Ricochet is the best place on the internet to discuss the issues of the day, either through commenting on posts or writing your own for our active and dynamic community in a fully moderated environment. In addition, the Ricochet Audio Network offers over 50 original podcasts with new episodes released every day.
How ’bout that Mirai Botnet
Do you remember that thing? It was the panic of the week last fall. Some jerks took large portions of the internet down for a couple hours. Everyone was in a tizzy for a bit. Well, the problem is still there. At least now nobody’s in a flail-your-arms panic over it, so maybe it’s worth discussing solutions.
Since there’s very little reason to remember the panic of the day even a week later, let me remind you how this works. A couple years back “Internet of Things” became the fashionable buzzword, so we all went out and bought WiFi enabled toasters. Now you can start toasting automatically when your alarm clock goes off. The fact that your toast will be ice cold by your seventh snooze is a small price to pay for living in The Future! But when you got your FutureToast, you didn’t bother to change the default password (it’s a hassle and if you did you’d forget the new one and what’s the worst that could happen anyway?) Mr. Nefarious Hacker sees that you’ve got a FutureToast, and he can log into it too. With your toaster and the 13,000 other ones that nobody’s changed the passwords on (and the 3300 GarageNoMores, and 4200 BlindsWithScience, and 132 HubCapConnects) he’s got access to a massive number internet connected devices. Mr. Nefarious Hacker can then use them to form punishing denial of service attacks, making the internet useless to the rest of us.
How do we solve this problem? It seems resistant to market forces. From FutureToast Inc.’s perspective adding security to their toasters makes them cost more and makes them less user friendly. That translates to less toaster sales. The Customer doesn’t care; the fact that his toaster is a tool for world domination doesn’t stop it from providing toast on demand.
If you ask the computer security industry, they tend to tell you “Government Regulation.” Every FutureToast variant has to have a password change on first boot up, mandated by law. This solves the problem in the future, but there’s still a heck of a lot of unsecured devices in existence today. The government is also a good way to take all the vitality out of an industry. Maybe there are better solutions.
You could educate the public. As a rule that never works. Take me as an example. I know this is a thing, and I think it’s a big enough problem to post about it on Ricochet. Now ask me what my password is for my Raspberry Pi. It’s not hard to guess.
You could hack back. If you go into my FutureToast and change the passwords then Mr. Nefarious Hacker can’t use it. But then I can’t use it anymore, either. That approach amounts to the destruction of property. This is also not a good solution.
You could, and I can’t overstate the general applicability of this solution, actively wait for your problem to go away. We haven’t seen Mirai in the news much at all even though nobody’s fixed the problem. Maybe the world wakes up and realizes their fridge really shouldn’t have anything to say to their toilet and they stop buying IoT devices. Maybe we figure out a better way to catch the people behind these attacks and launching them becomes a much riskier proposition. Maybe Russia gets into a war with China and the world’s supply of hackers gets busy fighting one another. Maybe none of those happen and we’re still stuck with the problem.
What do you think, Ricochet? Got any brilliant ideas?
Published in Technology
No.
All I know is it constitutes improperly toasted bread.
We have a four-slice toaster, so we can go all the way up to 15.
How hard is it to trace to hacker(s) of such attacks? Very time and labor intensive?
If they can’t be stopped in action, maybe they can be deterred by certain and swift penalties.
And marmalade.
Okay, let this be a lesson: read all the comments before commenting. So let’s add complexity. How to account for differences in bread-definition. Rye vs wheat vs artificial (also known as wonder) vs sourdough, etc. There is an opportunity for a major mathematical model here. Each bit can be expressed in multiple ways.
“Laundrybot” sounds very complex and exciting. But it’s really just R2D2 squirting more water into the washer. R2 is loaded with Siri and requires accessories not included, such as a one-of-a-kind electrical adaptor and a C3PO slave unit. R2 itself is a mandatory accessory for all Apple washing machines.
Public use of the Launderbot model has been discontinued since the company was bought by the DNC.
and you can count, in binary, to what on two hands?
Most large enterprises have the systems they need to identify the network sources of remote attacks. These systems can even automatically shut-down common attack vectors in real-time. Getting from that to the identities of perpetrators is way outside my expertise. There’s pretty good reason to believe it’s hard though.
Most of those systems live at the border(s) between your network and the rest of the world. But if you have wireless networks and lack rigorous controls over access to your site, the most effective attacks will come from within your facilities. Intrusion detection systems aren’t much help then. If you avoid wireless for the security systems themselves and exclusively use the best wireless security techniques, these internal attacks can be hard to pull off. The problem is that most organizations take some shortcuts or cut some corners for ease of use. Those things can cost you.
4096
Thank you.
Don’t thank me. Ridicule me. I gave you the wrong answer. It’s 1024. What makes it worse is that I do a lot of IP subnetting, so I should be able to do very large powers of two off the top of my head. I’m ashamed.
All of this talk of toast bring this to mind:
Wouldn’t it be 1023? Or perhaps 2047? For max capacity you’re not going to get a power of two, but a power of two minus one.
OK, now that is pedantic.
Wouldn’t it be 1023?
Dang.
Thanks, Dean.
This is what I get for needing to double check myself.
Us spacemen need to know this stuff.
My strategy is to guess three times really fast and hope one of them is right.
By the way… no graduate degree.
By the way, she said count, so I think 1024 is actually correct.
i thought it is was higher. anyway “3” gets laughs.
Only if you have 11 fingers. And then it would be 2047.
Like Hemingway’s cats! Does anyone know how many Schrodinger’s cat has?
I think it’s either none, or all of them.
Now I’m being pedantic. (Sorry I keep saying that. It was on my word of the day calendar today. I’m pretty sure I’ve got it now.) I’m not trying to win an argument. I’m actually hoping some math major will chime in and set me straight. My thinking is that people don’t count to zero. If you have 2^10 apples, you’ve got 1024 apples, not 1023. Is that wrong?
For all you folks counting binary on your fingers, the number “132” in the original post was deliberate. Just sayin’.
I can represent zero with two fists. I can’t represent the 1024 place because I run out of fingers at the 512 place. The best I can do is jazz hands, with all fingers extended, to get to 1023.
OK, I’ll let it go. 4096 is way more embarrassing than 1024 anyway. I never do anything where a 0.1% error matters.