Thursday, September 21, 2006
Change the freaking default password
Almost any gadget you buy today has a computer in it and probably some kind of password control. Even answering machines have remote control modes protected by some numeric sequence.
They all come from the factory with some predefined setting that's the same for all the devices. Be certain, be very certain, that all of those default passwords have been collected and published. There is nothing secret about a password that's been told to thousands of customers.
Here's the latest Horrible Example. One gadget could be reprogrammed by anyone who had the correct password. Most buyers of the gadget never changed the password. The default master password was in the gadget's service manual, which was of course available on the web.
The gadget was a cash machine. A crook reprogrammed it to dispense ten $20 bills if you asked for ten $5 bills. That's the Virgina Beach ATM case.
|
They all come from the factory with some predefined setting that's the same for all the devices. Be certain, be very certain, that all of those default passwords have been collected and published. There is nothing secret about a password that's been told to thousands of customers.
Here's the latest Horrible Example. One gadget could be reprogrammed by anyone who had the correct password. Most buyers of the gadget never changed the password. The default master password was in the gadget's service manual, which was of course available on the web.
The gadget was a cash machine. A crook reprogrammed it to dispense ten $20 bills if you asked for ten $5 bills. That's the Virgina Beach ATM case.
# posted by Frederick @ 11:43 PM Email to a friend:
Haloscan: they provide trackback