[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
Tom Potts wrote: > > My ADSL router doesn't allow control from the WAN side (unless I tell it which > restricted IP's can.) - so the only way to control it is from the internal > network. If they've got access my password could take 400million years to > crack and still be useless. Since I was discussing Javascript that runs inside the network, the WAN interface restriction is irrelevant, because this is precisely what is being bypassed. If you allow Javascript, you better be sure that anything with a web interface for configuration on your network has a password that isn't the default for that device. I suspect we need to stop Javascript from accessing other websites (or place someother restriction on this), to stop this class of problems. I'm surprised the spammers haven't hit on this one more for other purposes, but they are having more fun sending fake greeting cards this week. > Now where did I write that down..or is it an office wide generic so > you have to change everthing every week? It really doesn't matter - as long as it is not the default. I agree there are fundamental issues with relying on passwords, but that said a default password has almost no security value at all (possibly negative value since it stops legitimate access but the bad guys all have lists of default passwords), a badly chosen password is far superior to a default password. -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html