Sprint DSL's Gaping Security Hole. An easy-as-1-2-3 admin password on Sprint DSL modems puts users' e-mail logins at risk, a hacker finds. Security experts say Sprint's solution -- posting a notice on its support site -- doesn't do enough to solve the problem. By Brian McWilliams. [Wired News] Nonsense. Linksys wireless access points come with security turned off and a default site id of "linksys." Most of the other APs do the same. Software installs with blank or default passwords and the "READ ME FIRST!!!" packaging and files shown to the installer tell the owner to change the setup. OTOH, if you ship with a random password, how do you tell the user? A sticker attached to the device might work. But you can still anticipate the tech support calls will double, and you'll need a new script for your front line support people with "Okay, now look on the package for a bright yellow sticker labeled PASSWORD. You found it. Okay, now..." Reminds me of The Internet Help Desk from Three Dead Trolls in a Baggie. *Sigh* There are no easy solutions.
12:05:20 PM comment []
