[MereKatMoves]

"For ordinary users, the situation is truly hopeless. They are pwned by default if they buy into IoT."

when was it ever different? This is just a repeat of the "buy anti-virus" phase of Windows, which wasn't sufficiently hammered home that it basically failed. No doubt there will be some responsible IoT manufacturers that address the vulnerabilities, but IMO, not many, and the market isn't exactly demanding of 'secure amazon buttons' - in fact there will be devastation because the manufacturers won't give a flying fuck about security as they stamp out thousands of pieces a day with default passwords in their factories.

If ever there was a use case for ipv6 then I suggest this is it. Sadly we aren't going to get there in time to stop a new wave of botnets. Who do I blame for the failure to properly roll out ipv6?

gotta love some of those domain name lolz

imscaredaf.xyz swinginwithme.ru santasbigcandycane.cx

[oarsinsync]

> If ever there was a use case for ipv6 then I suggest this is it. Sadly we aren't going to get there in time to stop a new wave of botnets. Who do I blame for the failure to properly roll out ipv6?

I'm not sure I follow - what exactly about IPv6 improves the situation?

In the current IPv4 home network world, devices are all given private IPv4 addresses, and sit behind a NAT overloading gateway, and the only way those hosts can be directly addressed is if ports are specifically forwarded to those hosts, or if the gateway is running some service to automatically forward ports on demand (UPnP).

In IPv6, devices are all given globally routable addresses, and are hopefully sitting behind a gateway with stateful filtering, and the only way these hosts can be directly addressed is if the ports are specifically opened to those hosts, or if the gateway is running some service to automatically open ports on demand (If it doesn't exist already, it will soon enough).

IPv6 is a solution to a limited number space. Last I checked, it doesn't actually solve anything else. If I'm wrong, I would love to know how though, new emerging technologies often have elements of misinformation spreading, so if I'm guilty here, I definitely want to know how and why.

[joe_the_user]

The average user is worried about their laptop. The idea of their laptop being hacked is worrisome because they keep personal information on it and it's a somewhat personal possession. So anti-virus get some play.

The average user doesn't care about their VCR. The average user won't set the time on their VCR much less set a password. In fact, I don't care about my VCR or my light bulbs or whatever dumb thing someone decides should have the capacity to be on the Internet (except I care enough not to knowing buy such things but in the future may unknowingly buy the stuff). If someone manufactures Trojans to put in people's homes and it causes other people problems, it shouldn't be my problem.

[MereKatMoves]

Average users have a VCR? How would it work if they don't set the time on it?

You bought (whatever) it (is) - so that becomes your problem. The average user falls for the marketing of "your app controls your fried chicken" bullshit and buys the IoT chicken frier. So you won't buy that frier. Good for you

[vkou]

>Average users have a VCR? How would it work if they don't set the time on it?

Just fine, actually.

https://en.wikipedia.org/wiki/Blinking_twelve_problem

[dublinben]

The manufacturers of these devices are selling faulty products. If their products are dangerously insecure, they should face repercussions.

[zzleeper]

The manufacturer might be in another country or bankrupt. You should go after the user and then he might go after the manufacturer or his insurance if he wants.

But on more realistic terms, my hope is that if this gets really bad, then a consortium of huge internet firms can start blacklisting bad IPs. If John-Random-Guy can't connect to google/facebook/akamai/etc then for sure he'll at least unplug the device