Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Readying Massive Real Time Threat Intelligence Feed

Posted by samzenpus on from the dangers-of-the-day dept.

chicksdaddy wrote in with a link to a story about a Microsoft project that will share security information in real time with customers and law enforcement. The article reads "Microsoft has proven that it can take down huge, global botnets like Kelihos, Rustock and Waldec. Now the company is ready to start making the data it acquires in those busts available to governments, law enforcement and customers as a real time threat intelligence feed. Representatives from the Redmond, Washington software maker told an audience at the International Conference on Cyber Security (ICCS) here that it was testing a new service to distribute threat data from captured botnets and other sources to partners, including foreign governments, Computer Emergency Response Teams (CERTs) and private corporations."

21 of 89 comments (clear)

  1. Bad idea by Anonymous Coward · · Score: 3, Interesting

    sounds like a violation of the users' privacy

    just because my computer is part of a botnet doesn't mean I have agreed to have my IP and other info sent to government agencies, especially foreign governments

    1. Re:Bad idea by Bananatree3 · · Score: 4, Informative

      Son - you've got other problems if you're on a bot net.

    2. Re:Bad idea by bstag · · Score: 5, Funny

      99 problems but a bot net ain't one.

    3. Re:Bad idea by viperidaenz · · Score: 2

      I think you nearly got the car analogy right.
      If someone steals your car for a bank robbery, is [americas most wanted/other tv or news show] allowed to say the police are looking for a car with a licence plate xyz1234. I would hope so.
      you don't own your ip address, like you don't own your license plate number

    4. Re:Bad idea by CanHasDIY · · Score: 4, Insightful

      If you've failed to secure your computer then you've waived your right to privacy

      Uh, no.

      According to your "logic," or in this case lack thereof, if you leave the doors to your home or car unlocked, you've 'waived your right to privacy,' i.e. government agents are free to ransack your belongings, place surveillance devices in and around your home/car, take what they like, et. al. Fortunately for all Americans (even the stupid ones), we have a number of Constitutional rights and amendments that protect us from that sort of mentality.

      Not only is that an ignorant way to view the world, it's incredibly dangerous to those of us who actually value our privacy, but don't want to live in a constant state of paranoid escalation, in which the only way to have even a modicum of privacy is to continually waste money on bigger and better locks. That's the sort of shit thought process that results in people getting sued by peeping toms for walking around the privacy of their own homes nude.

      --
      An enigma, wrapped in a riddle, shrouded in bacon and cheese
    5. Re:Bad idea by epyT-R · · Score: 2

      who decides what belongs on the shame list? authority uses this game all the time to badger people it considers a threat to its power. if everyone got a chance at that list, we'd have no rights at all.

    6. Re:Bad idea by lennier · · Score: 2, Interesting

      According to your "logic," or in this case lack thereof, if you leave the doors to your home or car unlocked, you've 'waived your right to privacy,' i.e. government agents are free to ransack your belongings, place surveillance devices in and around your home/car, take what they like, et. al.

      Replace "house" with "car" and yes, that's pretty much exactly what happen at the moment. If you leave your car doors unlocked and someone steals it and uses it to commit crime, do you really have an expectation of a hard-cre "right to privacy" that would prevent the police from stopping searching that car - even using deadly force against it?

      A non-networked computer is like a house, yes. A networked computer is much more like a car, because it "travels" and interacts with other computers and can break into and destroy them. You really need to know what you're doing when you own one.

      --
      You are not a brain: http://books.google.com/books?id=2oV61CeDx-YC
    7. Re:Bad idea by viperidaenz · · Score: 2

      You don't know whos home you're probing with an IP address. You also don't know if the ISP as allocated the IP to another address since it was published. In most cases its not your IP. A few dollars will get any citizen your full name and registered address from a license plate number.

    8. Re:Bad idea by AK+Marc · · Score: 2

      According to your "logic," or in this case lack thereof, if you leave the doors to your home or car unlocked, you've 'waived your right to privacy,' i.e. government agents are free to ransack your belongings, place surveillance devices in and around your home/car, take what they like, et. al.

      No, but when you've left your car unlocked and the keys in it and someone steals your car and uses it in a robbery, you should expect to have your information handed over to the authorities and hear your license number announced on the radio and images of your car shown on TV related to the crime.

      If you are in a botnet, you negligently allowed your computer to commit crimes. You didn't waive all rights to privacy, but criminal actions by a possession of yours is sufficient to get you under different scrutiny than the average person.

      Not only is that an ignorant way to view the world, it's incredibly dangerous to those of us who actually value our privacy, but don't want to live in a constant state of paranoid escalation, in which the only way to have even a modicum of privacy is to continually waste money on bigger and better locks.

