massive Real Time Threat Intelligence Feed 89
chicksdaddy wrote in with a link to a story about a Microsoft project that will share security information in real time with customers and law enforcement. The article reads "Microsoft has proven that it can take down huge, global botnets like Kelihos, Rustock and Waldec. Now the company is ready to start making the data it acquires in those busts available to governments, law enforcement and customers as a real time threat intelligence feed. Representatives from the Redmond, Washington software maker told an audience at the International Conference on Cyber Security (ICCS) here that it was testing a new service to distribute threat data from captured botnets and other sources to partners, including foreign governments, Computer Emergency Response Teams (CERTs) and private corporations."
Re: (Score:2)
They certainly didn't handle their anti-trust case in such a way.
Re:This was suggested on Slashdot (Score:5, Informative)
wow, you sure posted a positive comment about microsoft as a first post again, huh! We know about you and will call you out every time you shit up a thread. [slashdot.org]
Not to sideline the reality of this being very questionable, or how this has nothing to do with botnet owners right? Please stop the shillposts and work for someone other than MS. even having you on enemy isn't enough.
Re: (Score:1)
You really cannot see sarcastic comment thrown at you, can you? And how it relates to botnets, well gee, maybe read the summary
Microsoft has proven that it can take down huge, global botnets like Kelihos, Rustock and Waldec.
Re: (Score:3)
do you understand the difference between botnets and *botnet owners?* I didn't say botnets.
The one I mention actually matters, the other (having botnet data by itself) doesn't mean much unless you have a script kiddie maintaining the botnet who doesn't know what they're doing.
Re: (Score:1)
For a long time Slashdotters have suggested cutting off internet for anyone who has botnet or malware on their computer. Why are you resisting?
Re: (Score:2)
With multiple devices in ones home connected to the net, be it several home computers, ipods/pads, dvd or blue ray players, game consoles. I think you should define cutting off internet. Are we talking your ISP blocking your connection, or are you talking about the one device infected being killed remotely by some entity other than the owner of the machine.
I'd much rather not see a kill flip for some poor schlup that has botnetware running on their system, I think a better appr
Re: (Score:2)
I think a better approach would be mandatory computer security classes.
They'd work as well as mandatory driver's education classes. People woul
Re: (Score:2)
I agree with you entirely.
I'll be honest. I don't give a fucking shit about the poor bastard at home with 20 infected computers spitting out malware.
That's life, and life can be hard, not fair, and not forgiving either. There are costs associated with life, and every so often you need to pay out your ass to fix your truck, go to the doctor, or any other disaster you did not prepare for, or could not prepare for.
I already use Spamhaus for their lists, and if MS offers their list service for a decent price,
Re: (Score:2)
The ISP provides you with an internet connection (thus the SP part). If the ISP doesn't take action, what do you think happens? The *other* costumers might be prevented from using some services (as in unable to send email to @somedomain because my ISP's mail servers are blackholed or throttled).
If you're not able to reach the costumer, you flip the switch to prevent the problem from spreading.
Re: (Score:2)
Why are you resisting?
After all, Resistance Is Futile (tm).
Re: (Score:2)
MS leaves thousands of gates and windows open and then struts around like Barney Fife when it catches a few kids sneaking through. Are you as clueless as you seem or are you just messin' with us?
Bad idea (Score:3, Interesting)
sounds like a violation of the users' privacy
just because my computer is part of a botnet doesn't mean I have agreed to have my IP and other info sent to government agencies, especially foreign governments
Re:Bad idea (Score:5, Informative)
Re:Bad idea (Score:5, Funny)
Re: (Score:1)
Re: (Score:3)
If someone steals your car for a bank robbery, is [americas most wanted/other tv or news show] allowed to say the police are looking for a car with a licence plate xyz1234. I would hope so.
you don't own your ip address, like you don't own your license plate number
Re: (Score:2)
You can not continue to probing my house from knowing my plate number, but you can probe my home network with my IP.
Re: (Score:3)
Botnet (Score:2)
I do not think it means what you think it means.
