Bad military botnet proposal still being pushed
But I haven't seen him respond to any of the criticisms of his bad idea, including in the online forum of the journal where he published it.
I think a more effective idea would be to adjust the computer crime statutes to provide immunity to prosecution (or at the very least an affirmative defense to criminal charges) for private responses to attacks that meet certain criteria, so that ISPs, security researchers, and competent individuals could engage in offensive actions against compromised machines to disable malicious software or take them off the network. Perhaps some kind of licensing or bonding would do the trick, and ISPs could put an exception into their acceptable use policies for entities that met the criteria.
That's also my partial response to this more recent BBC story about "what rules apply in cyber-wars" which led me to find the Williamson article.
No comments:
Post a Comment