Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

US Shows Interest In Zombie Quarantine Code

timothy posted more than 4 years ago | from the aussies-please-weigh-in dept.

Privacy 195

bennyboy64 writes "Barack Obama's cyber-security coordinator has shown interest in an e-security code of practice developed in Australia that aims to quarantine Internet users infected by malware, also known as zombie computers. He reportedly said it would be a useful role model for the US to adopt. One suggestion within the code is to put infected users into a 'walled garden,' which limits Internet access to prevent further security problems until quarantined. Another is to throttle the speed of an infected users' Internet connection until their computer fixed. The code is also being considered by other Asia-Pacific countries, ZDNet reports."

cancel ×

195 comments

Sorry! There are no comments related to the filter you selected.

Fail (-1, Redundant)

Anonymous Coward | more than 4 years ago | (#32700322)

Sounds like a failure of the greatest magnitude.

Yet another dream quashed. (5, Funny)

retech (1228598) | more than 4 years ago | (#32700324)

This is so NOT the story I was hoping it was going to be.

Like a baby Harp seal on the open ice, my dream has just been dashed.

Re:Yet another dream quashed. (0, Offtopic)

HairyNevus (992803) | more than 4 years ago | (#32700338)

Yeah, me, you, and a lot of other /.ers. Seriously, there's making a catchy title, and there's downright misleading. NOTHING in TFA about how to deal with zombie attacks.

Re:Yet another dream quashed. (-1, Flamebait)

Anonymous Coward | more than 4 years ago | (#32700368)

Obligatory XKCD [blogspot.com]

Re:Yet another dream quashed. (4, Funny)

DeadPixels (1391907) | more than 4 years ago | (#32700388)

Maybe it's the fact that it's 3AM here, or perhaps the fact that I've just finished a long study session for upcoming final exams, but my gullibility is much higher than usual. I actually thought this would be related to zombies. I am massively disappointed.

Re:Yet another dream quashed. (1)

sortius_nod (1080919) | more than 4 years ago | (#32700956)

I assure you it's not that... it's 7pm here and I was expecting the same dammit.

Re:Yet another dream quashed. (0)

Anonymous Coward | more than 4 years ago | (#32701298)

I actually thought this would be related to zombies. I am disappoint.

FTFY. Also, then who was zombie?

Re:Yet another dream quashed. (3, Funny)

hedgemage (934558) | more than 4 years ago | (#32700652)

At first, I thought, "FINALLY! They're addressing the problem!" Then I read the body of the post and my hopes were dashed.
WHEN WILL THEY FINALLY LISTEN!!!

Re:Yet another dream quashed. (0)

Anonymous Coward | more than 4 years ago | (#32700912)

Let's face it, some of you thought this was about the Umbrella corporation.

Re:Yet another dream quashed. (1)

neonKow (1239288) | more than 4 years ago | (#32701352)

Dreams don't leak red...

Have to agree though. Zombies are once-living humans or threads. Those things up there are called "bots," although US Shows Interest in a Bot Quarantine Zone is no less misleading or hope-dashing.

Simple solution (-1, Flamebait)

Anonymous Coward | more than 4 years ago | (#32700340)

Ban the use of Windows.

Re:Simple solution (1)

Cheezymadman (1083175) | more than 4 years ago | (#32700362)

Even simpler, ban everyone who bashes another OS.

Re:Simple solution (0)

Anonymous Coward | more than 4 years ago | (#32700516)

How does that solve the problem of windows being on the net...

Seems reasonable (4, Interesting)

Rijnzael (1294596) | more than 4 years ago | (#32700354)

In contrasting this with the president's ability to declare a cyber attack and disable internet access in the United States, I'd say this seems like a reasoned approach that would hopefully be considered an alternative to the former where applicable.

My only real concern is that of privacy. How exactly do they go about telling you're a zombie? Well written malware isn't exactly going to advertise infection, and even hosts which may be participating in a denial of service attack can't definitively be proven to be infected unless they're obvious (like sending a TCP packet with an invalid combination of flags, for instance). Scarier would be using the 'zombie' excuse to monitor net traffic on a connection for 'investigative' purposes. So it may just turn out pointless or it may be a ruse for a different kind of control. Anyone have any articles as to the effects of this or some cases where it was actually used in AU?

This is not their job. (4, Insightful)

elucido (870205) | more than 4 years ago | (#32700450)

In contrasting this with the president's ability to declare a cyber attack and disable internet access in the United States, I'd say this seems like a reasoned approach that would hopefully be considered an alternative to the former where applicable.

My only real concern is that of privacy. How exactly do they go about telling you're a zombie? Well written malware isn't exactly going to advertise infection, and even hosts which may be participating in a denial of service attack can't definitively be proven to be infected unless they're obvious (like sending a TCP packet with an invalid combination of flags, for instance). Scarier would be using the 'zombie' excuse to monitor net traffic on a connection for 'investigative' purposes. So it may just turn out pointless or it may be a ruse for a different kind of control. Anyone have any articles as to the effects of this or some cases where it was actually used in AU?

It's not reasonable for the government to do anything more than monitor the internet. To start telling people how to run their nodes, what websites they can and can't visit, how they can or can't surf the web and at what speeds, is authoritarianism on the web. The internet was not designed for authoritarianism, it was designed to be an anti-authoritarian technology, it was designed to be decentralized, it was designed in this way because authoritarian centralized systems usually have a single point of failure. These overly centralized systems are more likely to fall or collapse.

The internet as it is designed now is already more advanced than the design of most other systems. To centralize and control it down to the byte flowing through each wire, inspecting every package, analyzing every bit, and controlling which bits to quarantine and which bits not, is just a stealth mechanism which can be used either to destroy the internet or weaponize it. This along with the new behavioral advertising schemes allows for specific centralized entities to feed specific information to specific computers, and now they want to be able to quarantine specific computers to block them from receiving specific information from other computers.

How can this be good for the internet as a whole? How can this be good for the flow of information from a mathematics/physics point of view? How can it be ethical if the objective is to reduce ignorance and preserve freedom of speech? It can only be ethical if the objective is to control, weaponize, and win at any cost.

Re:This is not their job. (1)

reiisi (1211052) | more than 4 years ago | (#32700598)

This "icode" thing is voluntary, to be implemented by the providers.

I see one problem already ("... is novel or not previously seen by the ISP" should be listed under things to keep an eye on, not under things to report.)

But the concept here is much better than some of the alternatives which have been talked about, and the ISPs should do good things voluntarily, I think, rather than postpone it all until it becomes mandated by laws that will most likely go way overboard.

I'm not convinced. (3, Interesting)

elucido (870205) | more than 4 years ago | (#32700712)

This "voluntary" icode just happens to discussed under the backdrop of the government trying to build an internet kill switch. I'm supposed to believe it's going to remain "voluntary" when the US Government is involved?

When it's voluntary then all the government influenced ISP's or ISP's with big government contracts will be pressured behind the scenes to adopt it. I'm not convinced that it will be voluntary if its not in the ISP's economic best interest.

If corporations want to do this they already can. So to make it "voluntary" when it already is an option, it looks more like an agenda.

Re:This is not their job. (4, Insightful)

Hognoxious (631665) | more than 4 years ago | (#32700614)

The internet was not designed for authoritarianism, it was designed to be an anti-authoritarian technology,

It was designed for the military. You don't get much more authoritarian than that.

it was designed to be decentralized, it was designed in this way because authoritarian centralized systems usually have a single point of failure.

It was also designed on the assumption that those using it would know what they were doing.

Why do you keep using a political description as if it were a technical one?

