Would it not be a good idea to make it illegal to have a computer connected to the Internet that does not have up-to-date AV software?

FFS!

So what this guys is saying is that some users' PCs have been compromised and their details were harvested...? As far as I can see, there's nothing to suggest that the ftp sites themselves have been compromised. That's not really a big deal when you think about it, and is almost to be expected.

Sure someone could then use those credentials to upload the latest 0-day warez!!!111! or some dodgy pics, but the unusual activity on the server should be noticed when the bandwidth or disk space logs are analysed, and you'd hope that are already restrictions are in place to stop someone uploading several GBs of data, in any case.

Not sure I really see the point this guy is trying to make - unless it's to point out that he has accessed some 'cybercrime server'. Whoop-de-doo for him!

No it wouldn't as some of us aren't chumps and don't run Windows.

Rob

Having a login to ftp.bbc.co.uk doesn't give you access to the website or the content production system, just to the FTP server. The BBC network has an entirely different and non-public facing route for content that is going into the website.

(..which I shan't describe here for abundantly obvious reasons)

Still, pretty decent conclusion jumping for a hot and sticky friday afternoon!

Why not outlaw any internet access from Windows? Just imagine how much bandwidth would be released from all that spambot traffic. Not to mention that internet would come back to be what it was when it started.

Also, expect to regain some office status as "the guy who has internet", like in the past. I sometimes wonder how productivity in the pre-internet era could be so similar to what is today. Nowadays with all the time lost in offices due to web browsing we could probably double the productivity without increasing office hours.

it would not be a good idea to make such a law - we don't need any more meddling that aims to replace common sense thank you.

Oh, and btw, what would you define as 'up to date', and how would you police it?

is a daily update to your AV s/w up-to-date? is hourly? is secondly? see where I am going with this? if not:

for example, in theory as soon as a new vuln (technical or social) is found, a new virus/malware could be out to exploit it within hours, and hence that person is ciminalised by your new law, even though they updated a day ago.... replace hours with minutes, and day ago to hour ago, and it's even worse....

there are many more hypothetical situations that would make a mockery of this sort of law - face it, you are at the top of the IT game (i'd hope so, given that sort of comment - or are you of a social class constantly looking for more ways to voluntarily attend 'her majasty's' pleasure centres in order to get a decent meal and free sky TV ;), and others will not match you IT ability. So virii will spread. If the heaving masses did have your ability in such areas, you and many readers would be out of a job, so get over youself, while I get over myself, and let's go have a fun weekend instead.

as for policing it..... i think the police have enough on their plate without having to deal with this too.

anyway, enough short (ish), sharp (ish) putting down... it's Friday, and a rather warm one to boot, so mentioned above, I'm going home RIGHT NOW

Regards

"Would it not be a good idea to make it illegal to have a computer connected to the Internet that does not have up-to-date AV software?"

"Would it not be a good idea to make it illegal to have a front door that does not have up-to-date Goldilocks(tm) security lock installed?"

No it does not. Yet more government legislation on things they don't understand, can't control and wouldn't know how to check.

Course, it would be great for the few AV vendors. They could rack up the prices in a jiffy, then call you at home at the end of the year for a "mandatory renewal" ... or else. Cops could also pay a visit, find a non-up-to-date AV, pack away your electronics, GSM, TV and Tivo at gunpoint, then check at leisure for compromising pictures of random children or official buildings that you took for possible "terrorist planning".

Shite, I'm giving the Met ideas here.

No, i think you've slightly missed the point...

It depends what's on the ftp sites that they have logins for. If it's access into the web server host to upload web pages then it would be pretty serious as the websites could be modified to download trojans onto people's machines. If it's upload access to any area where the public would be able to download files from then again it could be serious (downloading bogus patches from a compromised AV site for example).

URL or it didn't happen! Mine's the one with SSH!

Who the hell still uses plain old ftp!? Anyone in their right mind would use sftp preferably with password less keys. Bloody idiots!

ftp.bbc.co.uk has anonymous login.

You can access the /etc/passwd file. But of course not /etc/shadow

But using FTP. Jesus christ. Are these guys retarded?

If your going to use it. At least restrict it to intranet IP's

Even tho this isnt secure at all.

RE: Slightly Misleading Article

Why would home users have FTP access to these types of places?

@Rob - LInux isnt secure from being infected... It can run code. End of story.

All these sites listed. Apart from Amazon and Monster have anonymous FTP

With quite a lot of data in there.

Im wondering. Would this constitute "hacking"

Paris beause she likes it when people take unautorised access.

ditto

Upload poison web pages to phish anyone or download Windows/ActiveX nasties.

Why do people even have FTP enabled anyway? I can understand a personal website, but a major corporation? Where I work, there is absolutely no write access to the Web Servers (FORMS and SQL input excepted), all website updates are done by logging into the the web server cluster and copying hte new content from a secured file server.

And to Rob Beard, Doesn't matter what OS you use, the issue is that the websites could be used to HOST malware, and last I checked Apache can still have FTP enabled on it.

Some of us aren't snotty little turds and DO run Windows, but still have no use for AV software as we know better than to download dodgy screensavers and the like...

What,no matter what O/S you are running?

Don't make me laugh.

FTP is still commonly used for low-security file downloads. It's possible that the FTP passwords for many of those high-security web sites just lets you download high resolution press materials and reseller tech support documents. It's not public but it's hardly a win to have it.