Re:Bad idea (Score:5, Insightful)
If you've failed to secure your computer then you've waived your right to privacy
Uh, no.
According to your "logic," or in this case lack thereof, if you leave the doors to your home or car unlocked, you've 'waived your right to privacy,' i.e. government agents are free to ransack your belongings, place surveillance devices in and around your home/car, take what they like, et. al. Fortunately for all Americans (even the stupid ones), we have a number of Constitutional rights and amendments that protect us from that sort of mentality.
Not only is that an ignorant way to view the world, it's incredibly dangerous to those of us who actually value our privacy, but don't want to live in a constant state of paranoid escalation, in which the only way to have even a modicum of privacy is to continually waste money on bigger and better locks. That's the sort of shit thought process that results in people getting sued by peeping toms for walking around the privacy of their own homes nude.
Re: (Score:3, Interesting)
According to your "logic," or in this case lack thereof, if you leave the doors to your home or car unlocked, you've 'waived your right to privacy,' i.e. government agents are free to ransack your belongings, place surveillance devices in and around your home/car, take what they like, et. al.
Replace "house" with "car" and yes, that's pretty much exactly what happen at the moment. If you leave your car doors unlocked and someone steals it and uses it to commit crime, do you really have an expectation of a hard-cre "right to privacy" that would prevent the police from stopping searching that car - even using deadly force against it?
A non-networked computer is like a house, yes. A networked computer is much more like a car, because it "travels" and interacts with other computers and can break into
Re: (Score:2)
Replace "house" with "car" and yes, that's pretty much exactly what happen at the moment. If you leave your car doors unlocked and someone steals it and uses it to commit crime, do you really have an expectation of a hard-cre "right to privacy" that would prevent the police from stopping searching that car - even using deadly force against it?
Except that doesn't really work as an analogy, as in the case of botnets, no one is physically stealing your computer and using it for crime; they're stealing a portion of your resources. A more accurate analogy (yet still a very poor one) would be if you left your car doors unlocked, and someone used that as an opportunity to steal your tires, then committed a crime using said tires. Does that mean that law enforcement has a right to search your car, because the tires that came off it were used by someone else, who does not own them or the vehicle, in a crime?
Of course, upon reading what I just wrote, even I'm having trouble making heads or tails of it... precisely why I fucking hate car analogies in regards to cybercrime. Until the day comes that we have cars with their own remote repair drones ala The Phantom Menace Pod Racers, They just wont mesh up.
A non-networked computer is like a house, yes. A networked computer is much more like a car, because it "travels" and interacts with other computers and can break into and destroy them. You really need to know what you're doing when you own one.
No; a networked computer would be like a car, if cars had the capability to transport stuff without ever actually moving.
Re: (Score:2)
A more accurate analogy (yet still a very poor one) would be if you left your car doors unlocked, and someone used that as an opportunity to steal your tires, then committed a crime using said tires. Does that mean that law enforcement has a right to search your car, because the tires that came off it were used by someone else, who does not own them or the vehicle, in a crime?
You are in possession of the computer and actively using it while the crime is committed. I'd be much more like someone breaking in to your car at home, planting drugs, and then later that day, breaking in to your car again and taking them out, making you an unwitting drug mule. Now, if you were caught driving around with the drugs planted on the outside of your car (under the trunk), what do you think the cops would do? I think they'd search the inside of the car. But your assertion is that since you di
Re: (Score:2)
To many people a computer is a black box that works most of the time and really pisses them off sometimes. They would have no clue, other than that the computer was slow or something was popping up...
I would claim that there was negligence in using an unprotected computer. Much like it's illegal to leave an unattended car running in many places (some claim because of environmental reasons, and others
Re: (Score:2)
Further in your example, one has to establish "possession", i.e. "control over". If one has it kiestered, well obviously one is caught flagrante delicto. But if it sits in the trunk of the car, reasonable doubt is easier to establish.
Guns in glove boxes are "in possession of" the driver. A gun in a trunk is not "in possession" for gun laws. However, there is vast case law establishing that a person is "in possession of" drugs in the trunk.