Re:This is not their job. (3, Insightful)

elucido (870205) | more than 4 years ago | (#32700790)

It was designed for the military. You don't get much more authoritarian than that.

http://en.wikipedia.org/wiki/ARPANET [wikipedia.org] Arpanet was designed for the military. The Internet/World Wide Web was designed for civilians. The Arpanet even though it was designed for the military it was not designed to be an authoritarian tool or an information weapon. I also disagree with your opinion of the military being authoritarian. The military is only as authoritarian as the Constitution says it is. If the military fights to defend the Constitution, even if the ends justify the means the ends (the Constitution) are still just. We only have a problem when we have civilian leadership that subjectively interprets the Constitution so that free speech doesn't really mean completely free and that there are exceptions here and there. This muddles the waters and authoritarianism can rise up during the confusion but the Constitution itself is not an authoritarian document.

It was also designed on the assumption that those using it would know what they were doing.

The military's role is to protect and defend the Constitution with their lives if necessary. They all swear to protect that. So the soldiers actually use authoritarian means to protect the anti authoritarian interpretation of the Constitution. The problems arise when the Constitution is interpreted as authoritarian. Now gun control is acceptable, and now the Constitution can even be suspended. This is the source of the confusion, individuals no longer have a clear answer as to what they are fighting for or what the laws are, only the lawyers and judges know, only the President knows.

I'd like it to be a technical situation but it's as political as it is technical. When you have one group who says gun control is Constitutional and another group saying they can spy on everybody, and another group saying gay marriage should be banned as a Constitutional amendment, and another group saying free speech isn't free, you have a fundamental disconnect between factions.

You have the faction that believes the way to win the war is to control and micromanage every living thing on the planet. They believe that power is the most important principle because absolute power wins all wars. This point of view makes perfect sense when fighting for your existence such as during World War 3 or something like that. The enemy is going to exterminate you if you lose so you fight to win, I get it.

I also understand that if we have to give up all liberty to win the war then after the war is won it's very unlikely that we'd ever get liberty back. Quality of life will be diminished and most people aren't living to protect the Constitution or living to defeat an enemy, most people are living to achieve quality of life/the American dream/pursuit of happiness. So this basically is a situation where the American populace has to sacrifice happiness for security. After a certain point it becomes a prison without walls, what is the point?

So you have the consequentalist warrior argument from the far right military industrial complex. They want to win the war even if they have to sacrifice themselves to do it. Then you have the majority of civilians (especially the young) who haven't lived life yet and don't like the idea of sacrificing happiness and the American dream to achieve victory in a war they have nothing to do with.

To the youth having liberty/happiness is more important than anything else. The reason is the youth will have to live in this miserable society for the next 40-50 years with no rights and no liberty, living in a prison without walls to fight wars to maintain US superpower status.

I understand both sides. It requires sacrifice to maintain US national security and US superpower status. What I don't like is the misinformation about the US fighting to spread freedom and democracy, or pretending to care about human rights. The youth don't know any better because they have hope and faith. The civilian population in general believes in these principles. The problem is the war isn't about principles, it's about power.

My concern is that we could win the war and remain the superpower but never again have liberty. This would mean the Constitution, the laws, all the human rights abuses (torture) will become normal and irreversible and we could be stuck with that for hundreds of years into the future.

The answer is not that difficult. (2, Insightful)

Demena (966987) | more than 4 years ago | (#32701186)

You make the laws according to the constitution. If it is important enough then people can break the rules and take the legal consequences. If you need to torture a terrorist, spy on someone, then break the law and do so. If you get the information you need great. You probably won't get a jury to convict. If you don't then you do the time. If you are not prepared to do that then what you did probably was not necessary. This only works when there is transparency and accountability. I think that once upon a time in England the hangman faced a court the next day but this may be just a legend. But that is the way it needs to work.

Re:This is not their job. (4, Informative)

TheRaven64 (641858) | more than 4 years ago | (#32700852)

It was designed for the military. You don't get much more authoritarian than that.

It may have been designed for the military, but it was designed by a bunch of hippies at Berkeley (and elsewhere)...

Re:This is not their job. (0)

Anonymous Coward | more than 4 years ago | (#32701158)

Wrong, MIT nerds working for a engineering firm in Boston.

it is partly their job (3, Insightful)

r00t (33219) | more than 4 years ago | (#32700624)

It's not reasonable for the government to do anything more than monitor the internet. To start telling people how to run their nodes

In a competitive world, businesses WILL NOT prepare for disaster unless the executives see that it affects the stock price. Preparing for disaster is expensive, and it seldom pays off. (see also: car industry, banking industry, airlines, BP, failure to protect against natural disasters...)

If we want the internet to keep running, without collapsing during a cyberwar, then we do need to insist on some things. It's like requiring that banks keep some reserve, requiring that oil companies have a means to stop a leak, or requiring that an airline not skimp on maintenance when the competition gets fierce.

So the goal is to win? (2, Interesting)

elucido (870205) | more than 4 years ago | (#32700848)

It's not reasonable for the government to do anything more than monitor the internet. To start telling people how to run their nodes

In a competitive world, businesses WILL NOT prepare for disaster unless the executives see that it affects the stock price. Preparing for disaster is expensive, and it seldom pays off. (see also: car industry, banking industry, airlines, BP, failure to protect against natural disasters...)

If we want the internet to keep running, without collapsing during a cyberwar, then we do need to insist on some things. It's like requiring that banks keep some reserve, requiring that oil companies have a means to stop a leak, or requiring that an airline not skimp on maintenance when the competition gets fierce.

The internet is never going to collapse. That is a strawman. Industries could lose profits however and this is a legit argument. If American industries lose profit this endangers national security. Endangering national security reduces US military might and overall power. This endangers US superpower status. So all policies are designed to maintain government power and superpower status.

The problem with these policies is they make the civilian population miserable. We can't find a job. The laws all seem to be telling us what we can't do so we can't pursue happiness. This creates collateral damage on the civilian side as many civilian lives are ruined in some cases beyond repair to "win."

Why can't the military establishment find a way to win without making the entire world miserable? After a certain point the people fighting to protect these laws and Constitution wont have morale. We claim the USA is worth fighting for because it has liberty and freedom, and people can get rich and be happy. But that perception is rapidly fading and lying to the public is not going to change the fact that the American dream is harder to reach for individuals. Individuals primarily feel we are winning or losing the war based on situations they see in their own lives and sphere of influence. We might be winning the war on paper but for most people in practice it feels like we are losing.

This is the primary disconnect.

Re:This is not their job. (3, Informative)

vtcodger (957785) | more than 4 years ago | (#32700716)

I'm supposed to believe that Comcast, Verison, et. al. can accurately identify machines that are infected by malware then wall them off? And somehow inform their owners? Then unwall them when the infection is cleared? And that there will be no or very few false determinations of infection? On what planet is this going to occur?

Comcast on my planet -- it's called Earth -- can't even manage to set the audio on all it's cable broadcasts to the same level. To say that it lacks the technical skills to detect and quarantine user malware infections and the administrative skills to manage a quarantine effort seems to understate the situation.

I do not think it is unusual and that other ISPs will do better.

Re:Seems reasonable (0)

Anonymous Coward | more than 4 years ago | (#32700540)

How exactly do they go about telling you're a zombie?

The stumbling. The lack of color in the skin. Empty eyes. An evident craving for brains.

Re:Seems reasonable (3, Informative)

bmo (77928) | more than 4 years ago | (#32700682)

"My only real concern is that of privacy. How exactly do they go about telling you're a zombie? Well written malware isn't exactly going to advertise infection, "

Yes it does.

It does every time it broadcasts. This is not to stop the criminals from stealing your CC, this is to stop the DDoS attacks and other silliness.

There is software that analyses DDoS attacks at the victim's end. We've seen videos of it referenced here, with 3D graphs in almost a Neuromancer display. I believe the video in question was a government network being DDoS attacked at the time. The feds know when the botnets are active and when they're quiet. When the botnet wakes from its slumber, grab the IPs and issue the quarantine orders.

This is far better than the insane "kill switch" that Lieberman likes so much. The twat.

