OVH has been hit the past week with a sustained DDoS attack (still ongoing) with peaks of up to 1.1Tbps which is just crazy.
It seems to have originated mainly from IoT type devices (@Wendell I think you called this was one of the types of issues that may happen), apox 145,000 camras/cctv/dvr’s
Krebs on security also got booted off the internet by an never seen before bot-net. It created so much traffic that Akamai/Prolexic ditched his website and started redirecting to 127.0.0.1 after the attack exceeded 600GBit/s without using amplification methods, but just direct DDoS.
That had happened after Krebs wrote an article and doxed the two Israeli behind the vDoS service which later got arrested by police.
Problem 1: they are already out there Problem 2: what exactly is IoT Problem 3: won't happen Problem 4: it's consumer cheap gear most of the time running some age old busybox kernel and they will never see any update until the owner dumps them. Problem 5: Those infected will never know
Origination stronger then lizardsquad or is it them? Lizardsquad said 1-2 months ago they could launch a 400GB DDoS with camera's that were connected to the web.
I know what the Internet Of Things means... but what is a thing? anything that became internet connected, or something special? Are smart phones IoT because cellphones once were not on the internet, are IP cameras IOT because cameras once were not on the internet...
I have a problem with IoT as an umbrella therm for "shit that never should be on the internet" so its better STNSBOTI
Yeah... who actually enforced to remove it until you changed your building? - I for a fact know houses that still contain it. - so the ghost that came from the bottle usually does not get back in there
One should not blame the end user - not everyone is as tec savvy as we are. But the companies should be held reliable - oohh wait the shit is mostly coming from china - so get the retailers - uh.. oh.. out of business or also in china ... bummer...
Public building - like building owned by the state, country or municipaly; yes I know. But the code in Germany still does not require any private person to tear their building apart, unless they want a permit to change or add or rebuild than the asbestos has to be properly removed and disposed.
No, I never hear of that. A country realy can regulate what one can bring in? thats a new one. ;-) Still needs a proper definition of what is IoT, because the administrative work would be to hight to ban case by case. (and even that fails .. I might suggest a quick read on what CE on amazon usually means ... hint not what it should mean > https://de.wikipedia.org/wiki/CE-Kennzeichnung )
I would be pissed if the EU banns raspberry pi or similar just because they could become IoT in the wrong hands.
Well.. this is 4 times that. Make orbit what you will.
The problem with a lot of these devices is they lose support really quickly and are left vulnerable. Sounds to me like a reason source code should be released after support is dropped. At the very least.
it will always be a problem...i still envy the guy who wrote malware for android 4.3 or less.. And earning advertisement money from 100000000 devices....
Also even if the source code is released. There is still a issue that it needs developers that invest there free time in it. Right now there are just too many devices that are the same with some small changes in there code that they aren't 100% the same. I just think people should be careful and be aware that this can happen, but on the plus side it creates a nice career for IT professionals that know there stuff.