On Wed, Jan 9, 2019 at 9:32 PM Saku Ytti <saku@ytti.fi> wrote:
Those are scheduled, they have to meet some criteria to be pushed on scheduled lot. There are also out of cycle SIRTs. And yes, vendors are delaying them, because customers don't want to upgrade often, because customer's customers don't want to see connections down often.
Yep. The same happened before e.g. to MSFT products and Adobe Flash for a decade before the former have started to update in days no matter what, and before the latter was effectively pushed out of most market niches.
— just like we did with IoT in 2016 — Internet still running, I'm still getting paid.
Well, I know a couple of guys who aren't.
But motivation to simply DoS internet doesn't really exist.
Except for hacktivism, fun, gathering a rep within a cracker society, gathering a rep within one's middle school community, et cetera. But anyway,
DoS is against service end points, infrastucture is trivial target, but for some reason not really targeted.
It really is. ISPs don't get that quite frequently for now, but end-user network services sometimes do.
I'm sure state actors have library of DoS transit packets and BGP UPDATE packets to be deployed when strategy requires given network or region to be disrupted.
There's hardly a reason to rely on your next door neighbor's kid not chatting on the same Darknet forums where those "state actors" get their data from. "State actor" thing is highly overrated today. They are certainly powerful but hardly more powerful than a skilled team of anonymous blackhat researchers going in for ransom money. -- Töma