--
BMO

Re:Seems reasonable (1)

erroneus (253617) | more than 4 years ago | (#32700726)

I would like to see compromised PCs neutered or otherwise stopped. I would like my rights and freedoms not to be tampered with. These are two opposing wants in a sense, but I'm not sure how I would go about implementing all of this in policy.

But if the government would like to improve cyber security for its own sake, it should take measures like... oh... creating a new internet and not putting it out in the public? How about they protect themselves by unplugging? Sure public interaction sites can live on the public internet, but everything else should not.

Re:Seems reasonable (3, Insightful)

bmo (77928) | more than 4 years ago | (#32700746)

"I would like to see compromised PCs neutered or otherwise stopped. I would like my rights and freedoms not to be tampered with"

You do not have the right to shit in my yard.

And that's what the botnets do. They shit in *everyone's* yard.

--
BMO

Re:Seems reasonable (1)

erroneus (253617) | more than 4 years ago | (#32700838)

Can't have a law restricting what others can do without that same law potentially being used against you. Have you not been paying attention to the world? And every time I hear things like "but that law is not for _______ and will not be used to abuse people or anything like that" I just say "DMCA." When law is proposed and you can imagine that it will be used to abuse people unfairly, then I guarantee you that it will happen.

Re:Seems reasonable (3, Insightful)

bmo (77928) | more than 4 years ago | (#32700922)

Take off the tinfoil.

This should have been done years ago when the botnets really started going full bore.

You think you're the sole victim if you're running an infected machine? You're not. I have no sympathy at all. Getting ISPs to boot compromised machines has been impossible when done from the private sector. I know. I've tried. You know how many machines I know that I've gotten shut down?

One. That's right, one machine, and that took writing email personally to someone higher in the chain of command than the help desk.

ISPs don't want to quarantine customers. Customers give them money. Whether they are good neighbors or not doesn't matter. What it says in the TOS doesn't matter. All that does is simply cover the ISP's butt legally if the ISP has a case of elbow syndrome.

This is not installing secret software on your computer to send out to the Three Letter Agencies to spy on you and take away your rights. This is so people can be stopped from being bad neitzens. Your computer is part of a botnet that is blackmailing a .com or attacking a .gov site like the IRS? Sorry, but you're disconnected until it's cleaned up.

So don't give me your "help help I'm being repressed" BS.

If you're going to shit on my lawn, I'm going to call a cop.

--
BMO

Re:Seems reasonable (-1, Troll)

Anonymous Coward | more than 4 years ago | (#32700952)

This is more denail of free speech by your Jewish masters...
We can't have people questioning the actions of Jews, can we? Much less having them put up video footage of Jews engaging in mass murder, or - heaven forbid - somebody questioning the 'holocaust'...

Oy vey! Haven't ve suffered enough?

The Jew cries out as he strikes you.

I don't want to give information away (4, Interesting)

MichaelSmith (789609) | more than 4 years ago | (#32700358)

Currently my network looks like a single netbsd box from the perspective of my ISP. The original Australian proposal could have been interpreted to mean I would have to tell the ISP what OSs I was running and what software they had installed.

So if I had windows here they would want to know how it was firewalled, etc. So yeah I can tell them three ubuntu laptops, one mac laptop with windows running inside vmware. Two servers running netbsd and the ISP are going to get dollar signs lighting up in their eyes. They will want me to pay for a "business" connection now, because of the nodes I have running. Not good for me.

Re:I don't want to give information away (1, Interesting)

Anonymous Coward | more than 4 years ago | (#32700458)

You're are only required to pay for a business connection if you actually use them for business purposes, if they are a hobby (which is what you will obviously be claiming to them), then they can't force you to use a business plan, and they would much prefer you paying something to them than paying nothing to them and something to someone else.

Re:I don't want to give information away (2, Interesting)

MichaelSmith (789609) | more than 4 years ago | (#32700524)

I might be in trouble there because my wife uses this connection for her architecture practice. But on the other hand a lot of the people I work with use their DSL lines to VPN into work so should they get business lines too?

Re:I don't want to give information away (1)

jordan_robot (1830144) | more than 4 years ago | (#32700476)

Fuck that. It should be no business of the ISP's unless your pulling an extreme amount of data transfers, need multiple dedicated IPs or need more bandwidth.

Re:I don't want to give information away (1)

Inda (580031) | more than 4 years ago | (#32700518)

I don't think your setup is that unusual these days. NetBSD is obviously not the norm but...

Take my average family setup: Two laptops, one desktop, xbox, and Wii. All connected to the internet through a router. Not really so different to yours? No ISP would care about five machines; all they see is the cable modem; all they care about is a monthly payment and no abuse.

Re:I don't want to give information away (1)

MichaelSmith (789609) | more than 4 years ago | (#32700550)

Yeah probably. On the subject of abuse I had a problem like this at work. Developers use suse workstations and many of us have given ourselves root accounts. One day I was tailing the logs and I noticed that a node had been trying buffer overflows on sshd. So I pasted the good bits into an email to IT who went meh then I forwarded to the IT contract manager who actually knows what a buffer overflow is and he had the offending windows box re-imaged quick smart.

Re:I don't want to give information away (1)

reiisi (1211052) | more than 4 years ago | (#32700632)

My ISPs are cool with my internal network, as long as I maintain it myself and don't push my connection to max all day long 168 hours a week and stuff. I've asked, and they say they just aren't willing to give me multiple IP addresses unless I'm willing to pay for them. Which is actually sort of reasonable in the IPv4 world.

I do wish they would pick up IPv6, but that's a different issue.

This policy statement goes a little overboard, and it could be better named, but the ISPs need to take more steps in maintaining their networks, including the principle bullet points here.

ANOTHER USELESS LAW... (0)

Anonymous Coward | more than 4 years ago | (#32700396)

This functionality already exists. The ISP responsible for the malware-infected PC can just change the modem provisioning mode at the CMTS, thereby preventing the modem from obtaining an IP address, effectively disconnecting the endpoint. No laws needed.

Principle and practice (4, Insightful)

mccalli (323026) | more than 4 years ago | (#32700398)

I like this idea in principle, but concerned about the details. The article says it's "formalising an existing code of practice" so perhaps Australians here can let us know how it currently works?

I'm thinking mostly about false positives - I've had a Mac identified as running some Windows virus, at the time I presumed due to NAT somewhere at the ISP level. Getting that sorted out was a matter of waiting half an hour or so, but I can imagine that becoming a more serious issue if this is 'by law'.

The other thing worrying would be forced steps to remove things. I could go with an "ensure you're clean rule", but would be against a "ensure you're running this particular security measure" rule.

Cheers,
Ian

File sharing programs = Malware. (4, Insightful)

elucido (870205) | more than 4 years ago | (#32700468)

So if you run bit torrent and they decide it's malware, now they can throttle your internet speed and quarantine you. Or if you download legal but tasteless pornography this could be determined to be malware and your speed can be throttled.

This idea is as bad as the kill switch idea.

Re:File sharing programs = Malware. (2, Insightful)

AHuxley (892839) | more than 4 years ago | (#32700586)

Exactly, first it starts as an infected Windows, Mac hunt.
Then your ISP is given the 'option' to inspect packets to cut down on false positives.
Next they have to report anything suspicious in plain text that they might notice - just the really bad stuff.
Then its all p2p use of interest under Anti-Counterfeiting Trade Agreement (ACTA) and the "voluntary" for ISPs to adopt is dropped.

Re:File sharing programs = Malware. (1)

the_raptor (652941) | more than 4 years ago | (#32701106)

Many ISP's already throttle P2P at their routers, stop being so paranoid. Most ISP's realize that high capacity uses like P2P is the only reason they can sell expensive plans.

Re:File sharing programs = Malware. (1)

MrShaggy (683273) | more than 4 years ago | (#32701334)

Don't forget that simply by running programs dose not make it malware.

I think that an isp might be able to separate the traffic issue.

