Tag Archives: reputation

How to leverage botnet takedowns

What is to be done when botnet takedowns don’t produce lasting benefits?

At the Telecommunications Policy and Research Conference in Arlington, VA in September, I gave a paper about Rustock Botnet and ASNs. Most of the paper is about effects of a specific takedown (March 2011) and a specific slowdown (December 2010) on specific botnets (Rustock, Lethic, Maazben, etc.) and specific ASNs (Korea Telecom’s AS 4766, India’s National Internet Backbone’s AS 9829, and many others).

The detailed drilldowns also motivate a higher level policy discussion.

Knock one down, two more pop up: Whack-a-mole is fun, but not a solution. Need many more takedowns, oor many more organizations playing. How do we get orgs to do that? …
There is extensive theoretical literature that indicates Continue reading

Upset in Canadian spam rankings: Canaca took first, Bell Canada down to fifth!

Canaca-com’s AS 33139 CANACA-210 rose from sixth place in August to first in September in SpamRankings.net for Canada from CBL data. Long-time winner Bell Canada’s AS 577 BACOM fell from first to fifth.

Two ASNs had big spurts of spam in September. iWeb’s AS 32613 got to second place in the last two weeks of the month. Like in August, IPWorld’s AS 19875 did one big spam spew, but this time it almost doubled its closest competitor, breaking 100,000 messages!

What is making Canada suddenly attractive to spammers?

-jsq

Massive effects of reputational rankings on law schools

Law schools game weak reputation rankings, which could be fixed, if the law schools, the bar association, or the ranking organization wanted to. If anyone doubts that reputational rankings can have massive effects on ranked organizations, read this.

David Segal wrote in the NYTimes 30 April 2011, Law Students Lose the Grant Game as Schools Win:

How hard could a 3.0 be? Really hard, it turned out. That might have been obvious if Golden Gate published a statistic that law schools are loath to share: the number of first-year students who lose their merit scholarships. That figure is not in the literature sent to prospective Golden Gate students or on its Web site.

Why would a school offer more scholarships than it planned to renew?

The short answer is this: to build the best class that money can buy, and with it, prestige. But these grant programs often succeed at the expense of students, who in many cases figure out the perils of the merit scholarship game far too late.

What makes law school rankings so easy to game? Continue reading

Krebs on SpamRankings.net

Brian Krebs wrote on his blog, Naming & Shaming Sources of Spam:
A new resource for spotlighting organizations that are unwittingly contributing to the global spam problem aims to shame junk email havens into taking more aggressive security measures.

SpamRankings.net is a project launched by the Center for Research in Electronic Commerce at the University of Texas at Austin. Its goal is to identify and call attention to organizations with networks that have been infiltrated by spammers.

Andrew Whinston, the center’s director, said the group initially is focusing on health care providers that appear to be infected with spam bots. “Nobody wants to do business with a bank or hospital or Internet hosting company that has been hijacked by spammers,” Whinston said. “It’s an environment in which user data can be stolen or compromised.”

The rest of his writeup quotes me quite a bit, and everyone knows I’m quite shy, so please go read his blog!

I will add that May data is live now on SpamRankings.net. Also, organizations that do better over time may want to brag, as has happened with a couple of U.S. organizations in May.

Here’s Krebs’ final paragraph:

I applaud this effort, and hope that it gains traction. I remain convinced that the Internet community would benefit from a more comprehensive and centralized approach to measuring badness on the Web. There are many existing efforts to measure reputation and to quantify badness online, but most of those projects seek to enumerate very specific threats (such spam or hacked Web sites) and measure the problem from a limited vantage point. What is lacking is an organization that attempts to collate data collected by these disparate efforts and to publish that information in near real-time.

-jsq

Transparency in Rome

Here’s my presentation, Transparency as Incentive for Internet Security: Organizational Layers for Reputation, from RIPE 61 in Rome. This presentation summarizes the two previous RIPE Labs papers about proposed new organizational layers and outbound spam ranking experiments.

RIPE-NCC is the oldest of the Regional Internet Registries (RIRs), and RIPE is the deliberately unorganized association of interested parties that meets twice a year and holds discussions online in between. It’s a mix of operations, research, and socializing. Topics range from obscure details of deploying IPv6 to organizational proposals such as what I was talking about. 430 people attended the meeting in Rome, which was quite a few more than the dozen or two of the first RIPE meeting I went to many years ago.

Interesting questions were asked. I may blog some of them.

-jsq