←back to thread

Cloudflare scrubs Aisuru botnet from top domains list

(krebsonsecurity.com)
97 points jtbayly | 1 comments | 08 Nov 25 16:25 UTC | HN request time: 0s | source
Show context
arcfour ◴[08 Nov 25 18:14 UTC] No.45858689[source]
If an automated service is pulling the top 100 domains from CF and naively trusting them, why can't it also pull the categorization information that's right there and make sure none of the categories are "Malware"??? Who would write something like that? It's absolutely believable that the top 100 domains could contain malware domains...because of the nature of botnets and malware.

That's PEBCAK.

replies(3): >>45858802 #>>45859456 #>>45859833 #
8organicbits ◴[08 Nov 25 18:31 UTC] No.45858802[source]
People make mistakes. Security engineers need to understand what sort of mistakes people are making and mitigate that risk. Brushing it under the rug as silly users making mistakes doesn't protect anyone.
replies(1): >>45858818 #
monerozcash ◴[08 Nov 25 18:33 UTC] No.45858818[source]
The automated services using this for security-related purposes are presumably built by "security engineers", if they're making mistakes like this they're obviously woefully underqualified.
replies(3): >>45858941 #>>45859150 #>>45859634 #
1. Uehreka ◴[08 Nov 25 18:49 UTC] No.45858941[source]
Many people are woefully under qualified, we need to have a working society anyway.