Default Passwords for World Wide Packets/Lightning Edge Equipment

Nathan Eisenberg nathan at atlasnetworks.us
Wed Jan 13 13:47:38 CST 2010


Not if you change the default password like any sane admin does...

-----Original Message-----
From: Steven Bellovin [mailto:smb at cs.columbia.edu] 
Sent: Wednesday, January 13, 2010 11:26 AM
To: Barry Shein
Cc: nanog at nanog.org; nonobvious at gmail.com
Subject: Re: Default Passwords for World Wide Packets/Lightning Edge Equipment


On Jan 13, 2010, at 1:45 PM, Barry Shein wrote:

> 
> There seem to be a lot of misconceptions about RFID tags. I'm hardly
> an expert but I do know this much:
> 
> RFID tags are generic, you don't put data into them unique to your
> application.
> 
Part of the original (or at least early) context for this thread was recovery of default passwords.  If the password is F(ser#), it's only learnable if you know both F() and ser#.  The vendor knows F() -- who knows ser#?  If it's in an RFID tag, or is DBlookup(tag#,vendor_db), being able to read this admittedly-arbitrary number may indeed be a threat.


		--Steve Bellovin, http://www.cs.columbia.edu/~smb













More information about the NANOG mailing list