If the provider thinks that your machine has a bot net infection, they would try to get a hold of you first. I don't see them throwing the kill switch for no reason.

And if they do disconnect you, you would be on the phone to them to find out why.

Then after doing a system scan then you can get back online.

Mal-ware generally has nothing to do with, any other programs.

If you are running zone alarm, and a calculator program asks for internet access that is mal-ware.

Re:Principle and practice (1, Insightful)

Anonymous Coward | more than 4 years ago | (#32700612)

I like this idea in principle, but concerned about the details.

I DON'T like this idea in principle, AND I am concerned about the details. Like any other POLITICAL legislation to control people (and their machines), their is a lot of leeway into the POLITICAL process of defining what "malware" is. I'm sure for example, that the RIAA would define most P2P programs like bittorrent as malware, and would lobby for having user's computers disconnected from the Internet because P2P programs can spread viruses.

I can also see almost ANY program that is a "bot" (i.e. does things automatically on the Internet) as being defined as "malware" by the ignorant and politically sensational. For example, a program that searches for open proxies is (or has been) used by viruses, but this negates the legitimate uses for average citizens and businesses to search for open proxies to use as privacy tools.

Programs that act as servers can also be considered malware. In fact many ISPs don't even want you to run a Web server, because (I would presume) it can increase bandwidth for their "unlimited" accounts and nullify their own Web hosting businesses. On the FUD-based side, IRC servers could easily be defined by lobbyists and political advocates as malware. For example, many IRC bots are used (OK, this was more fashionable a few years ago) as command and control centres for bot-nets, as well as such "malware" distribution centres like child pornography, RIAA music sharing, MPAA movie sharing, etc and so on.

There is also the nanny-state mentality that is inherent in any such rules, however "voluntary" these rules may be. Any measure to "protect" the public will ultimately be abused (as it was in the past, as it is in the present, and as it shall be in the future. Amen). It is known that the crime rate in Russia was at its lowest during the period of martial law of the attempted coup d'état during Boris Yeltsin's reign. It's nice for some people to live without crime (prostitution, sharing videos, smoking marijuana, watering a lawn during a rain storm, home schooling [illegal in Germany], etc), but I would rather be a deviant living in freedom and at risk for a computer virus attack; than being controlled, monitored and (potentially) punished because of some political ideology.

And, no doubt, politically dubious speech will ultimately come under this banner of "malware". Just like messages that instruct users to delete important system files from their computers is considered part of the malware process, so too will many security sites and legitimate security software be considered malware if used by non-police or military forces. The U.S. government even considered encryption technology to be malware [wikipedia.org] .

It's just another excuse to control people for the excuse of helping people. The nanny state is here, and it is getting more patriarchal.

Re:Principle and practice (5, Interesting)

the_raptor (652941) | more than 4 years ago | (#32701094)

I am an Australian on Exetel. I have had the quarantine kick in twice due to my house mates getting infected. Both times it was a spam relay, so it was presumably easy to detect the massive jump in port 25 traffic. Once you are quarantined all ports but 80 are blocked and port 80 only serves up a page telling you that you are quarantined, what you need to do to remove the quarantine (clean your system then click a link to tell the automated system to check your outgoing traffic), and links to ISP mirrors of malware removal tools. Both times it took about 15-30 minutes to clean the infections and get the quarantine removed.

I think schemes like this are best practice and the only way the Internet is going to be usable with the rise in online crime. Even if you have a secure local OS nothing stops users downloading trojans.

Define online "crime." (1)

elucido (870205) | more than 4 years ago | (#32701208)

I am an Australian on Exetel. I have had the quarantine kick in twice due to my house mates getting infected. Both times it was a spam relay, so it was presumably easy to detect the massive jump in port 25 traffic. Once you are quarantined all ports but 80 are blocked and port 80 only serves up a page telling you that you are quarantined, what you need to do to remove the quarantine (clean your system then click a link to tell the automated system to check your outgoing traffic), and links to ISP mirrors of malware removal tools. Both times it took about 15-30 minutes to clean the infections and get the quarantine removed.

I think schemes like this are best practice and the only way the Internet is going to be usable with the rise in online crime. Even if you have a secure local OS nothing stops users downloading trojans.

I like most of what you said but then you use an incredibly broad general statement like it lowers online "crime." Which crimes? Be specific.

That being said trojans, viruses and child pornography are a problem.

Re:Principle and practice (1)

anarche (1525323) | more than 4 years ago | (#32701228)

The other thing worrying would be forced steps to remove things. I could go with an "ensure you're clean rule", but would be against a "ensure you're running this particular security measure" rule.

I like this until it becomes a "ensure you're running Nortons, as recommended by the Australian Government/your ISP". And no, it doesn't come as part of your connection deal..

*shrug* (1)

SmarterThanMe (1679358) | more than 4 years ago | (#32700400)

I'm not sure how they tell ordinary ISP users. I had a similar sort of experience, though.

I used to work at a university, and one of my colleagues was bringing his home laptop in. One day, he couldn't get his computer to connect with anything so he rang up helpdesk and they told him that something was up with his computer. They sent around a support guy, who found that his son was running BitTorrent on his machine. People are stupid, teenagers are cluey, etc. etc. etc.

Some sort of paper notification before disconnecting him would have been a lot better in my (and his) opinion.

Re:*shrug* (1)

takev (214836) | more than 4 years ago | (#32700562)

My provider xs4all is very quick on the kill-the-client-button and rightfully so. I've been shut of twice, once for running an insecure dns server, and once for some infected windows host that ran of my unsecured (no longer) wifi.

However they make a transparent web proxy available, which shows you their web page explaining why you were shut off as soon as you try to get to some website. And if you configure their web proxy in your browser you can still web browse other pages, during the time you secure your network and email/phone them back that you have done so.

I am not entirely sure how they show that you have been shut off, if you were already using their proxy, I guess when you read your provider's email.

Monitoring... (3, Insightful)

Anonymous Coward | more than 4 years ago | (#32700410)

Some are forgetting the obvious that this would require the monitoring of traffic.

Re:Monitoring... (1)

jordan_robot (1830144) | more than 4 years ago | (#32700494)

If you're not doing anything wrong, then surely you've got nothing to worry about...

/sarcasm

I don't mind... (2, Insightful)

Demena (966987) | more than 4 years ago | (#32701240)

I don't mind if traffic is monitored. I mind if the contents of the traffic is monitored.

Information control is the goal. (2, Insightful)

elucido (870205) | more than 4 years ago | (#32700418)

I'm guessing that the new paradigm the government is following in regard to the internet is total information control. It started with total information awareness. The original goal was to monitor all the information on the internet to see and prevent terrorism. Most of us agreed with that idea, and now that the internet is fully monitored the next step is to gain complete control over it. This way if a powerful person doesn't like what is being said on a specific website or by a specific computer, they can quarantine it. This word "quarantine" gives an indication about how the government sees unfavorable information. They see it as a "virus", or "mind virus", which is otherwise known as a meme. The only way to stop the spread of a meme is by quarantining it.

Once again this is about information control, not security. If it's about stopping zombie infectious malware as the article claims they could use many technical solutions to do this and put the control in the hands of the user. The user could set up their system to handle it and the government has no reason to get involved. Or the government could promote corporations such as Google to develop an improved version of Linux or the Linux kernel to have a feature to allow this much in the same way the NSA developed SELinux. To make it a political issue and to use Australia of all places as the example is exactly the wrong way to go about it. We all know that Australia has a completely censored internet with a list of sites people cannot go to because the government does not like the information on these sites.

This might fool individuals who don't understand technology. Saying it's to secure the internet while you throttle their broadband speed might make sense to the 16 year old kid downloading mp3s or using bit torrent. It might make sense to the adult who works in an unrelated industry with little to no knowledge about network neutrality or what is at stake when internet speeds and information is regulated in a centralized manner. To individuals who understand the technology and how to use the internet the idea of controlling the information flowing through the pipes defeats the purpose of the internet itself. I cannot imagine any programmer, hacker, script kiddie, gamer, or serious user supporting this idea. Most of us would rather risk being infected by malware than have our broadband speed throttled.

