Hello Swinogers,
On 25 November 2010 SWITCH will launch an new initiative to maintain the high security standards of Swiss websites.
Let me briefly explain what we will do, as it is relevant to the SWINOG community:
From different third parties we receive a fairly large number of URLs in
.ch/.li ccTLDs which distribute malware. We're talking a few hundred URLs per week. In a first step SWITCH verifies that this claim is true. If the site is indeed distributing malware we will contact the domain holder and technical contact by e-mail and ask them to remove the problem within one working day. If the they fail to do so, we will delete the name server delegation from the zone-file [1]. We report this to MELANI, as required by law [2]. The domain holder will be informed about this.
Removing the name server delegation is not really efficient as long as DNS caches, containing entries of that domain are not flushed. SWITCH plans to make the list of blocked domains available to relevant parties, i.e. ISPs operating name servers for their customers. If you want to receive this info send us an e-mail message to cert@switch.ch and we will get in touch with you. Since we don't want any finger pointing or bashing of affected sites, we want you to keep this info confidential. To join, we therefore ask you to sign a non disclosure agreement (NDA).
Please get in touch with if you have any question.
Best regards Serge
Notes:
[1] Details see Bakom http://www.bakom.admin.ch/themen/internet/03470/index.html?lang=de
[2] The law [1] talks about a "anerkannte Stelle zur Bekämpfung von Cyberkriminalität", a recognized organisation fighting cyber-crime. So far MELANI (http://www.melani.admin.ch/) is the only recognized organisation.