Jun 4 2010, 10:17 AM
QUOTE(+Newbie+ @ Jun 3 2010, 10:26 AM)
@rizvanrp,
Thanks for all the research and sharing them. For those whose Remote Management is enabled, did TM even bother to ensure that it is configured to allow only their own technicians to access? E.g. Lock IP address, etc.
That newspaper article did not address the main problem.
Precisely. Remote management is not the main issue. It's the way they did it.
Not only did they not tell users, consumers and commercial, that there is a superior hidden root access account, but they also chose to use a generic password for all their routers. The way it's being done currently, it's just plain laziness.
Actually, if you read that carefully, they said they will change the passwords and then share that password with the customer. If they live up to their word, once they change it and inform you the new password, just change it back to another password.
If TM needs access in future, let them call you and you can reset the password to a temp password, let them use it and then change the password again in future.
I dunno. I think it's ok if they change the password themselves, then tell the users. Maybe some users can configure router settings, but I doubt most people know how to do it.Thanks for all the research and sharing them. For those whose Remote Management is enabled, did TM even bother to ensure that it is configured to allow only their own technicians to access? E.g. Lock IP address, etc.
That newspaper article did not address the main problem.
Precisely. Remote management is not the main issue. It's the way they did it.
Not only did they not tell users, consumers and commercial, that there is a superior hidden root access account, but they also chose to use a generic password for all their routers. The way it's being done currently, it's just plain laziness.
Actually, if you read that carefully, they said they will change the passwords and then share that password with the customer. If they live up to their word, once they change it and inform you the new password, just change it back to another password.
If TM needs access in future, let them call you and you can reset the password to a temp password, let them use it and then change the password again in future.
Quote
0.0200sec
0.54
7 queries
GZIP Disabled