And let's be honest, child pornography is probably the worst kind of virus you can be infected with. And the only reason it's so horrible is because the laws related to possession of it are unreasonable. So before we go and fundamentally try to alter the code of the internet and create millions of unintended consequences we should debate what we want the internet to be and what it's purpose is. Does the internet exist as a weapon of war or is it something more fundamental? Should the government control the internet or should the market control the internet?

If the government wants to have this much control over it, maybe they should make it free. That's my opinion. But to bait and switch like this is unfair to individuals who have paid for internet access for over a decade, who have created most of the content on the WWW, who have made the internet what it is.

Re:Information control is the goal. (1)

anarche (1525323) | more than 4 years ago | (#32701270)

To make it a political issue and to use Australia of all places as the example is exactly the wrong way to go about it. We all know that Australia has a completely censored internet with a list of sites people cannot go to because the government does not like the information on these sites.

We can't let this come true! I would miss my paranoid rantings by the ill-informed!

Australia does not have censorship of the 'net. It was trialled, it was scrapped, and the Prime Minister championing it has been axed (more because he's a tool, but anyway).

The only censorship in Australia's 'net is the shit service provision.

Re:Information control is the goal. (1)

Demena (966987) | more than 4 years ago | (#32701318)

And you information is not just controlled but false.

Currently Australia has no Internet censorship and likely never will. Both parties are getting their knickers wet over it but they both know that a party that actually brings it in is dead in the water.

What Australia is doing right now is considering how malware might be controlled and trying to produce a standard for it. An industry wide code. Eventually regulation, yes, control, no. They want it but I doubt they will be allowed it.

A good parallel would be the Australian Broadcasting Company. Fully funded by the government but not controlled by it - despite many attempts. Similarly for the two SBS channels.

Re:Information control is the goal. (0)

Anonymous Coward | more than 4 years ago | (#32701364)

IThe original goal was to monitor all the information on the internet to see and prevent terrorism. Most of us agreed with that idea...

lol

Free speech issue? (1)

LambdaWolf (1561517) | more than 4 years ago | (#32700448)

The threshold of irresponsibility or incompetence that is necessary for the average user's Windows box to get infected is quite low, even nil at times. A walled garden "which limits Internet access" seems to me like it would work out to be a limitation on free speech in practice, since both the structure of the Internet and the nature of malware depend on the computer's ability to upload arbitrary bytes.

Someone who knows more about network infrastructure than I do could probably explain whether and how the walled garden approach could still allow the computer's owner to communicate however they wished over the Internet. But in my opinion a government-approved whitelist of protocols or websites (if that is indeed how it would work) does not cut it for First Amendment purposes.

Good luck with that, Obama (-1, Troll)

Khyber (864651) | more than 4 years ago | (#32700452)

You'l need it. I could bypass that bulshit in a second without my computer being infected, you think you're going to secure against a remotely-controlled attack without having your shit on every fucking computer?

Go back to being a Constitutional Lawyer (if you ever graduated in the first place,) and leave the nation-critical stuff to those that have half a clue. Fuck your CIA, FBI, and all that other shit, as they know *NOTHIGN* since *WE* make that shit up and they learn about it afterwards.

Your alphabet agencies are outdated and it's very likely I could take them out by myself.

Get some real goons.

It's cyber-security coordinator Howard Schmidt. (2, Informative)

elucido (870205) | more than 4 years ago | (#32700482)

Obama has nothing to do with this idea. Read the article where it says cyber-security coordinator Howard Schmidt came up with this idea. If you think it's a bad idea you should direct your anger to the person who thought of it. Obama is not in charge of cyber security and we don't even know if Obama is the one behind the cyber policy to begin with. So to blame Obama is pointless. In fact Obama claimed to be for network neutrality so if hes changing his mind on an issue as critical is this, it's a shame he wont be re-elected because hes going to lose virtually all of the youth vote if he messes up on the internet.

Re:It's cyber-security coordinator Howard Schmidt. (1)

Jah-Wren Ryel (80510) | more than 4 years ago | (#32700546)

hes going to lose virtually all of the youth vote if he messes up on the internet.

Which, sadly, won't mean diddlysquat since its not like the "youth vote" will go anywhere else- they will just stay home.

Re:It's cyber-security coordinator Howard Schmidt. (0)

Anonymous Coward | more than 4 years ago | (#32700638)

Yeah, the youth vote only matters if your campaign is for American Idol.

He only won because of the youth vote. (1)

elucido (870205) | more than 4 years ago | (#32700662)

I'm talking the under 35 vote. And yes they do vote. Not only do they vote but they donated a massive amount of money to the election of the first Black President because he was promising change and promising that he wouldn't follow along with the old ways of doing things. If the youth had expected the government to be run like this they'd have voted for McCain.

Obama promised transparency. Obama promised open government. Obama promised an end to corruption. Obama promised network neutrality. Obama promised to take a harm reduction policy on drugs. Obama promised to fight to protect the environment. Obama promised to help fix the economy and help young people get jobs.

Now hes President and all we see are the criminalization of virtually everything that young people do. Whether it's smoking marijuana or using file sharing clients. The economy is in a terrible state and all the government can think to do is put us young people in prison? I guess thats one way to pay off the national debt.

And if it's not putting people in prison through bad laws, it's putting people in debt where they have to work for 10+ years working it off. So once again Obama owes younger generations something. If everything we do is to benefit the babyboomers why expect young people to vote in the next election? The young people demanded network neutrality and for many this is the only reason they voted for Obama. They believed Obama would promote freedom of speech, promote the internet.

But so far how has Obama's policies differed from the policies of Bush? The only difference is Bush said what he wanted to do and did it while Obama said the exact opposite and hasn't changed anything in regard to the internet. And when things have changed it's clearly for the worst.

Re:He only won because of the youth vote. (1)

Jah-Wren Ryel (80510) | more than 4 years ago | (#32701002)

As you can see here: http://pewresearch.org/pubs/1031/young-voters-in-the-2008-election [pewresearch.org]

This "youth vote" is atypical. You can say they would have voted for McCain instead of simply not voting, but given the turnouts for the last 3 decades, it seems highly unlikely.

Re:It's cyber-security coordinator Howard Schmidt. (1)

MichaelSmith (789609) | more than 4 years ago | (#32700584)

Obama is not in charge of cyber security

Well this guy who works for him apparently is so I suppose the buck stops with the president.

Re:It's cyber-security coordinator Howard Schmidt. (1)

elucido (870205) | more than 4 years ago | (#32700698)

The President is not competent enough in this area to form any sort of cyber policy. The President just signs off on what his advisers and so called experts are telling him. The idea to create an internet kill switch is utterly ridiculous and if Bush had come up with this idea all the media would be trashing the idea. Why cut Obama any slack on this?

On the other hand this idea is just as ridiculous but for different reasons. If Obama wants to win the support of the American people he has to come clean and stop with the hope/change/faith talk. The government is not a religion and the President is not God. Obama has to be honest about it and claim all it's policies are decided by whether or not it helps or hurts the war effort.

To act like these policies are for the security of anything other than the national interest is to be dishonest. This isn't about protecting civilian computer networks. This is about winning the war on terrorism and the President has to admit to the American people that we are in a total war and that the ethics of military conquest are consequentalist/ends justify the means. This way at least the intellectuals will understand whats going on, because to speak and do two completely different things makes the President look dishonest to the individuals smart enough to understand and makes the President look dishonest to the individuals who are naive, and at least if he looks honest to the intellectuals he has a chance of being re-elected.

