[120960] in North American Network Operators' Group
Re: Default Passwords for World Wide Packets/Lightning Edge Equipment
daemon@ATHENA.MIT.EDU (Mark Foster)
Wed Jan 6 20:51:24 2010
Date: Thu, 7 Jan 2010 14:50:41 +1300 (NZDT)
From: Mark Foster <blakjak@blakjak.net>
To: Joel Esler <jesler@sourcefire.com>
In-Reply-To: <314cf0831001061741n6d41ab72j36ddb9b59680c0ad@mail.gmail.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
>>> At the end of the day, minimizing support costs for the vendor (not to
>>> mention likely annoyance for the customer) trumps providing "default"
>>> security for the folks who won't change the default password.
>>
>> The MyFi apparently does this. According to
>> http://www.nytimes.com/2009/05/07/technology/personaltech/07pogue.html"The network password is printed right there on the bottom of the MiFi
>> itself."
>>
>>
> At least it's not "0000".
>
> But yes, my Mifi *had* the password on the bottom.
>
In a lot of cases, physical access = you're screwed anyway. What's the
difference if the password is printed on the box?
If you can't physically protect your kit, that's something else, but aside
from things like WAP's which are routinely in 'the open' surely you
protect your equipment inside secure racks/cabinets/datacentres such that
the physical labelling is inaccessible to those who aren't authorised... ?
