Bruce Schneier takes to the pages of Technology Review to remind us all that while botnets have been around for a long time, the Internet of Things is supercharging them, thanks to insecurity by design.
Botnets are useful for denial of service attacks, but they're also an indispensable part of the spam ecosystem, clickfraud, extortion, and other bad news.
Cheap IoT gadgets are manufactured by absentee proprietors and large, respected companies who ignore urgent warnings about their defects (or punish people who complain by remote-bricking their gadgets), leading to nightmarish breaches.
Worse, IoT manufacturers use antiquated DRM laws to threaten security researchers who reveal the defects in their products with brutal lawsuits and even jail-time (and this will be a risk for any device controlled by a browser).
Once you know a botnet exists, you can attack its command-and-control system. When botnets were rare, this tactic was effective. As they get more common, this piecemeal defense will become less so. You can also secure yourself against the effects of botnets. For example, several companies sell defenses against denial-of-service attacks. Their effectiveness varies, depending on the severity of the attack and the type of service.
But overall, the trends favor the attacker. Expect more attacks like the one against Dyn in the coming year.
Botnets of Things
[Bruce Schneier/MIT Technology Review]
Dropbox has published a set of guidelines for how companies can "encourage, support, and celebrate independent open security research" -- and they're actually pretty great, a set of reasonable commitments to take bug reports seriously and interact respectfully with researchers.
Many people worry that 3D printers will usher in an epidemic of untraceable "ghost guns," particularly guns that might evade some notional future gun control regime that emerges out of the current movement to put sensible, minimal curbs on guns, particularly anti-personnel guns.
Saleem Rashid is a 15 year old self-taught British programmer who discovered a fatal defect in the Ledger Nano S, an offline cryptocurrency wallet that is marketed as being "tamper-proof."
The Nintendo Switch is king when it comes to gaming on the go, but it’s tough to lose yourself in Zelda: Breath of the Wild or Skyrim if your battery dies out. That’s where this Nintendo Switch Battery Charger Case comes into play. Built exclusively for Nintendo Switch, this pack allows for uninterrupted charging while you play, […]
Creative designers play a pivotal role in engaging target audiences and customers, and while companies are eager to bring more of these professionals on board, you’ll have a hard time getting your foot in the door if you’re not using the industry’s best tools. From Adobe to Maya, the eduCBA Design & Multimedia Lifetime Subscription Bundle […]
As more companies aim to reel in costs and boost productivity, project managers are becoming an essential part of many operations, and they’re paid handsomely for their expertise. But, while demand is high, you’ll have a hard time getting your foot in the door if you’re not toting the right certifications. The Official Lean Six Sigma […]