Hi all (again)
The more I think about it, the less I think SWITCH thought about it, before publishing such nonsense.
"On 25 November 2010 SWITCH will launch an new initiative to maintain the high security standards of Swiss websites."
Hello? Since when does SWITCH have anything to say about the security of websites? Security of Domains: ok, but websites? Remember: Internet != WorldWideWeb
Deleting the name server delegation of a domain not only shuts down access to one website, but to ALL Internet services depending on DNS in that domain.
"From different third parties we receive a fairly large number of URLs in .ch/.li ccTLDs which distribute malware."
Exactly - specific URLs (or the websites behind those URLs) may spread malware, but not the domain itself, but again - since SWITCH cannot block access to specifiec URLs, there is no reason to block access to the whole domain.
So I absolutely second Andre Oppermanns opinion: "This delegation suspension plan is entirely broken by design and should be immediately stopped."
Cheers
Mike
--
Mike Kellenberger mike.kellenberger@escapenet.ch
Escapenet - Professional Web Company Tel +41 52 235 0700/04
http://www.escapenet.ch Skype mikek70atwork
-----Ursprüngliche Nachricht-----
Von: swinog-bounces@lists.swinog.ch [mailto:swinog-bounces@lists.swinog.ch] Im Auftrag von Serge Droz
Gesendet: Donnerstag, 11. November 2010 08:23
An: swinog@lists.swinog.ch
Betreff: [Spam] [swinog] Blocking Malware distribution sites
Hello Swinogers,
On 25 November 2010 SWITCH will launch an new initiative to maintain the high
security standards of Swiss websites.
Let me briefly explain what we will do, as it is relevant to the SWINOG community:
>From different third parties we receive a fairly large number of URLs in
.ch/.li ccTLDs which distribute malware. We're talking a few hundred URLs per
week. In a first step SWITCH verifies that this claim is true.
If the site is indeed distributing malware we will contact the
domain holder and technical contact by e-mail and ask them to remove the
problem within one working day.
If the they fail to do so, we will delete the name server delegation from the
zone-file [1]. We report this to MELANI, as required by law [2]. The domain
holder will be informed about this.
Removing the name server delegation is not really efficient as long as DNS
caches, containing entries of that domain are not flushed.
SWITCH plans to make the list of blocked domains available to relevant parties,
i.e. ISPs operating name servers for their customers.
If you want to receive this info send us an e-mail message to cert@switch.ch
and we will get in touch with you.
Since we don't want any finger pointing or bashing of affected sites, we want
you to keep this info confidential. To join, we therefore ask you to sign a non
disclosure agreement (NDA).
Please get in touch with if you have any question.
Best regards
Serge
Notes:
[1] Details see Bakom
http://www.bakom.admin.ch/themen/internet/03470/index.html?lang=de
[2] The law [1] talks about a "anerkannte Stelle zur Bekämpfung von
Cyberkriminalität", a recognized organisation fighting cyber-crime. So far
MELANI (
http://www.melani.admin.ch/) is the only recognized organisation.
--
SWITCH
Serving Swiss Universities
--------------------------
Serge Droz, SWITCH-CERT
Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
phone +41 44 268 15 63, fax +41 44 268 15 78
serge.droz@switch.ch,
http://www.switch.ch
_______________________________________________
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog