On 2/26/16 1:08 PM, Rich Kulawiec wrote:
On Fri, Feb 26, 2016 at 10:16:33AM -0700, Brielle Bruns wrote:
You can't do anything about idiots buying a pro-sumer/professional
device like an EdgeRouter and misconfiguring it, but Linksys/Cisco,
D-Link, Netgear, etc that are targeted towards home users should be
held to the fire for that kind of screw up.
That is starting to happen:
FTC Dings ASUS For Selling 'Secure' Routers That Shipped With Default
Admin/Admin Login (And Other Flaws)
https://www.techdirt.com/articles/20160223/11103133687/ftc-dings-asus-selling-secure-routers-that-shipped-with-default-admin-admin-login-other-flaws.shtml
---rsk
It looks like they nailed ASUS due to it claiming to be 'secure'.
I don't have a problem per-se with default passwords being used on a new
device that requires configuration before it actually works and isn't
marketed to the ignorant end user.
IE: (again my experience with Ubiquiti stuff being a baseline) The
EdgeRouter series is power user/professional targeted, default
passwords, however it does not come 'pre-configured', can't route, can't
NAT, etc without some initial setup.
Cisco's non-consumer stuff like the Cat6500, etc having no password by
default doesn't bug me because the thing is useless until you actually
configure it.
Its all about the market you are targeting IMHO.
--
Brielle Bruns
The Summit Open Source Development Group
http://www.sosdg.org / http://www.ahbl.org