Re: (Score:2)
Guild Member, I get things accomplished in my neck of the woods. Like getting judges corrupt judges removed. Ever hear of Tim Masters in Fort Collins? But it's not about me, it's about those last words of the Pledge: "... and justice for all".
To the reading audience, when somebody uses the words "Perhaps you have not only a fool for a client, but a fool for a lawyer as well.", you're probably talking to a member of the Guild that has made a business of justice in America. Whatever, y'all don't win often with me, LOL!
I have four points for you Guild Member, to correct the perpetrations of the "Guild" in my local community.
What is this guild of which you speak? Sounds like you are talking about the Bar Association. Tim Masters had a lawyer (probably many of them, David Lane probably the last he'll ever use in that matter), and it doesn't appear that there were any judges or police removed, but I didn't follow the case as it happened, and just did a little googling just now to read up on your rant.
Why don't you rant about how you would help people with their legal troubles, but you are banned from it by law by "the Guild".
Re: (Score:2)
Replace "house" with "car" and yes, that's pretty much exactly what happen at the moment. If you leave your car doors unlocked and someone steals it and uses it to commit crime, do you really have an expectation of a hard-cre "right to privacy" that would prevent the police from stopping searching that car - even using deadly force against it?
This is nonsense. What if you DID lock the car? What you took the wheels off too, locked it in a parking garage, and then chained it to a support pillar.
And then someo
Re: (Score:2)
I value privacy which is why I keep my machines free of malware, tracking cookies and things of that nature. Anybody that genuinely values their privacy has already gone to lengths to ensure that their machines aren't infected with malware.
This is very much like leaving your car unlocked with an envelop marked incredibly important industrial secret and being surprised when somebody steals it. Sure they shouldn't have done it, but it's hardly reasonable to assume that nobody's going to steal something that's
Re: (Score:2)
I value privacy which is why I keep my machines free of malware, tracking cookies and things of that nature. Anybody that genuinely values their privacy has already gone to lengths to ensure that their machines aren't infected with malware.
Security =/= privacy; I keep my money in a (small, locally-owned) bank, not because I don't want anyone to know how much I have, but because it's a hell of a lot safer there than buried in mason jars in the yard (which, while insecure, would be much more private). Besides, how do you know you're not infected? If the malware producer has done their job right, you won't know until the jack-booted Stasi thugs are kicking in your door and hauling you off to GTMO indefinitely for aiding and abetting known crimin
Re: (Score:2)
If the malware producer has done their job right, you won't know until the jack-booted Stasi thugs are kicking in your door and hauling you off to GTMO indefinitely for aiding and abetting known criminals.
Most botnets are run off "known" malware detected by every major detection engine. They don't do their job "right" they do it profitably. There's a difference.
Maybe it's because I'm likely one of a small handful of /.'ers who actually understand how cars work, but damn I hate nonsense car analogies!
This isn't a question of "car" but law. You drive from home to work. Someone knows people generally work in the downtown area, so they attach drugs to the underside of your car, then follow you to work, take them off there. They repeat this, now no longer following you, as they know where you work and where you park there. If you are pulled over
Re: (Score:2)
It's a fair analogy. You failed to secure your premises and you left something attractive to the would be criminal and ultimately you got burned. It's illegal in both cases and in both cases it would be your own damned fault for not securing your property.
Security isn't privacy, but it is in effect one of the things that you're going to find makes things a lot easier to maintain privacy with. If you don't close your drapes ever you'll find that your next door neighbors can see everything that you're doing.
Re: (Score:3)
According to your "logic," or in this case lack thereof, if you leave the doors to your home or car unlocked, you've 'waived your right to privacy,' i.e. government agents are free to ransack your belongings, place surveillance devices in and around your home/car, take what they like, et. al.
No, but when you've left your car unlocked and the keys in it and someone steals your car and uses it in a robbery, you should expect to have your information handed over to the authorities and hear your license number announced on the radio and images of your car shown on TV related to the crime.