When your President lies to you and your government lies to you, how is that a good thing? Ignorance is good if we win the war? Really? We win the war by promoting ignorance? We have to find a way to win the war while at the same time documenting the truth even if just for history sake. We cannot remain naive and ignorant as a country forever.

Re:It's cyber-security coordinator Howard Schmidt. (1)

MichaelSmith (789609) | more than 4 years ago | (#32700718)

President Bush stopped private and commercial air transport over the US for two days after September 11, 2001. They had evidence of terrorist attacks under way so they used a kill switch on air transport, which was being used as a weapon by terrorists.

The internet could be used as an attack vector in the same way, so the idea of a kill switch specific to the US, in the manner of air transport, seems reasonable to me.

Because I live outside the US I believe other countries should consider this situation and look for ways to keep internet traffic outside the US flowing if such a kill switch is used.

Re:It's cyber-security coordinator Howard Schmidt. (1)

elucido (870205) | more than 4 years ago | (#32700860)

President Bush stopped private and commercial air transport over the US for two days after September 11, 2001. They had evidence of terrorist attacks under way so they used a kill switch on air transport, which was being used as a weapon by terrorists.

The internet could be used as an attack vector in the same way, so the idea of a kill switch specific to the US, in the manner of air transport, seems reasonable to me.

Because I live outside the US I believe other countries should consider this situation and look for ways to keep internet traffic outside the US flowing if such a kill switch is used.

No it cannot. You cannot DDos a web server and have it result in a loss of life. There are no casualties.

When 3000 people die via hackers then we can take this idea seriously.

Re:It's cyber-security coordinator Howard Schmidt. (1)

MichaelSmith (789609) | more than 4 years ago | (#32700890)

When 3000 people die via hackers then we can take this idea seriously.

It will happen eventually and we should take it seriously now.

Re:It's cyber-security coordinator Howard Schmidt. (1)

elucido (870205) | more than 4 years ago | (#32700900)

When 3000 people die via hackers then we can take this idea seriously.

It will happen eventually and we should take it seriously now.

We will discover life on other planets eventually, why don't we take it seriously now?

Re:It's cyber-security coordinator Howard Schmidt. (1)

Alsee (515537) | more than 4 years ago | (#32700590)

lose virtually all of the youth vote

Like, almost both?

-

Re:It's cyber-security coordinator Howard Schmidt. (1)

Mikachu (972457) | more than 4 years ago | (#32700806)

In fact Obama claimed to be for network neutrality so if hes changing his mind on an issue as critical is this, it's a shame he wont be re-elected because hes going to lose virtually all of the youth vote if he messes up on the internet.

You're assuming that most of the youth will actually realize that their rights are being taken away, or be in any way aware of how serious the situation is. It is unfortunate that many of the younger voters who flocked to Obama did so because of his celebrity status, because people want to be part of something big (first black president), etc. The youth vote went to Obama for many of the wrong reasons, and most of them won't notice the danger of losing network neutrality until it's too late. I'm a youth voter in a city that votes strongly dem.

Re:It's cyber-security coordinator Howard Schmidt. (1)

elucido (870205) | more than 4 years ago | (#32700868)

In fact Obama claimed to be for network neutrality so if hes changing his mind on an issue as critical is this, it's a shame he wont be re-elected because hes going to lose virtually all of the youth vote if he messes up on the internet.

You're assuming that most of the youth will actually realize that their rights are being taken away, or be in any way aware of how serious the situation is. It is unfortunate that many of the younger voters who flocked to Obama did so because of his celebrity status, because people want to be part of something big (first black president), etc. The youth vote went to Obama for many of the wrong reasons, and most of them won't notice the danger of losing network neutrality until it's too late. I'm a youth voter in a city that votes strongly dem.

Not all of the youth are completely ignorant on political issues. A majority of college educated youth know how important the internet is and they know or at least have heard of network neutrality.

Re:Good luck with that, Obama (0)

Anonymous Coward | more than 4 years ago | (#32700758)

I've enjoyed your comments in the past, so really expected better from you, Mr Khyber.

Walled gardens (0)

Anonymous Coward | more than 4 years ago | (#32700456)

They want zombies to use Apple products.

Bad editors! (4, Insightful)

GuruBuckaroo (833982) | more than 4 years ago | (#32700460)

This Headline wrote a check that the story couldn't cash. Bad editors, no cookie.

I guess I'm a minority (1)

TheRealQuestor (1750940) | more than 4 years ago | (#32700486)

I think this should have been done 15 years ago. At least 8 when XP became target #1.

ISP (1)

Skythe (921438) | more than 4 years ago | (#32700490)

I used to work for an Australian ISP, and I was aware of a practice where we [the ISP] would periodically receive reports of "infected" computers, and would need to proactively contact customers and advise them / encourage them to resolve the issue, with the disclaimer that if they do nothing, we may eventually need to kick them off the connection. If something wasn't done about the problem for a while, Port 25 was blocked on their account until that had advised us that, and that we felt confident that they had resolved the problem. The block would be re-instated if any further reports arose. Further down the track, if nothing was down and they were totally negligent, we would cancel their account (although AFAIK this rarely happened). (FYI: I never did this job, although I was aware of it and did fill in once).

Yes No (0)

Anonymous Coward | more than 4 years ago | (#32700526)

Without reading the article the first thing that comes to mind is to "walled garden" the zombie PC's, eg cut off all ports but port 80 (and break https) and redirect DNS so that all requests go through a proxy so that the malware can be identified.

The end user then gets warned that their system is compromised, BY THE ISP. This unfortunately will be ignored as people have been trained to ignore such stupidity if it doesn't look legitimate. Nothing stopping the malware from filtering this out either.

Good idea walling off bad ISP's BAD customers, eg those machines in a data center that are just forwarding traffic from somewhere else, but otherwise without a legal mandate to do so, those bad customers will just never realize those machines are compromised, or deny any wrongdoing if they full damn well know what is going on.

icode? (1)

reiisi (1211052) | more than 4 years ago | (#32700548)

They call this icode [iia.net.au] ?

I mean, sure, I know the fad, but? [wikipedia.org] ... but [wikipedia.org] ... but [wikipedia.org] ...

Well, we used to call intermediate or interpreted codes i-codes in school. I guess I was living in a different branch of reality or something. I mean byte code is so, well, architecture specific.

BASIC09 [wikipedia.org] . Wow. Blast from the past. First loves. [wikipedia.org] Things that might/should have been.

commercially available Quarantaine solution (1)

bre_dnd (686663) | more than 4 years ago | (#32700618)

This product: http://www.quarantainenet.nl/?language=en;page=main-home [quarantainenet.nl] has been in commercial use for several years at educational institutions in the Netherlands. It basically does just that -- infected computers get isolated and get referred to a self-help page. Interesting stuff. (disclaimer: I know people who work there)

knee-jerk reactions without reading (4, Interesting)

reiisi (1211052) | more than 4 years ago | (#32700672)

Is it just me, or is the first onslaught of posts unusually full of people who seem to want to judge government first and read/think later? I mean, beyond the usual level here.

I mean, something has to be done. We are well over 50% of the internet's capacity being used to send people junk mail, most of it both offensive and fraudulent, far too much of it containing executable payloads that harm the internet itself, etc.

If the ISPs don't take voluntary action at a level of minimum intrusion, some excited parents' group is going to hold a referendum and hand their government the right to intrude in every living room.

Sure, this proposal goes too far in places, misses the boat technically in others. It's not perfect. But it's better than legalizing deep inspection to be adminitered and performed by the agency of the UN/international courts.

If we want better than this, we need to come up with counter-proposals of our own, get out, educate people. (And get ourselves off the OS that is the primary medium of abuse.)

Re:knee-jerk reactions without reading (1)

waferhead (557795) | more than 4 years ago | (#32700740)

Is it just me, or is the first onslaught of posts unusually full of people who seem to want to judge government first and read/think later? I mean, beyond the usual level here.

