thehatfox@lemmy.world to Technology@lemmy.worldEnglish · 1 year agoBackdoored firmware lets China state hackers control routers with “magic packets”arstechnica.comexternal-linkmessage-square36fedilinkarrow-up1415arrow-down112cross-posted to: cybersecurity@lemmy.capebreton.socialprivacy@programming.devtechnology@lemmy.worldtech
arrow-up1403arrow-down1external-linkBackdoored firmware lets China state hackers control routers with “magic packets”arstechnica.comthehatfox@lemmy.world to Technology@lemmy.worldEnglish · 1 year agomessage-square36fedilinkcross-posted to: cybersecurity@lemmy.capebreton.socialprivacy@programming.devtechnology@lemmy.worldtech
minus-squareUnaware7013@kbin.sociallinkfedilinkarrow-up20·1 year agoI wonder if they’re using default/hard coded creds (Ciscos have had a ton of them) or if its just bad password hygiene on the admins’ part.
minus-squarepartial_accumen@lemmy.worldlinkfedilinkEnglisharrow-up24·1 year agoHardcoded creds seems like a really bad idea on a network appliance. If they MUST have hardcoded creds how about they only work when sent through a serial console at least your attacker would have to have local physical access to the device.
minus-squareddkman@lemm.eelinkfedilinkEnglisharrow-up9·1 year agoI do agree, and Cisco immediately grabbed the occasion to push their shitty restrictive trusted boot policy. Which is worrying.
I wonder if they’re using default/hard coded creds (Ciscos have had a ton of them) or if its just bad password hygiene on the admins’ part.
Hardcoded creds seems like a really bad idea on a network appliance. If they MUST have hardcoded creds how about they only work when sent through a serial console at least your attacker would have to have local physical access to the device.
I do agree, and Cisco immediately grabbed the occasion to push their shitty restrictive trusted boot policy. Which is worrying.