Wednesday, November 21, 2012

Australia's biggest Telco sold Routers with hardcoded Password

Talking of an epic fail ... this article on Slashdot:
"Hardcoded usernames and passwords have been discovered in a recent line of Telstra broadband routers that allow attackers access to customer networks. The flaws meant customer unique passwords could be bypassed to access the device administrative console and LAN."
The security researcher Roberto Paleari found that vulnerability and informed BigPond's technical support. However, due to the lack of response, he made it public on October 12, 2012. 

The sad thing is we are trying to educate the base users to security, to not open anything they get in e-mails, to choose decent passwords and to keep their systems up-to-date, to end up with a supposedly knowledgeable ISP doing that kind of major screw-up.

In this case, no matter how complex the user password is, that hardcoded one can be used to get into the customer's router, permitting an hostile party  the access to the customer's network and computers. 

My question: if someone is accused of piracy, I wonder whether BigPond may get some heat and be considered as responsible for all the damages.