Slashdot Mirror

← Back to Stories (view on slashdot.org)

Who Should We Blame For Friday's DDOS Attack? (fortune.com)

Posted by EditorDavid on from the j'accuse dept.

"Wondering which IoT device types are part of the Mirai botnet causing trouble today? Brian Krebs has the list," tweeted Trend Micro's Eric Skinner Friday, sharing an early October link which identifies Panasonic, Samsung and Xerox printers, and lesser known makers of routers and cameras. An anonymous reader quotes Fortune: Part of the responsibility should also lie with lawmakers and regulators, who have failed to create a safety system to account for the Internet-of-Things era we are now living in. Finally, it's time for consumers to acknowledge they have a role in the attack too. By failing to secure the internet-connected devices, they are endangering not just themselves but the rest of the Internet as well.
If you're worried, Motherboard is pointing people to an online scanning tool from BullGuard (a U.K. anti-virus firm) which checks whether devices on your home network are listed in the Shodan search engine for unsecured IoT devices. But earlier this month, Brian Krebs pointed out the situation is exacerbated by the failure of many ISPs to implement the BCP38 security standard to filter spoofed traffic, "allowing systems on their networks to be leveraged in large-scale DDoS attacks..."

5 of 190 comments (clear)

  1. Who should we blame? by iCEBaLM · · Score: 5, Insightful

    The people that did it.

    1. Re:Who should we blame? by Anonymous Coward · · Score: 5, Funny

      Nah, too much effort figuring out who did it. Just blame Russia. Works for everyone else lately.

    2. Re:Who should we blame? by ArmoredDragon · · Score: 5, Insightful

      Regardless of who is behind it, it's about time that we treat DDoS as the censorship that it is. I'm sick of hacktivists trying to justify bringing down major websites just because they don't like whoever runs it, while at the same time talking about how they are pro democracy and pro free speech. DDoS is the opposite of both, no matter who the target is. People who justify it because they don't like Walmart or whoever are fucking hypocritical assholes.

  2. WRONG by darkain · · Score: 5, Insightful

    From TFA: "Dormann said instead of hard-coding credentials or setting default usernames and passwords that many users will never change, hardware makers should require users to pick a strong password when setting up the device."

    This advice is just plain wrong. It requires educating every single end user on security best practices. Lately I've seen a trend from ISPs for their router admin pages and wifi access points: they come pre-configured with a randomly generated password for each, which is then printed out on a sticker and stuck to the side of the device. Without physical access to the device, nobody would know the credentials for it. This keeps the burden of security within the realm of those who know what they are doing and making good decisions. The act of using a poor password would then end up on the end user, having to type in the secured password, and then change it to something less secure.

  3. That'll be a million dollars, please... by SeattleLawGuy · · Score: 5, Insightful

    not only this but the inept users whose devices get pawned and used to attack other systems should be held legally responsible for the attacks.

    Only up to a point. It's not really fair to expect the random non-computer guy who owns an IoT light bulb to secure it against electronic attack. The company that manufactures the bulb and decides telnet is an appropriate protocol to use to connect to it, on the other hand...

    --
    Real lawyers write in C++