[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On 06/11/12 21:02, Simon Waters wrote: > On 06/11/12 12:49, Simon Robert -Cottage wrote: >> Your concerns about internet security are valid and true, but my data is >> worthless (I don't mind google serving me adverts) > I don't think our bad apple gives two hoots for your data, he is > concerned that your PC is worth maybe 45c on the botnet market. > > 45c may not seem a lot, but if the marginal cost of acquisition is low > enough, and it sounds like yours will be low hanging fruit, then it is > nearly all profit. > >> but it is also true >> that most attacks are via compromised websites. > I suspect that by count that most attacks are from compromised end user > computers. Certainly they have a much higher known infection rate, and > they are far more numerous. Thus it would be surprising if this was not > the case. > > How many are successful attacks is another matter, but bad apple (and I) > is concerned your machine will swell the bot armies that we deal with > day to day. Even the resources used in dealing with failed abuse, and > failed spam attempts add to the expense and carbon footprint of running > a computer. > Thank you! Martijn and yourself really get it (although you're both obviously, like me, a lot more involved in computer security than most). I'm not trying to lecture anyone, patronize anyone or infect them with my paranoia - I'm genuinely a little bit concerned about just how little clue even informed users seem to have sometimes (on this list, for example). The bottom line is that on the entire global internet, there are countless young, misguided and potentially quite skilled attackers. Your PC may have absolutely *ZERO* value to anyone, even as a compromised 'springboard' host, but that won't stop them portscanning, rooting and then trashing your PC and all it's contents, just because they can. It's something to boast to their loser friends about and helps inflate their sense of self-worth as an elite 'hacker'. If there are any personal details they can swipe whilst they're at it and use for ID theft, trolling, griefing or just to plain piss you off, for no other reason other than *because they can*, they will do it. There is frequently no apparent rhyme or reason to a lot of the endless, constant malicious attacks on the internet - it's almost like the local bored teenagers egging your house and snapping the wing mirrors off your car. It's just because they *can*. Vandalism, pure and simple: rationalising it away with banalities like "I'm not a target" and "my PC doesn't have any valuable data on it" is exactly equivalent to sticking your fingers in your ears and singing la la la. People, stop arguing with us for god's sake. We're professional security guys, we're not offering opinions, we're trying to tell you the *facts* of how the real world actually is. I'd like to say you're still free to ignore us if you really like, but you're not: because as has already been mentioned, when (not 'if') you screw up it's going to be us that have to clear up your mess... Like it or not, the internet is a community, albeit a very weird, fractured one. Like any societal body, there are certain rules that must be followed for the benefit of everyone within that group so please (to borrow a phrase from my friend in the military) man the f*ck up, stop bloody arguing and at least follow rule number 0 or just get the hell off the internet and stop compromising everyone else. ===================== bad apple's rule of the internet #0 ===================== Thou shalt* set a login password (strong, no-reuse, no-sharing) Regards *fear not, it doesn't actually have to be in Sanskrit, Hebrew or even ye olde English -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq