Re: Default Passwords for World Wide Packets/Lightning Edge Equipment

[Steven Bellovin <smb () cs columbia edu>]

On Jan 6, 2010, at 11:38 PM, Joe Hamelin wrote:

> On Wed, Jan 6, 2010 at 7:19 PM, Dobbins, Roland <rdobbins () arbor net> wrote:
> > Which goes to show that they just really don't get it when it comes to security.  Maybe they  should look here at 
> > all the entries for 'default credentials':
>
> Roland, this isn't the home wi-fi market we're talking about.  Anyone
> that's going to buy one of these puppies is going to have a clue about
> putting their password in.

Again, look at http://ids.ftw.fm/Home/publications/RouterScan-RAID09-Poster.pdf?attredirects=0 -- while consumer 
devices were much worse, there was a noticeable problem on enterprise devices and a significant problem with VoIP 
devices, and I suspect that those latter are largely enterprise-based.


                --Steve Bellovin, http://www.cs.columbia.edu/~smb