On Sun, Sep 25, 2016 at 12:11 AM, Steve Kinney <[1]admin@pilobilus.net>
   wrote:

     Maybe I'm going all Chicken Little here, maybe not.  But I think
     this
     development may be the closest thing to an Internet Armageddon we
     are
     likely to see in our lifetimes.
     [2]http://arstechnica.com/security/2016/09/why-the-
     silencing-of-krebsonsecu
     rity-opens-a-troubling-chapter-for-the-net/
     =or=
     [3]https://tinyurl.com/znzno7q
     How does thee patch that which is Unpatchable? DDOS now includes the
     death of a million ankle biters: Not just unpatchable, but massively
     distributed, with a continuing profit motive and no liability for
     the
     manufacturers, paid for and plugged in by hundreds of millions of
     "regular folks" throughout the so-called Developed Nations.
     So far every mitigation strategy relevant to "normal" users and use
     cases that occurs to me would be worse than the original problem.

   The problem is that there's too much money to be made off of exploiting
   these holes TODAY, so it's very unlikely this huge vulnerability is
   going to be silently and slowly deployed and then suddenly
   mass-exploited, leading to some IoT-ageddon. There will almost
   certainly be some large happenings along the way, but those will in
   turn lead to the development of mitigation strategies, improvements in
   security, etc.
   Ironically, this is an advantage of Internet-dependent devices like
   Nest, Echo, etc: they get updated directly, so the patch problem is
   solved, though that just moves the problem around a bit. We need to not
   be deploying devices that can't be patched except in very special
   cases.

References

   1. mailto:admin@pilobilus.net
   2. http://arstechnica.com/security/2016/09/why-the-silencing-of-krebsonsecurity-opens-a-troubling-chapter-for-the-net/
   3. https://tinyurl.com/znzno7q