Recently there have been a number of very interesting security stories out there. Last.fm and Dropbox password hashes and email addresses from hacks in 2012 were offered up – both of which include my email address. (And if you don’t understand the whole password/hashes/email address and why your password sucks, whatcha this: Password Cracking – Computerphile)
The most recent story (a few days old now, because I’m slow posting things) is on using hacked IoT devices for DDoS attacks. This harks back to Stuxnet. A bunch of inetrnet connected things that no one ever thought to secure. Because, security is hard and, at least when I was in school, not properly taught to programmers. I hope they have fixed that.
Anyway, if you don’t know the details of Stuxnet, read Countdown to Zero Day. It’s amazing.
With Stuxnet, somebody went through a lot of trouble to attack Uranium Centrifuges. Somebody was willing to spend a lot of time and money on that, that’s for nukes so it makes sense. Spending that kind of money and time for a single high value target makes sense. The newest hack is more mass market, hack a million home security cameras and use them to launch DDoS attacks. The growth of IoT combined with our laziness in updating our devices (phones aside, when was the last time you updates your <insert connect but screenless device here>… your refrigerator may be responsible for the next major website take down. As Matthew Prince says in the Wall Street Journal’s article on the camera hack:
“It’s going to be very difficult to convince consumers to patch their refrigerator,”
Matthew Prince, CEO of CloudFlare, quoted in “Hackers Infect Army of Cameras, DVRs for Massive Internet Attacks” [wsj.com], on The Wall Street Journal