Focus on the Windows Botnets (Microsoft/NSA Backdoors/Bugdoors as Culprits), Not the Weaknesses of the Protocols the Botnets Constantly Exploit (Quantity/Brute Force Always Defy Good Design at Scale)
THE toxic garbage emitted or spewed out by Winbots - jargon for botnets running Windows - is a subject that was habitually explored prior to the days of Edward Snowden's NSA leaks. There were all sorts of catchy names for such botnets, or Internet-connected swarms that could enlist new Windows machines as soon as they were connected to the Internet (the Command and Control wasn't just Microsoft's "Windows Update").
A reader notes that all articles about DDoS via HTTP/2 blame the protocol and completely neglect mention of the Windows "Bot Nets (tm)" which make the attacks possible.
We saw and took note of about half a dozen such articles already. So far everything was so shallow and "reporters" just parroted what Google had said.
"HTTP/2 is not blameless," the reader clarifies, "but it is wrong to use it as a distraction from the Windows systems which have been (inappropriately) connected to the Net instead of replaced with secure systems."
We noticed the same around the start of the week, never naming the real issue. The real issue is those botnets. Anything can be defeated at a very large scale, even Clownflare. When Microsoft suffers security breaches it tries to blame users, admins, nation states, attackers etc. instead of admitting that the real issue is itself. Why were there so many holes and no patches in the first place? Who's really to blame here? If you leave your front door open and someone (unwanted/untrusted) walks in, shouldn't the house owner be scolded too?
Sadly we've seen no rebuttal to the spin and we didn't even see much press coverage about it (that's how slow news is, not to mention shallow and casually misleading). Instead, what we saw this morning is this piece distracting from the Windows botnet pandemic, speaking of Mirai (typically Windows) but tying it to "Linux" somehow (see "IZ1H9 Mirai campaign launches DDoS attacks on Linux-based routers"). It says "they can incorporate these newly compromised devices into their botnet, which lets them launch further DDoS and brute-force attacks."
Is Linux the issue here? Typically not. The next sentence right after that says: "FortiGuard strongly recommends that organizations promptly apply patches when available and always change default login credentials for devices."
Yes, because a passwords like "goodmorning" or "letmein" turn out to be the fault of Linux, right? █