North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

A couple or advanced references...

  • From: Paul Ferguson
  • Date: Tue Feb 19 01:37:48 2008

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Apologies for the noise, but I'd like to go ahead and provide
references for a couple of data points which I plan to mention
tomorrow during my brief presentation -- they are not referenced in
my presentation slides, but they do highlight the issues I'm trying
to address.

Each are very recently announced studies, papers, or announced
statistics.

The first one is a study conducted by the fine folks at Google,
wherein they "...investigated billions of URLs and found more
than three million unique URLs on over 180,000 web sites
automatically installing malware".

The paper is located here:

"All Your iFrame Are Point to Us"
http://research.google.com/archive/provos-2008a.pdf

...and associated blog entry here:
http://googleonlinesecurity.blogspot.com/2008/02/all-your-iframe-are-point-
to-us.html

This study reinforces what we are seeing -- literally hundreds of
thousands of compromises on the web and server -side.

Second, is a paper recently jointly released/presented by Ga. Tech
and Google on the the rampant escalation of rogue/malicious DNS
resolution paths:

http://www.citi.umich.edu/u/provos/papers/ndss08_dns.pdf

The numbers are somewhat... staggering.

The two issues above contribute directly, and overlap, more than
most people are aware.

And thirdly is a figure that some folks may already be aware of; the
fact that identity theft was the number one source of consumer
fraud complaints submitted to the U.S. Federal Trade Commission
in 2007.

According to the agency's yearly report on fraud complaints for
2007, of 813,899 total complaints received in 2007, 258,427, or
32 percent, were related to identity theft:

http://www.ftc.gov/opa/2008/02/fraud.pdf

According to the FTC, total consumer fraud losses totaled $1.2
billion, with the average monetary loss for an individual at
$349.

Credit card fraud was the most common form of reported identity
theft at 23 percent, followed by utilities fraud at 18 percent,
employment fraud at 14 percent, and bank fraud at 13 percent.

Now, there is a certain "fudge factor" in these numbers, of course,
but I only mention these issues as a preface for the topics that
I plan to solicit the NANOG community's assistance in addressing.

Thanks, and see you tomorrow! :-)

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.3 (Build 3017)

wj8DBQFHunbjq1pz9mNUZTMRAri9AKD8wY2qH07AMhpDc2dZpJkdFAHVFQCdEa+t
uI1Cwhy1TlHjI6DlQHy5SCM=
=V9Dm
-----END PGP SIGNATURE-----


--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/