Bruce Schneier takes to the pages of Technology Review to remind us all that while botnets have been around for a long time, the Internet of Things is supercharging them, thanks to insecurity by design.
Botnets are useful for denial of service attacks, but they're also an indispensable part of the spam ecosystem, clickfraud, extortion, and other bad news.
Cheap IoT gadgets are manufactured by absentee proprietors and large, respected companies who ignore urgent warnings about their defects (or punish people who complain by remote-bricking their gadgets), leading to nightmarish breaches.
Worse, IoT manufacturers use antiquated DRM laws to threaten security researchers who reveal the defects in their products with brutal lawsuits and even jail-time (and this will be a risk for any device controlled by a browser).
Once you know a botnet exists, you can attack its command-and-control system. When botnets were rare, this tactic was effective. As they get more common, this piecemeal defense will become less so. You can also secure yourself against the effects of botnets. For example, several companies sell defenses against denial-of-service attacks. Their effectiveness varies, depending on the severity of the attack and the type of service.
But overall, the trends favor the attacker. Expect more attacks like the one against Dyn in the coming year.
Botnets of Things
[Bruce Schneier/MIT Technology Review]
This video was made a group of security researchers based at the Ben-Gurion University of the Negev and the Weizmann Institute of Science in Israel. The Lamphone, as they call it, is intended as an alternative method of eavesdropping on private conversations without having to compromise a device with malware. In their tests, the researchers […]
Journalist’s Resource published this great comic by Josh Neufeld, explaining the basic concepts behind differential privacy, the data collection method used to prevent bad actors from de-anonymizing the information gleaned from the 2020 Census. The original source includes some other great resources on differential privacy, but since the comic itself is made available under a […]
Last spring, a Baltimore underwent a grinding, long-term government shutdown after the city's systems were hijacked by ransomware. This was exacerbated by massive administrative incompetence: the city had not allocated funds for improved security, training or cyberinsurance, despite having had its emergency services network taken over by ransomware the previous hear, and five city CIOs […]
If you want to understand what it takes to keep a company’s computer network happy and healthy in the cloud, the training found in The Complete AWS eBook and Video Course Bundle can go a long way toward making sure you know the ins and outs of the AWS environment. This bundle brings together five […]
Part of the reason WordPress is the undisputed king of website creation is its open-source framework, allowing anyone to create plugins offering levels of functionality to WordPress sites that were unprecedented. So where do you find all the great ideas that are pushing WordPress forward? You can sample a heaping spoonful of that innovation with […]
If you’re a photographer, videographer, or graphic designer, you’ve got a lot of competition charging up behind you. Because while you’ve been trained as a content creator, the task of snapping brilliant images, capturing well-composed video, and posting effective social media is now part of literally everyone’s skill set. For years, Adobe and their ubiquitous […]