Default Passwords for World Wide Packets/Lightning Edge Equipment
nathan at atlasnetworks.us
Wed Jan 13 19:47:38 UTC 2010
Not if you change the default password like any sane admin does...
From: Steven Bellovin [mailto:smb at cs.columbia.edu]
Sent: Wednesday, January 13, 2010 11:26 AM
To: Barry Shein
Cc: nanog at nanog.org; nonobvious at gmail.com
Subject: Re: Default Passwords for World Wide Packets/Lightning Edge Equipment
On Jan 13, 2010, at 1:45 PM, Barry Shein wrote:
> There seem to be a lot of misconceptions about RFID tags. I'm hardly
> an expert but I do know this much:
> RFID tags are generic, you don't put data into them unique to your
Part of the original (or at least early) context for this thread was recovery of default passwords. If the password is F(ser#), it's only learnable if you know both F() and ser#. The vendor knows F() -- who knows ser#? If it's in an RFID tag, or is DBlookup(tag#,vendor_db), being able to read this admittedly-arbitrary number may indeed be a threat.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
More information about the NANOG