Archive | January 24, 2003

Mass Manufactured Equipment with Identical Passwords!!!

Sprint DSL’s Gaping Security Hole. An easy-as-1-2-3 admin password on Sprint DSL modems puts users’ e-mail logins at risk, a hacker finds. Security experts say Sprint’s solution — posting a notice on its support site — doesn’t do enough to solve the problem. By Brian McWilliams. [Wired News] Nonsense. Linksys wireless access points come with security turned off and a default site id of “linksys.” Most of the other APs do the same. Software installs with blank or default passwords and the “READ ME FIRST!!!” packaging and files shown to the installer tell the owner to change the setup. OTOH, if you ship with a random password, how do you tell the user? A sticker attached to the device might work. But you can still anticipate the tech support calls will double, and you’ll need a new script for your front line support people with “Okay, now look on the package for a bright yellow sticker labeled PASSWORD. You found it. Okay, now…” Reminds me of The Internet Help Desk from Three Dead Trolls in a Baggie. *Sigh* There are no easy solutions.

Powered by WordPress. Designed by Woo Themes

This work by Ted Roche is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 United States.