and with considerable success
It is my view that there are four main factors at play here:
- Programs having excess capability -- e.g. a browser script should have never been able to access the Spectre/Meltdown issue;
- general lack of authenticaton for transactions -- x.509 is better than nothing but certificates need to be countersigned: there are way too many x.509 certs published; as a result we all need to digitaly sign just the few -- maybe a dozen -- certs. that we actually use;
- insecure operating software with 1 partucular type in mind, what i like to call the "Gaterbox";
- complete lack of product liability law;
Krebs on tax fraud
Krebs on ATM Jackpotting
In the jackpotting the thugs just opened the ATM a changed out the hard drive. As Charlie Brown would say: "Good Grief".
When it comes to IoT: Just say no. a much deeper question should ask: is electronic commerce suitable to purpose for people today? should it be? if so what is required to achieve an acceptable level of fraud prevention? a dedicated ( single purpose ) authentication device? A KeK built into a watch perhaps ?