On 2/26/16 1:08 PM, Rich Kulawiec wrote:
On Fri, Feb 26, 2016 at 10:16:33AM -0700, Brielle Bruns wrote:
You can't do anything about idiots buying a pro-sumer/professional device like an EdgeRouter and misconfiguring it, but Linksys/Cisco, D-Link, Netgear, etc that are targeted towards home users should be held to the fire for that kind of screw up.
That is starting to happen:
FTC Dings ASUS For Selling 'Secure' Routers That Shipped With Default Admin/Admin Login (And Other Flaws) https://www.techdirt.com/articles/20160223/11103133687/ftc-dings-asus-sellin...
---rsk
It looks like they nailed ASUS due to it claiming to be 'secure'. I don't have a problem per-se with default passwords being used on a new device that requires configuration before it actually works and isn't marketed to the ignorant end user. IE: (again my experience with Ubiquiti stuff being a baseline) The EdgeRouter series is power user/professional targeted, default passwords, however it does not come 'pre-configured', can't route, can't NAT, etc without some initial setup. Cisco's non-consumer stuff like the Cat6500, etc having no password by default doesn't bug me because the thing is useless until you actually configure it. Its all about the market you are targeting IMHO. -- Brielle Bruns The Summit Open Source Development Group http://www.sosdg.org / http://www.ahbl.org