[187851] in North American Network Operators' Group
Re: Thank you, Comcast.
daemon@ATHENA.MIT.EDU (Brielle Bruns)
Fri Feb 26 17:04:22 2016
X-Original-To: nanog@nanog.org
To: nanog@nanog.org
From: Brielle Bruns <bruns@2mbit.com>
Date: Fri, 26 Feb 2016 15:04:12 -0700
In-Reply-To: <20160226200815.GA1883@gsp.org>
Errors-To: nanog-bounces@nanog.org
On 2/26/16 1:08 PM, Rich Kulawiec wrote:
> On Fri, Feb 26, 2016 at 10:16:33AM -0700, Brielle Bruns wrote:
>> You can't do anything about idiots buying a pro-sumer/professional
>> device like an EdgeRouter and misconfiguring it, but Linksys/Cisco,
>> D-Link, Netgear, etc that are targeted towards home users should be
>> held to the fire for that kind of screw up.
>
> That is starting to happen:
>
> FTC Dings ASUS For Selling 'Secure' Routers That Shipped With Default Admin/Admin Login (And Other Flaws)
> https://www.techdirt.com/articles/20160223/11103133687/ftc-dings-asus-selling-secure-routers-that-shipped-with-default-admin-admin-login-other-flaws.shtml
>
> ---rsk
>
It looks like they nailed ASUS due to it claiming to be 'secure'.
I don't have a problem per-se with default passwords being used on a new
device that requires configuration before it actually works and isn't
marketed to the ignorant end user.
IE: (again my experience with Ubiquiti stuff being a baseline) The
EdgeRouter series is power user/professional targeted, default
passwords, however it does not come 'pre-configured', can't route, can't
NAT, etc without some initial setup.
Cisco's non-consumer stuff like the Cat6500, etc having no password by
default doesn't bug me because the thing is useless until you actually
configure it.
Its all about the market you are targeting IMHO.
--
Brielle Bruns
The Summit Open Source Development Group
http://www.sosdg.org / http://www.ahbl.org
