←back to thread

Cloudflare scrubs Aisuru botnet from top domains list

(krebsonsecurity.com)
97 points jtbayly | 5 comments | 08 Nov 25 16:25 UTC | HN request time: 1.017s | source
Show context
arcfour ◴[08 Nov 25 18:14 UTC] No.45858689[source]
If an automated service is pulling the top 100 domains from CF and naively trusting them, why can't it also pull the categorization information that's right there and make sure none of the categories are "Malware"??? Who would write something like that? It's absolutely believable that the top 100 domains could contain malware domains...because of the nature of botnets and malware.

That's PEBCAK.

replies(3): >>45858802 #>>45859456 #>>45859833 #
8organicbits ◴[08 Nov 25 18:31 UTC] No.45858802[source]
People make mistakes. Security engineers need to understand what sort of mistakes people are making and mitigate that risk. Brushing it under the rug as silly users making mistakes doesn't protect anyone.
replies(1): >>45858818 #
1. monerozcash ◴[08 Nov 25 18:33 UTC] No.45858818[source]
The automated services using this for security-related purposes are presumably built by "security engineers", if they're making mistakes like this they're obviously woefully underqualified.
replies(3): >>45858941 #>>45859150 #>>45859634 #
2. Uehreka ◴[08 Nov 25 18:49 UTC] No.45858941[source]
Many people are woefully under qualified, we need to have a working society anyway.
3. wolf550e ◴[08 Nov 25 19:16 UTC] No.45859150[source]
Almost nothing is built by security engineers, including security features of security products at security companies.
replies(1): >>45859599 #
4. arcfour ◴[08 Nov 25 20:16 UTC] No.45859599[source]
I'm a security engineer, I have built things like this, and I made the original comment. A lot of my job revolves around developing automation for security needs.

Also, many of the top 100 domains serve user-generated content (like AWS/S3). Blindly trusting anything from them just because they are big is so woefully misguided it boggles my mind; I seriously doubt that anyone is actually doing what is described in the article.

replies(1): >>45860204 #
5. wombatpm ◴[08 Nov 25 20:21 UTC] No.45859634[source]
True masters of security realize all software is flawed, and therefore write none.