just brew it! wrote:There are some questions as to whether the analysis these stories are based on is correct. They may have incorrectly identified appliances as the source of attacks based on the appliances being behind the same NAT routers as infected PCs (so same public IP address).
To expound on this:
http://arstechnica.com/security/2014/01 ... ng-botnet/"The aggregate of the information doesn't paint an adequately compelling picture that what they're asserting occurred actually occurred," Royal said. "When you ask something as simple as how do you know the spam came from gadgets they say: 'Well, we looked at the IP addresses of the systems sending the spam and when we presumably probed them we observed that they were coming from set-top-box-like devices.' The technical analysis of that shows that there could be plenty of other explanations."
Knight said he would check to see if missing evidence—including a malware sample, documentation of a command-and-control server, and samples of the spam and phishing messages—are available for publication. Again, I'm open to the possibility the botnet reported by Proofpoint exists. But until these smoking guns are produced, I'm maintaining a healthy amount of skepticism.
Now I'm not a fan of the "internet of things" idea, personally. I mean, it's hard enough to keep consumer-level routers patched and secured and now you got crap like this to worry about:
http://arstechnica.com/security/2013/11 ... gger-says/I can't imagine manufacturers are really trustworthy for this kinda junk. And stuff like Nest and SimCity "needing" to connect to the internet to give you the "best" experience... blah.