I mean, something has to be done. We are well over 50% of the internet's capacity being used to send people junk mail, most of it both offensive and fraudulent, far too much of it containing executable payloads that harm the internet itself, etc.

If the ISPs don't take voluntary action at a level of minimum intrusion, some excited parents' group is going to hold a referendum and hand their government the right to intrude in every living room.

Sure, this proposal goes too far in places, misses the boat technically in others. It's not perfect. But it's better than legalizing deep inspection to be adminitered and performed by the agency of the UN/international courts.

If we want better than this, we need to come up with counter-proposals of our own, get out, educate people. (And get ourselves off the OS that is the primary medium of abuse.)

Is it just me, or is the first onslaught of posts unusually full of people who seem to want to judge government first and read/think later? I mean, beyond the usual level here.

I mean, something has to be done. We are well over 50% of the internet's capacity being used to send people junk mail, most of it both offensive and fraudulent, far too much of it containing executable payloads that harm the internet itself, etc.

If the ISPs don't take voluntary action at a level of minimum intrusion, some excited parents' group is going to hold a referendum and hand their government the right to intrude in every living room.

Sure, this proposal goes too far in places, misses the boat technically in others. It's not perfect. But it's better than legalizing deep inspection to be adminitered and performed by the agency of the UN/international courts.

If we want better than this, we need to come up with counter-proposals of our own, get out, educate people. (And get ourselves off the OS that is the primary medium of abuse.)

I think ~everyone has thought of doing something like this at least for a moment.
It makes perfect sense until you actually... think it through.

The problem most folks have with this has two parts:

As an unusually insightful AC above noted, the ability to tell a machine is really a zombie ~requires deep packet monitoring/logging.
This is where
A) We don't want them to go, as it's none of their business, and..
B) The ISPs don't want to go, as it's not their problem, and they get to pay for the privilege.

Add the legal ability for the Government to "kill" the net with deep packet monitoring/logging and you have Big Brother.
(Assuming it isn't here already, I suspect the dogs are loose already)

OTOH the next step is only allowing machines on the `net running the approved AV suite on Windows like some universities etc.

Re:knee-jerk reactions without reading (1)

waferhead (557795) | more than 4 years ago | (#32700772)

As an addition:

For every complex problem there is an answer that is clear, simple, and wrong.
H. L. Mencken

Re:knee-jerk reactions without reading (0)

Anonymous Coward | more than 4 years ago | (#32700810)

I always hated the word internet. Why it wasn't called "the web" instead I don't know.

From a free speech standpoint these new laws are the worst thing to possibly happen.

From a financial standpoint, as long as your business depends on the web, your screwed.

There is only one cure.
Throw out these oath breaking fascists and roll back their shit. Starting with Patriot Act, Fisa, torture, and all this other piddly shit like continuity of government and the domestic terrorist organization called the DHS.

Re:knee-jerk reactions without reading (1)

myspace-cn (1094627) | more than 4 years ago | (#32700906)

The end game is to eliminate the anonymous. No more whistle blowers because nobody can be anonymous.

Oh you think I am full of conspiracy?

National Strategy for Trusted IDs in Cyberspace (NSTIC) (June 25, 2010 draft)

Goal 1: Develop a comprehensive Identity Ecosystem Framework
Goal 2: Build and implement an interoperable identity infrastructure aligned with the
Identity Ecosystem Framework
Goal 3: Enhance confidence and willingness to participate in the Identity Ecosystem
Goal 4: Ensure the long-term success of the Identity Ecosystem

Action 1: Designate a Federal Agency to Lead the Public/Private Sector Efforts Associated
with Achieving the Goals of the Strategy
Action 2: Develop a Shared, Comprehensive Public/Private Sector Implementation Plan
Action 3: Accelerate the Expansion of Federal Services, Pilots, and Policies that Align with
the Identity Ecosystem
Action 4: Work Among the Public/Private Sectors to Implement Enhanced Privacy
Protections
Action 5: Coordinate the Development and Refinement of Risk Models and Interoperability
Standards
Action 6: Address the Liability Concerns of Service Providers and Individuals
Action 7: Perform Outreach and Awareness Across all Stakeholders
Action 8: Continue Collaborating in International Efforts
Action 9: Identify Other Means to Drive Adoption of the Identity Ecosystem across the
Nation

Envision It!
An individual voluntarily requests a smart identity card from her home state. The individual chooses to use the card to authenticate herself for a variety of online services, including:
  Credit card purchases,
  Online banking,
  Accessing electronic health care records,
  Securely accessing her personal laptop computer,
Anonymously posting blog entries, and
  Logging onto Internet email services using a
pseudonym.

Yeah, I am talking conspiracy, conspiracy fact.
Envision It!
A power utility remotely manages Smart Grid software
deployed on an electricity meter. Trusted hardware
modules and secure authentication between the power
company and the meter prevent deploying fraudulent
meters as a way to steal electricity; ensure that the
hardware and software configurations are correct; and
restrict meter software to only run on authorized meters.
Likewise, the meter trusts that instructions and periodic
software upgrades come from the power company.
These trusted interactions reduce the threat of fraudulent
activity and deployment of malware within the Smart Grid.

The Identity Ecosystem is composed of three layers:
  Execution Layer – Conducts transactions in accordance with the rules of the Identity
Ecosystem.
  Management Layer – Applies and enforces the rules for participants in the Identity
Ecosystem.
  Governance Layer – Establishes the rules required to function within the Identity
Ecosystem.

So the system will not be for Truth, Free Speech, Whistle Blowing, it is designed for

Validated attributes
Validated Identity
Certified Credentials

Perhaps it's now time to say fuck it all, and stop buying computers, stop building websites, stop shopping online, and go back to being quiet like the 1970's.

That's the endgame. Fuck off if you can't swallow it.

Internet (1)

Demena (966987) | more than 4 years ago | (#32701360)

It is called the Internet and not the Web because the web is only on (or two) of the services which the Internet runs.

The actual power of the Internet has been far from realised. We will go from cloud to something even more dispersed. Imagine for example a protocol where programmed objects can exist on different servers and services so the meme of the net being the machine is actualised. The Internet is far more than TCP/IP port 80 (the Web) and has hardly been developed since the invention of the Web. It could very well be said that the Web has almost fatally distracted the development of the Internet.

Re:knee-jerk reactions without reading (0)

Anonymous Coward | more than 4 years ago | (#32700756)

What about including this type of activate-wallgarden-if-infection-detected in all home routers? Advantages:

  1. The user stays in control. Users can remove wallgarden manually through the router's config.
  2. Avoids ISP-level inspection. Privacy improvement.
  3. Fine-grained control. Your home router probably knows about the different devices on your net, and can block/downrate only the infected one(s).

Re:knee-jerk reactions without reading (1)

flonker (526111) | more than 4 years ago | (#32700898)

Meh, no mod points when I need them. This seems like a good idea, but the tricky part is getting people to think they want it.

You can try the insurance approach, raising prices if you're not "safe", or rather, a "safe router discount". Perhaps even have a certificate come with the router that you give to your ISP. Alternately, you can try a badge approach, similar to the "Energy Star Compliant" badge.

This is your argument? do it or else? (1)

elucido (870205) | more than 4 years ago | (#32700894)

Is it just me, or is the first onslaught of posts unusually full of people who seem to want to judge government first and read/think later? I mean, beyond the usual level here.

I mean, something has to be done. We are well over 50% of the internet's capacity being used to send people junk mail, most of it both offensive and fraudulent, far too much of it containing executable payloads that harm the internet itself, etc.

If the ISPs don't take voluntary action at a level of minimum intrusion, some excited parents' group is going to hold a referendum and hand their government the right to intrude in every living room.

So we have to accept a stupid law else a group of ignorant parents will want to cram an even more stupid law down our throats? I don't accept those options. Maybe instead we should just choose the smartest least exploitable law possible and not have to deal with either situation.

