Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

[Peter Beckman <beckman () angryox com>]

On Tue, 27 Sep 2016, Brielle Bruns wrote:

> I don't see how this is a problem exactly?  If people want to buy devices 
> that connect to their home network, they need to be aware of what these 
> devices can do, and it is their responsibility.

 I understand that is what you want. What you might like. What we all would
 like. People taking responsibility for their impact on others.

 Unfortunately people plug things in, and if they work for them, they don't
 even think about how what they are doing might affect anyone else. In some
 cases, they don't even care. They've got soccer games and work and TV
 shows and kids and family. Who has time to become an expert in Internet
 security?

 Google is doing a great job of annoying or alerting customers to potential
 issues, such as the red lock icon on their email, indicating that the
 email was sent unencrypted. The user gets worried (oooh, a red lock, that
 must be bad, I'm going to yell at someone to fix it for me) and the
 service provider jumps to improve the Internet, ideally.

 FreeBSD updated their default config so you have to proactively remove
 email encryption.

 If we are truly worried about IoT and consumers contributing to the
 downfall of the Internet, force the consumer router manufacturers and third
 party firmware folks to implement whatever is necessary to make filters
 and blocking the default. 90%+ of consumers don't change any settings,
 beyond the SSID and Wifi Password, and those who do might take the
 responsibility you want.

 Get the ISPs to realize that secure-by-default consumer routers that they
 distribute saves them millions/billions of dollars annually in customer
 service and security personnel. Secure-by-default routers means
 cost-savings. Get ISPs to pressure manufacturers to implement measures to
 protect their own network and the Internet from the non-network-admin consumer.

 We tech folk need to do this for the Internet citizens who don't know,
 don't care, or don't have time to mess with it.

> If Timmy Numbnuts doesn't understand that plugging in a random device he 
> found at Goodwill to his network could potentially carry liabilities, then he 
> will keep doing it.

 Timmy Numbnuts needs to be protected from himself, so when he plugs in
 that device, it doesn't do any harm to anyone but his own network. He'd
 have to proactively turn off features or filters on his Router in order to
 harm others.

> I point to the current trend of parents watching and smiling, doing nothing 
> as their kids destroy people's stores and restaurants.  ISPs are literally 
> doing the exact same thing when it comes to coddling their customers.

 Automation and default configs means customers don't have to do anything,
 nor think about it. They are protected both FROM harm from the Internet
 and FROM harming the Internet, at least by default.

Beckman
---------------------------------------------------------------------------
Peter Beckman                                                  Internet Guy
beckman () angryox com                                 http://www.angryox.com/
---------------------------------------------------------------------------