Economics dating market
In fact, the software used to attack Krebs was simple and amateurish.What this attack demonstrates is that the economics of the Io T mean that it will remain insecure unless government steps in to fix the problem.
Even worse, most of these devices don't have any way to be patched.• October 10, 2016 AM Unless ISPs start cutting off customers with hacked IOT devices, I see nothing changing.One the other hand I would note that some of the techniques that they use for amplification are a result of DNS supporting lookups over UDP as well as TCP.Long term, we need to build an Internet that is resilient against attacks like this. In the meantime, you can expect more attacks that leverage insecure Io T devices.• October 10, 2016 AM There is an interesting e Book available in NATO’s Cyber Defence library that discusses the international aspects of establishing cyber norms.Even though the source code to the botnet that attacked Krebs has been made public, we can't update the affected devices. Already the banking industry is dealing with the security problems of Windows 95 embedded in ATMs.
Microsoft delivers security patches to your computer once a month. This same problem is going to occur all over the Internet of Things.
Long term, we need to build an Internet that is resilient against attacks like this. In the meantime, you can expect more attacks that leverage insecure Io T devices. EDITED TO ADD (10/17: DARPA is looking for Io T-security ideas from the private sector.
This essay previously appeared on Vice Motherboard. Tags: denial of service, economics of security, embedded systems, incentives, Internet of things, national security policy, patching Posted on October 10, 2016 at AM • 69 Comments Of course, this would only be a domestic solution to an international problem.
There are defenses, and there are companies that offer DDo S mitigation services for hire. If the defenders can increase their capability in the face of attack, they win.
What was new about the Krebs attack was both the massive scale and the particular devices the attackers recruited.
Companies like Microsoft, Apple, and Google spend a lot of time testing their code before it's released, and quickly patch vulnerabilities when they're discovered.