Friday, March 22, 2013

Internet Census via Carna botnet

There is so much to enjoy in the research that was published in this paper.  Not lease of which is the audacity to publish the research. 

The findings from the survey are mildly interesting.  Probably similar to what we could have guessed, but its nice to have some independant confirmation.

The methodology is technically fascinating and demonstrates a high level of skill.  Some of the anecdotes are fun to read but are similar to the war stories every researcher has of their struggles and triumphs.

The quality of the design, writup and presentation of the research is world class.  This was one of the most enjoyable reads of a technical paper I have had in a long time. This should have been published in an A* journal.  I would be proud to do something a quarter as good as this.

The underlying psychology of the researcher is quite interesting. 

The legal implications both of the massive base of exploitable machines being so obviously demonstrated and the implications of both exploiting them and publicly identifying them is complex.  There is a case for the manufacturers, users and local and national regulators to have the finger pointed at them.  The fact that so many trivially vulnerable devices exist on the network bothers people enough to talk about it, but not enough to do anything about it.  Its much easier to shoot the messenger.

Good luck to the author staying anonymous. 

No comments:

Post a Comment