Re: Death of the Internet, Film at 11

[Rich Kulawiec <rsk () gsp org>]

On Mon, Oct 24, 2016 at 02:29:02AM -0400, Valdis.Kletnieks () vt edu wrote:
> A few years ago, Vint Cerf gave a keynote speech at a conference, where he
> claimed that there were 140 million pwned devices on the Internet - and this
> was before IoT was itself a thing.
>
> Not one person in the security industry called bullshit and said the number
> was too high.  There were however a lot of people who thought Cerf had
> significantly lowballed the estimate.

It was January, 2007:

        Vint Cerf: one quarter of all computers part of a botnet
        http://arstechnica.com/news.ars/post/20070125-8707.html

I thought, based on personal research and some discussions with other
people interested in the same question, that 140M was a bit high at the
time.  Looking back, armed with more data and perspective, I think it
was much too low.

Nothing that has happened in the decade since gives me any reason
to think the number has gone down.

Many things have have happened in the decade since that give me reason
to think the number has gone up -- significantly.

And that's *before* I factor in the IoT.

Speaking of which, I think IoT devices divide neatly into two categories:
those that have been compromised, and those that are going to be.
(It might be a while for some of the latter category to shift to the former:
attackers find themselves in an incredibly target-rich environment and
may perceive little need to move past the low-hanging fruit just yet.)

So whatever the number is at this point -- 300M?  500M? -- it's enormous,
it's going to get bigger, and it's going to get bigger quickly.

        In a relatively short time we've taken a system built to resist
        destruction by nuclear weapons and made it vulnerable to toasters.
            --- Jeff Jarmoc, October 21, 2016 

---rsk