      If you would stop your posessions from committing crime, people would pay less attention to them. It's not like your stolen car is used in a robbery, it's more like someone put in a shed in your yard and cooks meth and sells crack from it and you don't go in your yard much (you have a pool in back, so you don't go in the front much). If the police raided your yard to take down the drug lab, do you think they would or would not search your house as well? Would that action impinge on your privacy? Do you think their actions would have been justified?

      --
      Learn to love Alaska
  2. Found a direct link by symbolset · · Score: 5, Informative

    Internet Storm Center. Apparently it has been up for quite a while. What bright lights of wonder Microsoft hides under their bushel! I wonder what else there is.

    --
    Help stamp out iliturcy.
  3. data from captured botnets.... by nurb432 · · Score: 2

    And of course any files they happen to find along the way. "IP address x.x.x.x has a copy of the Communist Manifesto"

    --
    ---- Booth was a patriot ----
    1. Re:data from captured botnets.... by nurb432 · · Score: 2

      He may be long gone, but his legacy of paranoia has not.

      --
      ---- Booth was a patriot ----
  4. Re:This was suggested on Slashdot by poetmatt · · Score: 4, Informative

    wow, you sure posted a positive comment about microsoft as a first post again, huh! We know about you and will call you out every time you shit up a thread.

    Not to sideline the reality of this being very questionable, or how this has nothing to do with botnet owners right? Please stop the shillposts and work for someone other than MS. even having you on enemy isn't enough.

  5. Re:This was suggested on Slashdot by poetmatt · · Score: 2

    do you understand the difference between botnets and *botnet owners?* I didn't say botnets.

    The one I mention actually matters, the other (having botnet data by itself) doesn't mean much unless you have a script kiddie maintaining the botnet who doesn't know what they're doing.

  6. Re: Yeah well... by Dog-Cow · · Score: 2

    They know exactly how. Why do you think Windows Phone 7 uses a curated app store, and why do you think they are pushing to do the same for Windows 8? Copying Apple is only part of the story. Ultimately, even a mainframe is vulnerable if the user is allowed to install anything they want.

  7. good idea? by viperidaenz · · Score: 4, Interesting
    Just wait till those running the botnets use this real time information as a tool to avoid detection/capture.

    wouldn't it be advantageous if they can tell what botnet behaviours are picked up by the detection tools in real time?

    1. Re:good idea? by schlachter · · Score: 2

      it will always be a game of cat and mouse....no reason not to keep innovating..

      --
      My God can beat up your God. Just kidding...don't take offense. I know there's no God.
  8. What? by Georules · · Score: 2

    MS proved they can take down botnets largely comprised of systems they wrote the software for? Good work.

  9. So let me get this straight by giorgist · · Score: 5, Interesting

    1. Some "criminal" bot net grabs my private data.
    2. Microsoft infiltrates bot net.
    3. Microsoft hands the data to government in real time. They are not responsible on what the data contains.
    4. Government has my data legally ?

    Does this not sound like the police getting criminals to do their dirty work ?
    What would be the intensive to bring down the bot ?
    How do I know who set up the original bot ?
    Should I trust Microsoft ?
    Should I trust the government ?

    1. Re:So let me get this straight by Bacon+Bits · · Score: 2

      You'd rather trust the bot net operator?

      Yes, I understand (and agree with) your reservations and concerns about what the government would do with such data, but it's really not like the alternative is demonstratively better. Yes, the government *could* abuse this type of information, but a bot net operator can abuse his bots, too. What's to stop a bot from installing a key logger and browser history scraper? Or from scanning your personal files? Or from turning on your webcam?

      Additionally, owners of systems infected with bot net software are the victims of a crime and their systems are themselves being used in the commission of other crimes. Are you going to argue that MS doesn't have an obligation to tell law enforcement about their knowledge of such crimes? What if the bot net is used to coordinate a StuxNet-like attack on US infrastructure?

      Honestly, this sounds like complaining that the police are searching your house for evidence when the neighbors called them about a break-in they saw going on.

      --
      The road to tyranny has always been paved with claims of necessity.
  10. Re:Microsoft is no hero by benedictaddis · · Score: 2

    Since Microsoft began their Trustworthy Computing programme, they have had a reasonably healthy attitude to security. To say as you do that they 'probably' use security holes in their own products to take over botnets is plainly silly.

    Microsoft have in fact been quite clever in taking down Waledac and other large botnets. The mechanism was not technical but legal: they filed a civil complaint against a number of John Does, which resulted in the judge granting a restraining order. This handed Microsoft control of 277 domain names which had been used to direct infected machines to the Waledac Command & Control servers. Google 'operation b49' for more info.