[120993] in North American Network Operators' Group
Re: Default Passwords for World Wide Packets/Lightning Edge Equipment
daemon@ATHENA.MIT.EDU (Steven Bellovin)
Thu Jan 7 11:52:01 2010
From: Steven Bellovin <smb@cs.columbia.edu>
In-Reply-To: <79db6ae1001062038r10c155ddp86f775bcda41da75@mail.gmail.com>
Date: Thu, 7 Jan 2010 11:51:09 -0500
To: Joe Hamelin <joe@nethead.com>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Jan 6, 2010, at 11:38 PM, Joe Hamelin wrote:
> On Wed, Jan 6, 2010 at 7:19 PM, Dobbins, Roland <rdobbins@arbor.net> =
wrote:
>> Which goes to show that they just really don't get it when it comes =
to security. Maybe they should look here at all the entries for =
'default credentials':
>=20
> Roland, this isn't the home wi-fi market we're talking about. Anyone
> that's going to buy one of these puppies is going to have a clue about
> putting their password in.
Again, look at =
http://ids.ftw.fm/Home/publications/RouterScan-RAID09-Poster.pdf?attredire=
cts=3D0 -- while consumer devices were much worse, there was a =
noticeable problem on enterprise devices and a significant problem with =
VoIP devices, and I suspect that those latter are largely =
enterprise-based.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
