Reply to post: Re: Why not a mandatory setup question before first use?

Schneider Electric building manager bug allows security bypass

Anonymous Coward
Anonymous Coward

Re: Why not a mandatory setup question before first use?

" Comparing it to a "real computer" is invalid. "

Correct, which is why I was comparing not the system but the problem and the solution.

The problem: identical default credentials on every system of this kind around the world.

The solution back then: ask the installer what password to use. Other more recent options might include a factory-configured password based on something system-specific printed on the box, e.g. an Ethernet MAC address.

But hey, if people want to continue to design and ship stuff with defective by design security, a problem which has been solved for the last decade or maybe three, why not, there are no risks for the specifiers, designers, manufacturers, or vendors, and there are no consequences for them, and product liability laws are an irrelevance which don't apply to anything with software in it (or do they?).

Why is anybody even trying to defend the indefensible practice of globally identical default credentials? Do these people work for one of the many suppliers involved?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021