There are a few people to blame for the vulnerabilities which allowed the DDoS attack on Friday to make access to major sites difficult.  They range from lazy ISPs not implementing security standard designed to block the spoofing portion of the attack to lazy IoT developers using standardized passwords, often the defaults from the software itself.  One could blame users for not updating the passwords on their devices but it is not something your average toaster shopper thinks about nor is the need well communicated in the manuals which come with IoT devices. 

The commentators on Slashdot have many theories as to who the attackers were but the real issue lies with the fact that sheer laziness on the part of IoT devices and ISPs allow these attacks to succeed in the first place. They also have a link to the list of devices which were involved in the attack for those who are curious.

"If you're worried, Motherboard is pointing people to an online scanning tool from BullGuard (a U.K. anti-virus firm) which checks whether devices on your home network are listed in the Shodan search engine for unsecured IoT devices. But earlier this month, Brian Krebs pointed out the situation is exacerbated by the failure of many ISPs to implement the BCP38 security standard to filter spoofed traffic, "allowing systems on their networks to be leveraged in large-scale DDoS attacks…"

Here is some more Tech News from around the web:

Tech Talk