More proof that default passwords are bad

[Hank Arnold (MVP)]

This is a scary sight... One place where you can get the default
passwords for just about any hardware. If there was any doubt that not
changing the default passwords on a router is bad, it should be gone
now.... :-(
--

Regards,
Hank Arnold
Microsoft MVP
Windows Server - Directory Services

 

[Tom Allen]

This is a scary sight... One place where you can get the default
passwords for just about any hardware. If there was any doubt that not
changing the default passwords on a router is bad, it should be gone
now.... :-(
--

Regards,
Hank Arnold
Microsoft MVP
Windows Server - Directory Services

Any chance of a link to that 'sight' ?

Tom

 

[DevilsPGD]

In message <[email protected]> "Hank Arnold (MVP)"

This is a scary sight... One place where you can get the default
passwords for just about any hardware. If there was any doubt that not
changing the default passwords on a router is bad, it should be gone
now.... :-(

When has anyone with any level of competence ever suggested that
changing default router (and other) passwords is bad?

 

[Tom Allen]

In message <[email protected]> "Hank Arnold (MVP)"


When has anyone with any level of competence ever suggested that
changing default router (and other) passwords is bad?

Probably never, but that's false logic and not the same as regarding not
changing them as not bad

Tom

 

[Gary Mount]

If I forgot my password for my hardware device, such as my router, I would
need to reset it if I wanted to change settings on the device.
It would then revert to its default password, and it might be handy to have
a web site where I could find out what the new password is if I could not
locate my manual for the device.

 

[SG]

This one maybe?
http://www.phenoelit-us.org/dpl/dpl.html

 

[SG]

Or maybe this?
http://www.cirt.net/cgi-bin/passwd.pl

 

[Rojo Habe]

If I forgot my password for my hardware device, such as my router, I would
need to reset it if I wanted to change settings on the device.
It would then revert to its default password, and it might be handy to
have a web site where I could find out what the new password is if I could
not locate my manual for the device.

All well and good, which is why these sites exist. Leaving it as default in
normal use, however, is very dodgy.

 

[Rojo Habe]

Only problem is, if I change the password on my Vonage router, does that
stop Vonage from accessing it for necessary updates?

Similarly, my cable modem becomes inaccessible to visiting engineers. Not
really that much a hacker would want to do to my cable modem though...

To be safe, one can make use of those sites to return your passwords to
default should maintenance from outside become necessary.

 

[Dustin Harper]

Those sites have been around for a long time, also on BBS's back in the day.
Nothing new... Scary? Not really. It's common sense to change the password
if you want to be secure...

 

[Bruce Chambers]

This is a scary sight... One place where you can get the default
passwords for just about any hardware. If there was any doubt that not
changing the default passwords on a router is bad, it should be gone
now.... :-(

Why would anyone with a lick of sense leave default passwords in place?


--

Bruce Chambers

Help us help you:


http://support.microsoft.com/default.aspx/kb/555375

They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. ~Benjamin Franklin

Many people would rather die than think; in fact, most do. ~Bertrand Russell

The philosopher has never killed any priests, whereas the priest has
killed a great many philosophers.
~ Denis Diderot

 

[Mick Murphy]

http://www.microsoft.com/athome/moredone/wirelesssetup.mspx

Microsoft is the main offender for publishing them!!!!!

 

[Gary Mount]

Do routers by default allow access to the settings from remote access? Or
only access from a locally connected computer?
Knowing the password wouldn't help unless you had physical access to the
router if remote access is off by default.
My router has to be changed from its default of disabled remote management.
Anyone who changes and enables the remote management probably has the smarts
to change the default password.

 

[Hank Arnold (MVP)]

OK......... ;-) Sorry about that...

http://www.redoracle.com/index.php?option=com_password&task=rlist

--

Regards,
Hank Arnold
Microsoft MVP
Windows Server - Directory Services

 

[Hank Arnold (MVP)]

Why would anyone with a lick of sense leave default passwords in place?

I support a Hospice in upstate NY and we've been going to nurses' homes
to help get them set up to synchronize their laptops with our database
server over broadband. We require that they have a router. Once we get
there, the overwhelming majority have the default logon credentials and
no security at all. I've come to the conclusion that the average SOHO
just installs a router and accepts all the defaults... :-(

--

Regards,
Hank Arnold
Microsoft MVP
Windows Server - Directory Services

 

[Hank Arnold (MVP)]

Do routers by default allow access to the settings from remote access?
Or only access from a locally connected computer?
Knowing the password wouldn't help unless you had physical access to the
router if remote access is off by default.
My router has to be changed from its default of disabled remote management.
Anyone who changes and enables the remote management probably has the
smarts to change the default password.

If I'm outside your house with a wireless enabled laptop, I can just
about guarantee that I can find your router. Most folks don't even
disable the SSID broadcast. Once I can "see" you, I can access it and
attempt to logon..

--

Regards,
Hank Arnold
Microsoft MVP
Windows Server - Directory Services

 

[Straight Talk]

If I'm outside your house with a wireless enabled laptop, I can just
about guarantee that I can find your router. Most folks don't even
disable the SSID broadcast. Once I can "see" you, I can access it and
attempt to logon..

I hope you are not advocating the hiding of SSID as some kind of
security measure.

 

[Chris Barnes]

I hope you are not advocating the hiding of SSID as some kind of
security measure.

Why not? Security through obscurity is a time honored tradition....


;-)

 

[Straight Talk]

Why not? Security through obscurity is a time honored tradition....

Because..

http://blogs.technet.com/steriley/archive/2007/10/16/myth-vs-reality-wireless-ssids.aspx

 

[Paul Adare]

If I'm outside your house with a wireless enabled laptop, I can just
about guarantee that I can find your router. Most folks don't even
disable the SSID broadcast. Once I can "see" you, I can access it and
attempt to logon..

Disabling the broadcast of the SSID is a waste of time. Even if you've got
that disabled it would take me less than 5 minutes to sit outside of your
house and tell you what your SSID is.