« Moving from Compliance to Measurable Security | Main | DHS Cybersecurity help/resource »

14 March 2009


TrackBack URL for this entry:

Listed below are links to weblogs that reference The BBC's Botnet:


David Harley

Jason, I've suggested (as have many others) a number of ways in which the BBC could have made their point at least as effectively. No-one is complaining about they're airing the issue, but a publicly funded corporation should not assume that it's above the law and its own guidelines. I'd like to see some reasoned argument as to why it was in the public interest for the Beeb to break the law: what did they achieve that they couldn't have achieved using strictly legal means? NB: a sensationalist story isn't justification in itself.

Deincognito, as a fairly elderly person myself, I'm not sure how the botnet problem suddenly became sole responsibility of the IT industry. Don't the criminals, end users and the media have any responsibility.


And what about hardware and software developers responsibility on security? There are many PC and Internet users that will never be able to learn how to secure their equipment (i.e., elder people).


Jason Tedesco

The BBC, with taking on such a pursuit to educate the unknowing public, with the risks and conraversy involved has done good for the greater public.

Some may argue what they did is irresponsible or illegal. The BBC has reported they consulted lawyers before engaging in this project.

"no doubt, but money going into the pockets of an anonymous criminal" Take a look at the other side. While the botnet was legitimately being used by the BBC, it was tied up so illegal acts could not be carried out with it.

"I don't dispute that, but that doesn't justify the way in which Click went about it"
- How else would you have them to go about educating such a real world attack?
This is just as ridiculous as John Pescatore comments making an analogy of arsonist.

If only the BBC could have disinfected the hosts used in the botnet.

The comments to this entry are closed.

About the (ISC)² Blog

As the certifying body for more than 100,000 information security professionals worldwide, (ISC)² believes in the importance of open dialogue and collaboration. (ISC)² established this blog to provide a voice to certified members, who have significant knowledge and valuable insights that can benefit other information security professionals and the public at large.

The (ISC)2 blog gives members a forum to exchange ideas and inspires a safe and secure cyber world by supporting the advancement of the information security workforce via a public exchange with a broad range of information security topics.

Whether an (ISC)² member chooses to participate in the (ISC)² blog is his or her own decision. The postings on this site are the author's own and don't necessarily represent (ISC)²'s positions, strategies or opinions. (ISC)² monitors the blog in accordance with the (ISC)² Blog Guidelines, but the bloggers are responsible for their own content – common sense and intelligence should prevail.

Other than links to the (ISC)2 website, (ISC)² does not control or endorse any links to products or services provided in this blog and makes no warranty regarding the content on any other linked website.

Those who post comments to (ISC)² blogs should ensure their comments are focused on relevant topics that relate to the specific blog being discussed. (ISC)² reserves the right to remove any post or comment from this site. Should you find objectionable content in this blog, please notify us as soon as possible at blog@isc2.org

Please click here for FAQs.

Please click here for the Blog Guidelines.