Bruce Schneier: We Need To Save the Internet From the Internet of Things

Bruce Schneier, writing for Motherboard:What was new about the Krebs attack was both the massive scale and the particular devices the attackers recruited. Instead of using traditional computers for their botnet, they used CCTV cameras, digital video recorders, home routers, and other embedded computers attached to the internet as part of the Internet of Things. Much has been written about how the IoT is wildly insecure. In fact, the software used to attack Krebs was simple and amateurish. What this attack demonstrates is that the economics of the IoT mean that it will remain insecure unless government steps in to fix the problem. This is a market failure that can't get fixed on its own.

Re:B...b...but government always BAD!

[fche]

smug collectivists yell "the government will save us!"
with the glowing "success" of anti-spam "laws" ignored
and unintended consequences safely unimagined
they can save the world, if we'd only let them

Re:The only way this will get fixed

[Grishnakh]

What would be the ideal, would be something like UL listings, except instead of electrical safety, is for security.

Won't work. People used to value UL ratings because they were worried about electrical appliances catching on fire. People don't even care about UL ratings any more because this just doesn't happen, except with things that have lithium batteries.

The fact is, consumers just don't care about security. They don't know anything about it, they don't want to know, they just know the nebulous "hackers" are "out there" and there's nothing they can do about them, so they stick their heads in the sand and hope for the best.