<<<
Chronological Index
>>> <<<
Thread Index
>>>
RE: [gnso-ff-pdp-may08] Fast Flux Definition - V4.1
- To: <joe@xxxxxxxxxxxxxxxxxx>, <mike@xxxxxxxxxx>
- Subject: RE: [gnso-ff-pdp-may08] Fast Flux Definition - V4.1
- From: "Greg Aaron" <gaaron@xxxxxxxxxxxx>
- Date: Tue, 29 Jul 2008 14:34:24 -0400
Perhaps key concepts are:
1. Discerning intent very accurately requires manual examination of the
sites involved. One could theoretically build a solution that detects flux,
and then scores the sites for intent. Would you want that system to
automatically blacklist domains? See #2...
2. Taking down domains is a serious business. When taking down domains, an
intervenor assumes risks, aspires to 100% accuracy, and does not want to
harm innocent parties. That's why anti-phishing personnel visit potential
phish and check off certain criteria before they call it a phish and
initiate a take-down.
All best,
--Greg
-----Original Message-----
From: owner-gnso-ff-pdp-may08@xxxxxxxxx
[mailto:owner-gnso-ff-pdp-may08@xxxxxxxxx] On Behalf Of Joe St Sauver
Sent: Tuesday, July 29, 2008 10:48 AM
To: mike@xxxxxxxxxx
Cc: gnso-ff-pdp-May08@xxxxxxxxx
Subject: Re: [gnso-ff-pdp-may08] Fast Flux Definition - V4.1
Mike mentioned:
#I recalling that we had a hard time discerning intent (criminal,
#etc.) in our earlier discussions.
Trust me, it doesn't require Karnac the Magnificent's skills when
merely visiting the domain shows you:
-- phishing sites
-- scheduled controlled substances sold without any requirement for
a bona fide prescription
-- current versions of proprietary software products from Adobe,
Microsoft and other vendors distributed as "downloadable software"
for pennies on the dollar
-- etc., etc., etc.
And then there are the sites that try to hand you malware when you
visit :-;
We're not talking subtle shades of grey here...
Regards,
Joe
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|