There are a few people to blame for the vulnerabilities which allowed the DDoS attack on Friday to make access to major sites difficult. They range from lazy ISPs not implementing security standard designed to block the spoofing portion of the attack to lazy IoT developers using standardized passwords, often the defaults from the software itself. One could blame users for not updating the passwords on their devices but it is not something your average toaster shopper thinks about nor is the need well communicated in the manuals which come with IoT devices.
The commentators on Slashdot have many theories as to who the attackers were but the real issue lies with the fact that sheer laziness on the part of IoT devices and ISPs allow these attacks to succeed in the first place. They also have a link to the list of devices which were involved in the attack for those who are curious.
"If you're worried, Motherboard is pointing people to an online scanning tool from BullGuard (a U.K. anti-virus firm) which checks whether devices on your home network are listed in the Shodan search engine for unsecured IoT devices. But earlier this month, Brian Krebs pointed out the situation is exacerbated by the failure of many ISPs to implement the BCP38 security standard to filter spoofed traffic, "allowing systems on their networks to be leveraged in large-scale DDoS attacks…"
Here is some more Tech News from around the web:
- Serious Sam VR mGPU AMD RX 480 Follow Up @ [H]ard|OCP
- AMD is a rounding error on Intel's spreadsheet and that sucks for us all @ The Register
- Skype no longer works on 85 per cent of Windows Phones @ The Inquirer
- Every LTE call, text, can be intercepted, blacked out, hacker finds @ The Register
- Logitech Pop Home Switch: Perfect Solution for Smart Homes @ Hardware Secrets
- Microsoft is raising enterprise prices by almost a quarter as Brexit bites @ The Inquirer
- AT&T buys Time Warner for US$85.4bn or 1.25 Dell-EMCs @ The Register
- A Preview of Apple Watch 2 Specs and Details @ Hardware Secrets