[clug] Secure your Internet facing stuff (was Re: googlebot doing funny things in logs)

[Robert Edwards]

On 18/06/11 04:20, Martijn van Oosterhout wrote:
> On Fri, Jun 17, 2011 at 11:36:30AM +1000, Robert Edwards wrote:
>> So that's another no? Still somewhat hypothetical at this stage?
>
> Personally, I'd say any bank that only used username/password
> authentication should have their licence revoked. It's just
> irresponsible these days.
>
> Banks that provide any kind of customer service are likely to do what
> they can if it's any significant kind of money.  Situations where it
> really goes wrong are not likely to reach the news anyway, nobody
> involved has any interest in publicising cases that go wrong.
>
> In the end the money mules are the real losers, they're the ones who
> get caught and told they can't hold a bank account for 7 years.
>
> But back the issue of unprotected machines on the internet, they do
> cause this kind of thing:
>
> http://www.dutchdailynews.com/rabobank-ddos-attack/
>
> Ah, but it only cost a few million and nobody got killed so it's ok.
>
> I don't have problems with people wanting to running their own servers,
> but if they start hosting malware or taking part in a DDOS they should
> simply be disconnected without warning and fined.
>
> Have a nice day,

I'm not going to defend "Conspiracy Cells of Fire", or anyone else, for
launching a cyberattack, much less setting fire to someone's property.

But I must say that they seem to have a cause, which, on the face of it,
seems to include protecting peoples lives, including children, and if
their cause can be highlighted with a relatively harmless (although
expensive) PR disaster for the bank, such as a DDoS attack, well I am
not going to be particularly outraged. Sorry.

Cheers,

Bob Edwards.