John S. Quarterman, long time Internet denizen, wrote one of the
seminal books about networking prior to the commercialization of the
Internet. He co-founded the first Internet consulting firm in Texas
(TIC) in 1986, and co-founded one of the first ISPs in Austin
(Zilker Internet Park, since sold to Jump Point). He was a founder
of TISPA, the Texas ISP Association.
Quarterman was born and raised
in Lowndes County, where he married his wife Gretchen. They live on
the same land where he grew up, and
participate in local community
WWALS is an advocacy organization working for watershed conservation
of the Willacoochee, Withlacoochee, Alapaha, and Little River
Systems watershed in south Georgia and north Florida through
awareness, environmental monitoring, and citizen advocacy.
Microsoft, world leader in Internet security, will doubtless clean up its spamming act when it sees its AS 8075 is #1 for outbound spam in the U.S. for April 2012 in rankings from PSBL data, pushing the U.S. to #1 worldwide.
Other rankings don’t show Microsoft high, but does MSFT really want to show up in any of these rankings?
Percent of top 10
These rankings that show Microsoft high are derived by SpamRankings.net from PSBL blocklist data. The April 2012 SpamRankings.net from CBL blocklist data do not show Microsoft in the top 10. Apparently PSBL’s spam traps happened to be in the line of spam from Microsoft, while CBL’s were not.
And of course Microsoft probably doesn’t mean to be sending any of that spam. More likely botnets exploited a MSFT security vulnerability. Here’s hoping they clean it up soon!
made the Davos Top 5 Global Risks in Terms of Likelihood.
Davos, the annual conclave of the hyper-rich and famously elected,
has also discovered Severe income disparity
and Water supply crisis, so maybe they’re becoming
However, in Figure 17 on page 25 they’ve got Cyber attacks
as an origin risk, along with Massive incident of data fraud or theft
and Massive digital misinformation. I think they’re missing the point,
which is the real origin risk is poor infosec, and the origin of that
is vendors like MSFT knowingly shipping systems with design flaws
and people and organizations running them while hiding such problems.
In many developing countries, the absence of surface-based air pollution
sensors makes it difficult, and in some cases impossible, to get even a
rough estimate of the abundance of a subcategory of airborne particles
that epidemiologists suspect contributes to millions of premature deaths
each year. The problematic particles, called fine particulate matter
(PM2.5), are 2.5 micrometers or less in diameter, about a tenth the
fraction of human hair. These small particles can get past the body’s
normal defenses and penetrate deep into the lungs.
Even satellite measurements are difficult (clouds, snow, sand, elevation, etc.).
But not impossible:
Here’s why to look at more than one spam data source:
according to the PSBL volume data for November 2011,
Cleveland Clinic’s AS 22093 CCF-NETWORK spewed more than a hundred
spam messages a day on multiple days, while
CBL volume data showed Cleveland Clinic with only 42 spam messages for the entire month.
Apparently PSBL’s spamtraps happened to be in the path of this CCF spam.
Now a couple of hundred spam messages a day isn’t much by world
organization standards, but compared to what we’d all like to see from
medical organizations (zero), it’s a lot.
Also compared to the other medical institutions in the same rankings
from the same data,
the pie chart
looks like Pac Man and
the bar graph
looks like a hockey stick.
Maybe Cleveland Clinic didn’t get
the memo after all.
An area where China does not lead the world:
Country rankings by SpamRankings.net.
China is only #13, but Brazil, Russia, and India (the other three BRICs)
are in the top five countries by total spam messages for October 2011.
U.S. is #10.
Vietnam came from behind a few months ago to place second for October.
Brazil had slumped as low as #6 in July, but has pulled back up into the leading pack.
What is to be done when botnet takedowns don’t produce lasting benefits?
At the Telecommunications Policy and Research Conference in Arlington, VA
in September, I gave a paper about
Rustock Botnet and ASNs.
Most of the paper is about effects of a specific takedown (March 2011)
and a specific slowdown (December 2010) on specific botnets
(Rustock, Lethic, Maazben, etc.) and specific ASNs (Korea Telecom’s AS 4766,
India’s National Internet Backbone’s AS 9829, and many others).
The detailed drilldowns also motivate a higher level policy discussion.
Knock one down, two more pop up: Whack-a-mole is fun, but not a
solution. Need many more takedowns, oor many more organizations
playing. How do we get orgs to do that? …
“Poor security measures are generally responsible for employee
workstations getting compromised, either by spam or malicious Web
content. Once the machine is compromised, the botnet herders can add it
to its spam-spewing botnet to send out malware to even more people. The
original employee or the organization rarely has any idea the machine
has been hijacked for this purpose.”
That’s a pretty good explanation for why outbound spam is a proxy
for poor infosec.
Many of you are concerned as am I about our friend who
has been hauled into court in London and unfairly
maligned for the “crime” of distributing some government
communications that he got from an anonymous source.
I know our friend also has been a bit playful out of wedlock,
and even had a son that way, but I don’t see what that
has to do with the matter at hand.
Into what companies will the fabricator of this iniquity hereafter go with
an unembarrassed face, or with any semblance of the honest intrepidity
Men will watch him with a jealous eye &em; they will hide their papers from him,
and lock up their escritoires.
Having hitherto aspired after fame by his writings,
he will henceforth esteem it a libel to be called
a man of letters…
RIPE-NCC is the oldest of the Regional Internet Registries (RIRs),
and RIPE is the deliberately unorganized association of interested parties
that meets twice a year and holds discussions online in between.
It’s a mix of operations, research,
Topics range from obscure details of deploying IPv6 to organizational
proposals such as what I was talking about.
430 people attended the meeting in Rome, which was quite a few more
than the dozen or two of the first RIPE meeting I went to many years ago.
Interesting questions were asked.
I may blog some of them.