Finally, what feels like a sort-of-sane take from the British government regarding laws on technology usage. I'm more used to the neolithic suggestions of someone whose main exposure to computers...
Finally, what feels like a sort-of-sane take from the British government regarding laws on technology usage. I'm more used to the neolithic suggestions of someone whose main exposure to computers is the smart TV they struggle to turn on and the ever-worsening Facebook user experience.
It's neat what a few rules can do to significantly increase the security of even single-factor password authentication- namely a modicum of password complexity combined with limiting concurrent sign-in attempts.
Yeah, default passwords make you easy to hack, so we fixed that. But we don't want you to use encryption that's too secure, because then we can't see what you're doing. It's for your own good,...
Yeah, default passwords make you easy to hack, so we fixed that. But we don't want you to use encryption that's too secure, because then we can't see what you're doing. It's for your own good, trust us :)
For a moment I figured this was going to be more security theater where we mandate absurdly complicated passwords that just lead to everyone writing it/saving it and getting it compromised that...
For a moment I figured this was going to be more security theater where we mandate absurdly complicated passwords that just lead to everyone writing it/saving it and getting it compromised that way, but it is fair to say that the default password on any device that is a part of your security should NOT have a well known and easy brute forced password.
in the UK, my experience is that wifi routers you get with an internet provider will now come with a randomly assigned network name and password. however, the admin username and password for the...
in the UK, my experience is that wifi routers you get with an internet provider will now come with a randomly assigned network name and password. however, the admin username and password for the router management interface will generally be some standard default.
As someone in cyber security, it's a depressingly common practice. There's even a github page documenting them all https://github.com/ihebski/DefaultCreds-cheat-sheet
As someone in cyber security, it's a depressingly common practice. There's even a github page documenting them all
Copiers and some printers are probably where I still see this the most. Back when I was working as an IT field tech a few years ago, I'd sometimes need to get into a copier's admin web GUI for...
Copiers and some printers are probably where I still see this the most. Back when I was working as an IT field tech a few years ago, I'd sometimes need to get into a copier's admin web GUI for settings, and I'd often need a password. Which meant just looking for the model's user/service manual online or asking in IT forums. Same with printers, particularly network-enabled all-in-one types. And it was all brands that did this: Sharp, Canon, HP, Brother, etc.
Finally, what feels like a sort-of-sane take from the British government regarding laws on technology usage. I'm more used to the neolithic suggestions of someone whose main exposure to computers is the smart TV they struggle to turn on and the ever-worsening Facebook user experience.
It's neat what a few rules can do to significantly increase the security of even single-factor password authentication- namely a modicum of password complexity combined with limiting concurrent sign-in attempts.
Yeah, default passwords make you easy to hack, so we fixed that. But we don't want you to use encryption that's too secure, because then we can't see what you're doing. It's for your own good, trust us :)
For a moment I figured this was going to be more security theater where we mandate absurdly complicated passwords that just lead to everyone writing it/saving it and getting it compromised that way, but it is fair to say that the default password on any device that is a part of your security should NOT have a well known and easy brute forced password.
Do any popular manufacturers still do that? Seems like a law that might have been useful 20 years ago.
in the UK, my experience is that wifi routers you get with an internet provider will now come with a randomly assigned network name and password. however, the admin username and password for the router management interface will generally be some standard default.
As someone in cyber security, it's a depressingly common practice. There's even a github page documenting them all
https://github.com/ihebski/DefaultCreds-cheat-sheet
Copiers and some printers are probably where I still see this the most. Back when I was working as an IT field tech a few years ago, I'd sometimes need to get into a copier's admin web GUI for settings, and I'd often need a password. Which meant just looking for the model's user/service manual online or asking in IT forums. Same with printers, particularly network-enabled all-in-one types. And it was all brands that did this: Sharp, Canon, HP, Brother, etc.