If you are in a botnet, you negligently allowed your computer to commit crimes. You didn't waive all rights to privacy, but criminal actions by a possession of yours is sufficient to get you under different scru
Re: (Score:3)
who decides what belongs on the shame list? authority uses this game all the time to badger people it considers a threat to its power. if everyone got a chance at that list, we'd have no rights at all.
Re: (Score:2)
That's not really a complicated matter, just make it a three strikes and you're outed thing and the ISP would be the party that would know about it. The ISPs already have a fair idea as to who is and isn't infected on their network, letting them shame people that repeated refuse to secure their machines would benefit everybody.
Found a direct link (Score:5, Informative)
Re: (Score:2)
"Microsoft Readying Massive Real Time Threat Intelligence Feed"
Meh.
In reality MS just sends the .gov a map of Internet-connected Windows installs.
Thin end of the wedge, and all that.
data from captured botnets.... (Score:3)
And of course any files they happen to find along the way. "IP address x.x.x.x has a copy of the Communist Manifesto"
Re: (Score:1)
And of course any files they happen to find along the way. "IP address x.x.x.x has a copy of the Communist Manifesto"
Joe McCarthy has been dead for over 50 years. I think you're safe owning the Communist Manifesto. Searches in your browser history for al-Qaeda might be a different matter.
Re: (Score:3)
He may be long gone, but his legacy of paranoia has not.
Re: (Score:1)
He may be long gone, but his legacy of paranoia has not.
Nor his epic stupidity. You need look no further than the TSA to find that.
Sounds kinda like... (Score:2)
http://seclists.org/fulldisclosure/ [seclists.org]
What would you do? (Score:1)
IBM would turn it into a product.
Google would integrate this in Chrome and their DNS.
MS gives it away and wonders why their stockholders are not happy...
Re: (Score:2)
Microsoft have in fact been quite clever in taking down Waledac and other large botnets. The mechanism was not technical but legal: they filed a civil complaint against a number of John Does, which resulted in the judge granting a restraining order. This handed Microsoft co
Re: (Score:2)
Re: (Score:2)
They know exactly how. Why do you think Windows Phone 7 uses a curated app store, and why do you think they are pushing to do the same for Windows 8? Copying Apple is only part of the story. Ultimately, even a mainframe is vulnerable if the user is allowed to install anything they want.
Re: (Score:2)
good idea? (Score:5, Interesting)
wouldn't it be advantageous if they can tell what botnet behaviours are picked up by the detection tools in real time?
Re: (Score:2)
it will always be a game of cat and mouse....no reason not to keep innovating..
Skynet? (Score:2)
Skynet is growing
insert here... (Score:2)
What? (Score:3)
Re: (Score:2)
Cart before the horse (Score:2)
So let me get this straight (Score:5, Interesting)
2. Microsoft infiltrates bot net.
3. Microsoft hands the data to government in real time. They are not responsible on what the data contains.
4. Government has my data legally ?
Does this not sound like the police getting criminals to do their dirty work ?
What would be the intensive to bring down the bot ?
How do I know who set up the original bot ?
Should I trust Microsoft ?
Should I trust the government ?
Re: (Score:3)
You'd rather trust the bot net operator?
Yes, I understand (and agree with) your reservations and concerns about what the government would do with such data, but it's really not like the alternative is demonstratively better. Yes, the government *could* abuse this type of information, but a bot net operator can abuse his bots, too. What's to stop a bot from installing a key logger and browser history scraper? Or from scanning your personal files? Or from turning on your webcam?
Additionally, owners of sys
Lets make a list! (Score:1)
To state the obvious, this is the Information Age. Information is of increasing value, therefore, the control to it's access is of great interest
Good move there! (Score:2)
I applaud their wit and strategy, although it is THEIR software that is causing all this in the first place....I know they can not go backwards,
or change their OS methodology, so instead they do the next best thing, make all the info available to those law enforcements, to catch the ones that
would use these vulnerabilities to exploit the people using Windows..... great! so today the big evil corp we know as MS, has done a good deed indeed!
First step on the road to redemption....