How long before we are being fined for having lame passwords?

The recent denial of service (DDoS) attack has highlighted a significant vulnerability in our internet-connected devices (IoT).

The Economist has done a great job of summing it up, so I won’t repeat it, but I will pull out one salient fact from the article..

“one of the largest DDoS attacks ever recorded—between 600 billion and 700 billion bits per second, or almost half a percent of the internet’s entire capacity

A hacker attack that used the equivalent of half of one percent of all internet bandwidth?

Just as well the source code for this type of attack isn’t in the public domain. Otherwise everyone would be at it. And we only need 200 of these things running simultaneously to absorb the entire world's internet capacity and bring the web to its knees..

Oh. Hang on.. https://krebsonsecurity.com/2016/10/source-code-for-iot-botnet-mirai-released/

I don’t know how long it is going to be before we see legislation forcing manufacturers to do something about this. And failing that, fining individuals and businesses that fail to properly secure their internet-connected things. It may have to happen. If the manufacturers don't get their fingers out, then the problem is squarely at our door.

Advice for securing your internet-connected devices

  1. Always change the default passwords on every internet-connected device
  2. Get the password book, print it out, use it to secure all of your devices, put the book in the drawer, refer to it when you need to
  3. Repeat for your email accounts, social media accounts, online banking …

The password book is free and will be sent via email from here

the safest password solution in the world. print it out and put it in a drawer.

the safest password solution in the world. print it out and put it in a drawer.

Help with securing your wireless network is here 

 

 

Simon Gibbard