Friday, September 23, 2016

"Why the silencing of KrebsOnSecurity opens a troubling chapter for the ‘Net"

Ars:

Until recently, a DDoS attack in excess of 600Gb was nearly impossible for all but the most sophisticated and powerful actors to carry out.

...

the attacks against KrebsOnSecurity harness so-called Internet-of-things devices—think home routers, webcams, digital video recorders, and other everyday appliances that have Internet capabilities built into them. Manufacturers design these devices to be as inexpensive and easy-to-use as possible. Consumers often have little technical skill. As a result, the devices frequently come with bug-ridden firmware that never gets updated and easy-to-guess login credentials that never get changed. Their lax security and always-connected status makes the devices easy to remotely commandeer by people who turn them into digital cannons that spray the Internet with shrapnel. On Thursday, security firm Symantec cataloged 11 different families of IoT malware that do just that.