JP Vossen on 12 Jun 2017 11:36:57 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] PI being targeted for malware


On 06/12/2017 02:16 PM, Soren Harward wrote:
On Mon, Jun 12, 2017 at 12:42 PM Thomas Delrue <delrue.thomas@gmail.com <mailto:delrue.thomas@gmail.com>> wrote:

    On 06/12/2017 11:48 AM, Anthony Martin wrote:
    Why do we still have to tell people not to use
    the default password or that they should use a strong pass-phrase (if
    you HAVE to use pass-phrases that is, instead of key-based or some other
    stronger authentication)?

    At what point can we just revoke someone's privilege of touching
    computing devices ever again until they complete some sort of education
    with a verified skills assessment?

Because you can just as legitimately ask "Why do we still ship software that poses a huge security risk in the default configuration when we know full well that users cannot or will not follow basic setup instructions? At what point do we revoke the privileges of software engineers until they complete some kind of education with verified skills assessment in creating software that's secure by default?"

+1. It's not the end-user's fault even if it's the end-user's fault. Our computing industry has failed, in large part, to provide secure solutions. A lot of that is because the market wants race-to-the-bottom prices and I don't see that changing easily or without a lot of regulations, which gets tricky fast.

In this case, yes--nothing, but nothing, should ever ship with a "default password." If you can't figure out a way to provide or set a decent password on first use, you have no business providing whatever it is.

I get why the rPi works the way it does, but they need to do better. Use the serial number of the device, print a default password on the board, use part of a MAC address...something. Figure it out... Maybe now they will...

Later,
JP
--  -------------------------------------------------------------------
JP Vossen, CISSP | http://www.jpsdomain.org/ | http://bashcookbook.com/
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug