[governance] TitaDYN

David Cake dave at davecake.net
Mon Oct 24 02:25:16 EDT 2016 

Most people seem to have focussed on the attack origins with the Mirai botnet tool, which gets its power from common poor security practices in IoT tools (such as externally accessible default names and passwords, factory encoded back doors, etc). Changing the mindset of manufacturers of these devices to better deal with security consequences - in part, changing their mindset from manufacturers of devices to providers of ongoing operating system support, the way phone manufacturers have had to - is a real challenge. IoT security challenges that we’ve been warning about for years just suddenly got very real, and they are likely to get worse before they get better, DDoSing just the start. 

Another issue is the poor implementation of BCP38, which wouldn’t solve large scale DDoS attacks like this but would substantially mitigate and enable better strategies to deal with them. This is a classic tragedy of commons situation - implementing BCP 38 for a major provider costs money, and they do not have strong incentives to do so individually, but it would help everyone if they did. How can we encourage major providers to take steps for better overall internet health in this way? 

Cheers

David

> On 23 Oct 2016, at 11:37 PM, Jefsey <jefsey at jefsey.com> wrote:
> 
> Interested in knowing if anyone noticed the attack on DYN's and
> thought about its implications?
> jfc
> ____________________________________________________________
> You received this message as a subscriber on the list:
>     governance at lists.igcaucus.org
> To be removed from the list, visit:
>     http://www.igcaucus.org/unsubscribing
> 
> For all other list information and functions, see:
>     http://lists.igcaucus.org/info/governance
> To edit your profile and to find the IGC's charter, see:
>     http://www.igcaucus.org/
> 
> Translate this email: http://translate.google.com/translate_t


-------------- next part --------------
____________________________________________________________
You received this message as a subscriber on the list:
     governance at lists.igcaucus.org
To be removed from the list, visit:
     http://www.igcaucus.org/unsubscribing

For all other list information and functions, see:
     http://lists.igcaucus.org/info/governance
To edit your profile and to find the IGC's charter, see:
     http://www.igcaucus.org/

Translate this email: http://translate.google.com/translate_t

More information about the Governance mailing list