Re: [PLUG] PI being targeted for malware

JP Vossen on 12 Jun 2017 11:36:57 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] PI being targeted for malware

From: JP Vossen <jp@jpsdomain.org>
To: plug@lists.phillylinux.org
Subject: Re: [PLUG] PI being targeted for malware
Date: Mon, 12 Jun 2017 14:36:52 -0400
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: "plug" <plug-bounces@lists.phillylinux.org>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.1.1

On 06/12/2017 02:16 PM, Soren Harward wrote:

On Mon, Jun 12, 2017 at 12:42 PM Thomas Delrue <delrue.thomas@gmail.com<mailto:delrue.thomas@gmail.com>> wrote:
    On 06/12/2017 11:48 AM, Anthony Martin wrote:
    Why do we still have to tell people not to use
    the default password or that they should use a strong pass-phrase (if
    you HAVE to use pass-phrases that is, instead of key-based or some other
    stronger authentication)?

    At what point can we just revoke someone's privilege of touching
    computing devices ever again until they complete some sort of education
    with a verified skills assessment?
Because you can just as legitimately ask "Why do we still ship softwarethat poses a huge security risk in the default configuration when weknow full well that users cannot or will not follow basic setupinstructions? At what point do we revoke the privileges of softwareengineers until they complete some kind of education with verifiedskills assessment in creating software that's secure by default?"

+1. It's not the end-user's fault even if it's the end-user's fault.Our computing industry has failed, in large part, to provide securesolutions. A lot of that is because the market wants race-to-the-bottomprices and I don't see that changing easily or without a lot ofregulations, which gets tricky fast.

In this case, yes--nothing, but nothing, should ever ship with a"default password." If you can't figure out a way to provide or set adecent password on first use, you have no business providing whatever it is.

I get why the rPi works the way it does, but they need to do better.Use the serial number of the device, print a default password on theboard, use part of a MAC address...something. Figure it out... Maybenow they will...


Later,
JP
--  -------------------------------------------------------------------
JP Vossen, CISSP | http://www.jpsdomain.org/ | http://bashcookbook.com/
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:
- Re: [PLUG] PI being targeted for malware
  - From: Rich Freeman <r-plug@thefreemanclan.net>
- Re: [PLUG] PI being targeted for malware
  - From: Thomas Delrue <delrue.thomas@gmail.com>

References:
- [PLUG] PI being targeted for malware
  - From: Anthony Martin <anthony.j.martin142@gmail.com>
- Re: [PLUG] PI being targeted for malware
  - From: Thomas Delrue <delrue.thomas@gmail.com>
- Re: [PLUG] PI being targeted for malware
  - From: Soren Harward <stharward@gmail.com>

Prev by Date: Re: [PLUG] PI being targeted for malware
Next by Date: Re: [PLUG] PI being targeted for malware
Previous by thread: Re: [PLUG] PI being targeted for malware
Next by thread: Re: [PLUG] PI being targeted for malware
Index(es):
- Date
- Thread