A follow up story in the Washington Post today entitled “Answers trickle out as spammer nettowrks remain comptromised” concludes: “On Saturday McColo briefly reconnected its Web servers to a major internet provider in Europe. Under pressure from the security community, the provider severed its relationship with McColo the next day. But that ,,, may have been enough time for spammers to reclaim control of 10,000 to 15,000 of an estimated 100,000 computers …
Who was it?
Why did it take so long?
What are the lessons from the apparent ease with which spam can be largely eradicated by reputable ISPs working together to enforce their conditions of service?
Should it change the nature of debate on duties and responsibilities with regard to malpracitce over the Internet?
Is Ross Anderson correct and the current situation is the result of faulty economic incentives?
Can it be corrected by leaving the Judiciary to apply the same law on-line as off-line: voiding opt-outs under the excuse that the Internet and/or E-ommerce are new and/or different and/or too complex” and letting the restoration of traditional duties and responsibilities take their course?
Tomorrow morning I hope to make some of these points to a Forbes CEOs breakfast.
I suspect they will like them.
But will the information security community?