Earlier this month, an underground forum released the code for the Mirai malware, which lets attackers hijack the thousands (and counting) of Internet of Things devices that are used to carry out distributed denial-of-service attacks.
Of course it did. This hack means that everyone can now view the code that allowed someone using the name Anna-senpai to harness 380,000 bots via weak telnet connections. Let’s ignore for now that in 2016 there is absolutely no reason to have telnet on any IoT device.
That aside, much of the subsequent hand-wringing over default password damage control missed the one glaring thing that manufacturers, startups, and providers can do to prevent this sort of devastating vulnerability: Don’t use default usernames and passwords in the first place.
Read full article by Daniel Riedel on InformationWeek>>