Sure, this proposal goes too far in places, misses the boat technically in others. It's not perfect. But it's better than legalizing deep inspection to be adminitered and performed by the agency of the UN/international courts.

If we want better than this, we need to come up with counter-proposals of our own, get out, educate people. (And get ourselves off the OS that is the primary medium of abuse.)

Not only does it go too far but it wont stop worms or DDOS attacks. The programmers will just find a way to make their malware undetectable. Then the ISP's will have to analyze everything we do online. Also how is it a bad thing if the UN handles it? That might actually be a better solution. That being said that option is not on the table either and is just a strawman.

Re:knee-jerk reactions without reading (1, Insightful)

Anonymous Coward | more than 4 years ago | (#32700926)

Is it just me, or is the first onslaught of posts unusually full of people who seem to want to judge government first and read/think later? I mean, beyond the usual level here.

The problem occurs when it becomes a government mandate.

Like most things, education is often better than propaganda or legislation. Let's face it, spam email is (primarily) a nuisance, and not much more, and it primarily affects people who have done something to initiate spam email (like sign up to a Yahoo or Google email account). It is better for most people to receive a half hour of education, telling them not to open email attachments from unknown people and to turn off Web-browser abilities, including scripting functions in their email clients than to control them.

You said,

...read/think later? I mean, beyond the usual level here.

Many people have called me stupid. Mostly Right-Wing people, religious people, and people who believe in "UFOs". I guess I can't change my genetics.

We are well over 50% of the internet's capacity being used to send people junk mail, most of it both offensive and fraudulent, far too much of it containing executable payloads that harm the internet itself, etc.

Guess what? I WILL EDUCATE YOU! ISPs do block known spam outlets. ISPs do already cut off Internet users who are known (or highly suspected) of having viruses. Again, this is about government mandates and not about ISPs being responsible or irresponsible.

If the ISPs don't take voluntary action at a level of minimum intrusion, some excited parents' group is going to hold a referendum and hand their government the right to intrude in every living room.

Here's where you sound like a shill for the Internet control lobbyists. ISPs need to have a ZERO level of INTRUSION to run an ISP responsibly. If they get complaints or see HUGE amounts of data going through their servers on email ports (of their non-business customer accounts) then they will investigate or be black-holed from the Internet (just like at one time China was once blacklisted because it had so many malicious things coming out of the country). I've even heard that some ISPs banned Yahoo email, because ANYBODY could sign up for a free email account, and they often did, to abuse the system. Nothing new needs to be done here.

Sure, this proposal goes too far in places, misses the boat technically in others. It's not perfect. But it's better than legalizing deep inspection to be adminitered and performed by the agency of the UN/international courts.

What do you think this whole business is about? This whole security FUD business is about legitimated (the arguments) of deep-packet-inspection, among other things.

If we want better than this, we need to come up with counter-proposals of our own, get out, educate people. (And get ourselves off the OS that is the primary medium of abuse.)

I sense a Flamebait here. You should take your own advice and think before posting.

Well, for me, since...

It's been 1 hour, 33 minutes since you last successfully posted a comment

I've noticed that your thoughtless and uneducated comments have been up-moderated to +5 Insightful. YOU are obviously a part of the status quo and have nothing to worry about. So there is no need to preach, because normal people think the exact same way as YOU. You can be happy in the knowledge that most people believe in your idea that ISPs should have "a level of minimum intrusion" to violate their customers privacy.

MODERATORS:
Feel free to moderate me Flamebait, because I would never have the arrogance to say something as popular and status quo as the parent:

Is it just me, or is the first onslaught of posts unusually full of people who seem to want to judge government first and read/think later? I mean, beyond the usual level here.

, from his self-titled comment, "knee-jerk reactions without reading". (Of course, I did read the article, as I always do, but people still accuse me of being ignorant and stupid when I don't agree with them). Of course, like people often tell me, everybody else can't be wrong, so it must be me. The funny thing is, because I post as Anonymous Coward I get LOTS of time to think and review what I post because of the Slow-Down-Cowboy script. Interesting, that I'm made to FEEL stupid, even though I try really hard to be smart. I have the impression that most moderate Slahdot users have left, with mainly the Right Wing in charge (of Moderation and posting).

Re:knee-jerk reactions without reading (0)

Anonymous Coward | more than 4 years ago | (#32701122)

I mean, something has to be done.

Why?

We are well over 50% of the internet's capacity being used to send people junk mail,

Citation?

most of it both offensive and fraudulent, far too much of it containing executable payloads that harm the internet itself, etc.

You say "far too much". How many percent are that? Also, what percentage would you consider acceptable?

If the ISPs don't take voluntary action at a level of minimum intrusion, some excited parents' group is going to hold a referendum and hand their government the right to intrude in every living room.

So you're asking us to commit suicide because you're afraid of death?

Sure, this proposal goes too far in places, misses the boat technically in others. It's not perfect. But it's better than legalizing deep inspection to be adminitered and performed by the agency of the UN/international courts.

It's also better than rounding up Jews, putting them in camps and killing them with poison gas. What's your point?

If we want better than this, we need to come up with counter-proposals of our own, get out, educate people. (And get ourselves off the OS that is the primary medium of abuse.)

Educate people? But you just said this proposal was just fine. If it is, why do we have to educate people? If it's not, why should we accept it?

That said, I'm not seeing you getting out and educating anyone, either.

What crazy time we live in (1)

ultranova (717540) | more than 4 years ago | (#32700700)

I suddenly realized that I live in a world where a headline like this makes perfect sense. Is it just me, or does anyone else find this scary?

Good to hear this news (1)

jimmy41687 (1842060) | more than 4 years ago | (#32700776)

Well i think its a a perfect step to remove all those zombie from the internet and due to this their so many junk mail received by everyone daily i like this .

He should stick to (1)

gearloos (816828) | more than 4 years ago | (#32700800)

I think HObama should stick to what hes good at like fixing the health care system, fixing the unemployment, and fixing the deficit, oh and getting us out of Afghanistan.... what a loser

Anonymous Coward (0)

Anonymous Coward | more than 4 years ago | (#32700914)

a representative for microsoft responded with a 404

ISPs need to do more (1)

jonwil (467024) | more than 4 years ago | (#32701296)

For example they could scan all incoming mail being sent to the ISPs mail-servers for viruses (my ISP does this and all I see is a little "we blocked x viruses" notice in my inbox periodically)

Also they can block outgoing port 25 (i.e. prevent spam zombies from sending their spam outside of the ISPs network directly) and limit the amount of mail going out of the ISPs mail server (better yet mandate one of the "secure SMTP" options so that the spam zombie cant relay through the ISPs mail server at all)

And ISPs can use well-maintained blacklists of hosts to refuse to accept mail from (for example there is no reason to accept mail comming from the dynamic home customer IP ranges from ISPs like AT&T, Comcast etc. Most ISPs terms-of-service block running mail servers on home accounts anyway so its not like anyone should be running a legitimate mail server on such IP ranges.
Blacklists are not perfect and yes may contain IP addresses that once sent spam but no longer do so but if the blacklist is well-maintained there should be a simple way to get your IP removed.

ISPs also need to stop the practice of redirecting non-existent domains to an ISP error server as such practices make it harder to detect certain kinds of forged email headers AFAIK.

Scary...would be abused... (2, Insightful)

moxley (895517) | more than 4 years ago | (#32701304)

The bottom line is that these oligarchs want total control over information, they're threatened by the openness of the internet, the ability for people to bypass mainstream media outlets, the ability for people to share news and information worldwide without censorship or government/corporations (almost the same thing now in the US) putting everything into their own context, the dislike the ability for people to organize.....One way or they other they are going to try to destroy all that is good about the internet.

Malware is a problem, and people who don't patch or have proper security are stupid, but he model we have, where everyone takes responsibility for their own systems works fine, despite the rhetoric, and giving the corporate/government empire more control for any reason is a bad, bad idea.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>