Thursday, February 24, 2005

Come on, people. Can't we do better than default passwords for security products?

The New York Times > Technology > Circuits > On the Net, Unseen Eyes:
Oh, and by the way. The focal case in the article concerns security cameras installed in a high school girls' locker room.

"'Just to give some perspective, we have delivered close to half a million cameras, and a Google search produces only a few hundred of them,' Mr. Nilsson said. He acknowledges that default passwords to many camera systems, including those of Axis, are frequently traded over the Internet. Nevertheless, he maintains, Axis cameras are secure against accidental intrusion.

But protecting against accident is not the same as protecting against a deliberate invasion, Mr. Chalos said. 'The images were protected only by the software's default username and password, which the school had never changed,' he said. "