On February 9, 2017 at 12:04 rsk@gsp.org (Rich Kulawiec) wrote:
On Wed, Feb 08, 2017 at 08:30:15AM -0800, Damian Menscher wrote:
The devices are trivially compromised (just log in with the default root password). So here's a modest proposal: log in as root and brick the device.
No. It's never a good idea to respond to abuse with abuse. Not only is it unethical and probably illegal (IANAL, this is not legal advice) but it won't take more than a day for someone to figure out that this is happening and use some variety of misdirection to cause third parties to target devices that aren't actually part of the problem.
Ok but what if you broke in and fixed their security w/o breaking the user experience? Would a vendor, presented with a good demo, sign off on that? If so isn't it just a mandatory patch? -- -Barry Shein Software Tool & Die | bzs@TheWorld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD The World: Since 1989 | A Public Information Utility | *oo*