[120958] in North American Network Operators' Group
Re: Default Passwords for World Wide Packets/Lightning Edge Equipment
daemon@ATHENA.MIT.EDU (Steven Bellovin)
Wed Jan 6 20:26:51 2010
From: Steven Bellovin <smb@cs.columbia.edu>
In-Reply-To: <4B451BAA.4020109@mit.edu>
Date: Wed, 6 Jan 2010 20:26:07 -0500
To: "Jeffrey I. Schiller" <jis@mit.edu>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Jan 6, 2010, at 6:24 PM, Jeffrey I. Schiller wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>=20
> An option I saw years ago (I forgot on whose equipment) was a default
> password which was a function of the equipment's serial number. So you
> had to have the algorithm and you needed the serial number which was =
not
> related to the MAC. So if you didn't have physical access, you were =
not
> in a good position to learn the password.
>=20
> I suspect this was a support nightmare for the vendor and I bet they
> went to a more standard (read: the same) factory password.
>=20
> At the end of the day, minimizing support costs for the vendor (not to
> mention likely annoyance for the customer) trumps providing "default"
> security for the folks who won't change the default password.
The MyFi apparently does this. According to =
http://www.nytimes.com/2009/05/07/technology/personaltech/07pogue.html =
"The network password is printed right there on the bottom of the MiFi =
itself."
--Steve Bellovin, http://www.cs.columbia.edu/~smb
