Microsoft's Most Wanted
 Joe Wilcox
More than two months ago, I called on Microsoft to take out the botnets and their perpetrators. The call may have been answered. |
Microsoft has invited security experts to its Redmond, Wash., campus for super-secret meetings on Thursday and Friday. The two-day event is so hush hush that eWEEK.com has a story about the meeting of security minds.
A real escapade would be some Black Hat live chatting the event over IRC (Internet Relay Chat), because he or she had hacked one of the participant's computers.
Seriously, all ribbing aside, this week's meeting is potentially a watershed event for Microsoft. The proliferation of botnets and increasing number of zero-day vulnerabilities put Microsoft, its customers and the whole Internet at risk. Microsoft is one of several companies capable of putting on the Marshall's badge and standing up to the marauders terrorizing the Netizens. Microsoft is right to rally the security good guys into a posse of botnet hunters.
Some security companies offer bounties on security flaws or malware. Sorry, but that is a way wrong approach. The corporate folks should offer bounties--and real money--on the Black Hats responsible for the botnets. If the botnet hunters turn up a criminal organization, the more should be the reward.
Microsoft could make a Most Wanted list available to people willing to turn their security or hacking skills to another kind of profiteering: Catching the bad guys. The approach would be fitting, as bounties are part of the incentive driving botnet profits. Pay-for-click and pay-for-download help to financially feed Black Hats and criminal organizations; it's the dark, seedy side of Internet marketing. Pennies-a-click amounts to a whole lot of money when multiplied by tens or thousands--or millions.
The Wild Wild West wasn't tamed in a day or decade; neither will be the Wild Wild Web. If anything, the risk to Netizens is much greater today than it was yesterday or even last year. The number of zero-day exploits or shocking increase in ActiveX vulnerabilities are examples enough.
I encourage Microsoft to be that new Marshall in town, rallying its deputies and putting the botnet hunters onto the chase of Black Hats.
If there were real justice, instead of Microsoft bringing together security experts, it would invite the worst Black Hats to meet behind closed doors and lock them in.
Create, Communicate, Collaborate with IT Professionals at Ziff Davis Enterprise IT Link.
Comments (1)
Too bad its up to Microsoft and other vendors to enforce breaking and entering, fraud, theft, etc. laws because no government has decided that its worth their time to enforce laws in cyberspace. Just because its done with 1's and 0's doesn't make the impact any different than fraud performed over the phone, in person, in mail, etc. Unfortunately, goverments don't want to touch this except for high publicity stuff like kiddie porn.
Do we really want corps in charge of enforcement? That will be just one more way corporations emerge into a realm of extra-nationalism where no government has authority over a corp(just give it a decade or two more...)
Posted by Jim L | January 23, 2007 9:28 AM