On Tue, Nov 22, 2016 at 03:25:36PM -0500, Michael StJohns wrote:
In the early days of the internet, connected devices were mostly big iron -
main frames and mini-computers. Next came the wave of PCs. Next the smart
phones and tablets. All of these had one thing mostly in common - there was
generally a Human in the loop somewhere watching the device.
True, although one consequence of the rise of the bots 15-ish years ago,
and their subsequent evolution, is that even if a human IS watching the
device, they may not be aware of (all of) its activities.
Reviewing that history: by 2007, we'd arrived here:
Vint Cerf: one quarter of all computers part of a botnet
http://arstechnica.com/news.ars/post/20070125-8707.html
I thought the 150M estimate was a bit high: based on my own research and
on conversations with others about theirs, I thought 100M was closer.
But it's important to note that the number was (and is) not only
unknown, but unknowable, since a bot which does nothing to make
its presence known to detector will remain invisible indefinitely.
Still: with the benefit of nearly a decade of hindsight, I think I was
wrong: I now think 150M was probably a better estimate.
But whether it was 100M or 150M or 200M: that's an alarming number.
The security posture of all those systems was somewhat better than most
of the devices now being deployed as part of the IoT. I think it's not
unreasonable to expect the IoT ecosystem to be compromised far more
quickly and to a much higher degree.
"In a relatively short time we've taken a system built to resist
destruction by nuclear weapons and made it vulnerable to toasters."
--- Jeff Jarmoc, October 21, 2016
---rsk