“The botnet was taken offline by the provider because it was used for criminal purposes.”
Isn’t the botnet itself a criminal intrusion? I mean, it’s unlikely that the owners of the exit nodes were even aware they were part of it.
It sounds like people installed one of those free proxy things that’s actually malware. I’m not sure I’d call that “intrusion” but it’s certainly illegal.
I mean, it might’ve not been illegal. It was probably hidden in some T&C somewhere. That’s the trade-off. You get a free privacy proxy, they get a free residential proxy endpoint.
Deploying botnet software is usually always illegal, regardless of consent.
People who want to prevent their devices from being swept into botnets should install security updates in a timely manner and resist the urge to continue using software or devices that no longer receive them.
That doesn’t really seem likely to happen on its own. I’m pretty sure that most IoT devices phone home and upgrade themselves (which, frankly, I’d be maybe more-concerned about as a vector than a lack of updates, since anyone can buy a defunct IoT maker and thus get control of all those devices, or penetrate the IoT maker’s network) and I imagine that most people have no idea when a device has last been updated.
You can maybe have some sort of network protocol where devices can report their last update. That’d maybe permit for auditing that, if you had a device that would tell a user about an outdated device, which isn’t really the case today. Also kind of hard to tell an end user what a device at IP address X is. If they’re on the same Ethernet segment, maybe could try to identify it by OUI on the Ethernet MAC address, I guess, but that’s not going to give you a convenient helpful-to-most-end-users product ID for a lot of devices. So if your audit program sees a device on the network that doesn’t implement the “last updated” protocol, it may have a hard time identifying it to you in human terms.
Oor… Hear me out… not everything needs to connect to the fucking internet
For example?
My Ecobee thermostat, absolutely wonderful device for just under two years
They change their TOS because they’re starting to push their “security” camera side of the business. I disagree with the TOS and won’t agree to them. It includes grossly invasive private data sharing including data collected from the microphone on the Ecobee
Oh what? You don’t agree? (There’s no disagree button) Guess you can’t log in and use the device any more
No problem right? Just use the homekit stuff from it and boom you can control it locally right?.. Except I have an entry level heatpump… and heatpump have to have a thermometer to tell it when it can’t use the heatpump due to low temps (mine is 40°for) which Ecobee sources local weather to determine that point and if you don’t have it connected, you could damage a +$15,000 piece of equipment… So connect to the internet and agree to the new tos or buggar off
And that’s a +$450 thermostat when all sensors are included
Can follow this line of bullcrap with cars, lawn equipment, farm equipment, you name it
Just full blown middle finger to internet connected tech from me, as well as any software updating tech is my current position. Fully standalone, zero OTA updates, zero wifi, zero bluetooth. These days no bullshit is a premium feature apparently
People who want to prevent their devices from being swept into botnets should install security updates in a timely manner and resist the urge to continue using software or devices that no longer receive them.
Or not install apps from untrusted sources. Like, the Play Store.
I thought Lemmy.ml had been quiet recently.
I don’t think there are many bots on Lemmy. If I were a betting man, though, I’d wager that the 10-day-old account complaining about the .ml instance is the bot
He also has made 300 comments in just 10 days. I have a total of 1600 in 2yrs. I make more comments compared to posts yet he will outpace me in the next 30days. Definitely sus 🤖