SoylentNews is people
SoylentNews
Late last month, popular websites like Twitter, Pinterest, Reddit and PayPal went down for most of a day. The distributed denial-of-service attack that caused the outages, and the vulnerabilities that made the attack possible, was as much a failure of market and policy as it was of technology. If we want to secure our increasingly computerized and connected world, we need more government involvement in the security of the "Internet of Things" and increased regulation of what are now critical and life-threatening technologies. It's no longer a question of if, it's a question of when.
First, the facts. Those websites went down because their domain name provider — a company named Dyn — was forced offline. We don't know who perpetrated that attack, but it could have easily been a lone hacker. Whoever it was launched a distributed denial-of-service attack against Dyn by exploiting a vulnerability in large numbers — possibly millions — of Internet-of-Things devices like webcams and digital video recorders, then recruiting them all into a single botnet. The botnet bombarded Dyn with traffic, so much that it went down. And when it went down, so did dozens of websites.
Your security on the Internet depends on the security of millions of Internet-enabled devices, designed and sold by companies you've never heard of to consumers who don't care about your security.
The technical reason these devices are insecure is complicated, but there is a market failure at work. The Internet of Things is bringing computerization and connectivity to many tens of millions of devices worldwide. These devices will affect every aspect of our lives, because they're things like cars, home appliances, thermostats, lightbulbs, fitness trackers, medical devices, smart streetlights and sidewalk squares. Many of these devices are low-cost, designed and built offshore, then rebranded and resold. The teams building these devices don't have the security expertise we've come to expect from the major computer and smartphone manufacturers, simply because the market won't stand for the additional costs that would require. These devices don't get security updates like our more expensive computers, and many don't even have a way to be patched. And, unlike our computers and phones, they stay around for years and decades.
Is government regulation the only way to get manufacturers of Internet of Things (IoT) devices to care about security?
(Score: 2) by Snotnose on Saturday November 12 2016, @03:17AM
They could find all the vulnerable devices, change the network settings and the default password. Device is effectively bricked, gets sent in to warranty repair, offending company goes bankrupt, and problem solved.
Of course, anyone doing this is breaking federal law. As are the black hat hackers, but the black hats are overseas and get tons of money when they succeed, while the white hats are here and get bupkis when they succeed.
Me? Be at least 5 years before I buy an IoT device, and I'll be damned sure to change the default password on it.
When the dust settled America realized it was saved by a porn star.
(Score: 3, Insightful) by Ethanol-fueled on Saturday November 12 2016, @03:26AM
I prefer the old-skool approach - I'll walk the 12 steps down the hall and turn the knob myself. Anybody who allows their home to be a digital disease vector deserves what they get.
(Score: 1) by tftp on Saturday November 12 2016, @05:46AM
Then you will be in violation of the new lifestyle. A modern man is supposed to be a couch potato, and walking 12 steps down the hall to do something is anathema. It started with the TV remote controls, I guess... and today some people can work whole day without leaving the bed. Just wait for adoption of the basic income...
(Score: 2) by mcgrew on Saturday November 12 2016, @03:12PM
Then you will be in violation of the new lifestyle. A modern man is supposed to be a couch potato, and walking 12 steps down the hall to do something is anathema.
Huh? You're behind the times (and so am I). These days it's all about fitness. Personally, I think exercise is bad for you. Proof? Take a ten mile hike and see what your legs feel like the next day.
mcgrewbooks.com mcgrew.info nooze.org
(Score: 2) by Gaaark on Saturday November 12 2016, @05:39PM
Fitness?!?! What the what is fitness???? :)
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
(Score: 2, Insightful) by Anonymous Coward on Saturday November 12 2016, @06:32AM
Except *we* get what they deserve. Thus the problem...
(Score: 2) by mcgrew on Saturday November 12 2016, @02:57PM
The problem is that the people who are "digital disease vectors" aren't usually the ones impacted. The DDOS affects anyone using the sites that are affected online, sites the "digital disease vectors" may not use. [cyberscoop.com]
mcgrewbooks.com mcgrew.info nooze.org