Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Security The Internet Technology

Website Peeps Into 73,000 Unsecured Security Cameras Via Default Passwords 321

colinneagle writes: After coming across a Russian website that streams video from unsecured video cameras that employ default usernames and passwords (the site claims it's doing it to raise awareness of privacy risks), a blogger used the information available to try to contact the people who were unwittingly streamed on the site. It didn't go well. The owner of a pizza restaurant, for example, cursed her out over the phone and accused her of "hacking" the cameras herself. And whoever (finally) answered the phone at a military building whose cameras were streaming on the site told her to "call the Pentagon."

The most common location of the cameras was the U.S., but many others were accessed from South Korea, China, Mexico, the UK, Italy, and France, among others. Some are from businesses, and some are from personal residences. Particularly alarming was the number of camera feeds of sleeping babies, which people often set up to protect them, but, being unaware of the risks, don't change the username or password from the default options that came with the cameras.

It's not the first time this kind of issue has come to light. In September 2013, the FTC cracked down on TRENDnet after its unsecured cameras were found to be accessible online. But the Russian site accesses cameras from several manufacturers, raising some new questions — why are strong passwords not required for these cameras? And, once this becomes mandatory, what can be done about the millions of unsecured cameras that remain live in peoples' homes?
This discussion has been archived. No new comments can be posted.

Website Peeps Into 73,000 Unsecured Security Cameras Via Default Passwords

Comments Filter:
  • Ethics (Score:4, Insightful)

    by iluvcapra ( 782887 ) on Friday November 07, 2014 @12:21PM (#48334773)

    Just because a door is unlocked does not mean you may walk inside, even if it is to tell the owner their door is unlocked.

    • Re: (Score:2, Interesting)

      by Anonymous Coward

      I'm sure the 3 letter agencies of your country share and honor your view on the ethical methods of spying

    • Re:Ethics (Score:5, Interesting)

      by Ichijo ( 607641 ) on Friday November 07, 2014 @12:32PM (#48334881) Journal

      How would a good person inform the owner that their door is unlocked if the only way is contact them is to walk inside? Or is the correct response to just walk away [wikipedia.org]?

      • by mysidia ( 191772 )

        How would a good person inform the owner that their door is unlocked if the only way is contact them is to walk inside? Or is the correct response to just walk away

        Better have a good reason for being there on their property in the first place. And how would you discover the door was unlocked, unless it was left open?

        Ring the doorbell wait five minutes.

        Go talk to one of their neighbors. Don't enter the building alone if you are not an associate or good acquaintance of the owner.

        The owner probably has

        • Re: (Score:2, Insightful)

          by JMJimmy ( 2036122 )

          A camera is not a private residence. Aside from legitimate cams intended to broadcast publicly, going inside a public or commercial building where a door is unlocked or the entry code is publicly known is completely legal and legitimate. In the case of cameras you don't know what it is until you enter, until then it's reasonable to assume it's a public/commercial camera. Once you learn what it is you should exit if it's reasonable for them to expect privacy and alert someone if it's intended to be secure

          • In the case of cameras you don't know what it is until you enter, until then it's reasonable to assume it's a public/commercial camera

            On the contrary, if you don't know what it is, it is *not* reasonable to assume it's a public/commercial camera. If you assume it is you could do something wrong. If you assume it is not, you can't do something wrong (as not accessing is never wrong).

            • If something is displayed publicly, it's *very* reasonable to assume it's intended to be public.
      • The second one.

        The first is a good way to die of justifiable homicide everywhere I've lived.

    • Re:Ethics (Score:5, Interesting)

      by Anonymous Coward on Friday November 07, 2014 @12:32PM (#48334885)
      That analogy certainly applies to the Russian website that is streaming the videos, but I think the blogger who has discovered this website that is streaming videos from people's homes and then tried to contact the owners is more like someone seeing their neighbors door open, some people that shouldn't be there walking out the door and then peaking in the door and calling out to see if everything is okay or letting them know when they get home that someone was in their house.
    • Re: (Score:2, Insightful)

      by Anonymous Coward
      Samaritan says "hi subject #82644266222".

      WHAT?! You don't seriously want the world's AIs to learn about the world solely from 4Chan and wikipedia, do you? Yootoob user comments are probably what finally convinced skynet to off Mankind.


      Like the issue with automated license plate readers, this is another case where something is of little concern when it has to be done manually, one item at a time. But when you automate the process and can grab data on everyone with a click of a button, then you should
    • Re:Ethics (Score:4, Insightful)

      by arth1 ( 260657 ) on Friday November 07, 2014 @12:36PM (#48334917) Homepage Journal

      Just because a door is unlocked does not mean you may walk inside, even if it is to tell the owner their door is unlocked.

      No, but it also doesn't mean you're not an idiot for not locking your door.

      Blame is not a limited commodity - you can add blame to the idiots who don't take precautions without removing any blame from those who break in. Point fingers in both directions. The breeches is a cooperation of the idiots and the outers.

      When and why did being an idiot become a right?

      • Re:Ethics (Score:4, Informative)

        by fahrbot-bot ( 874524 ) on Friday November 07, 2014 @12:51PM (#48335051)

        When and why did being an idiot become a right?

        It's right there in the Declaration of Independence [wikipedia.org] (for people in the US anyway) -- "Life, Liberty and the pursuit of Happiness" -- and ignorance is bliss (or so I've heard...)

        • by njnnja ( 2833511 )

          I know you are joking, but the line was plagiarized/borrowed. The original line was "life, liberty, and the pursuit of property". But It wasn't simply about the right to accumulate a bunch of luxuries; in context, it was referring to the pursuit of things that are somehow relevant to a satisfying and productive life. So it would be the right to pursue home ownership for your family, maybe fields for farming, and for many ./ers, it would be the right to accumulate gadgets, for the musically inclined, the rig

          • Re:Ethics (Score:5, Informative)

            by fahrbot-bot ( 874524 ) on Friday November 07, 2014 @02:40PM (#48336183)

            I know you are joking, but the line was plagiarized/borrowed. The original line was "life, liberty, and the pursuit of property". But It wasn't simply about the right to accumulate a bunch of luxuries; in context, it was referring to the pursuit of things that are somehow relevant to a satisfying and productive life. So it would be the right to pursue home ownership for your family, maybe fields for farming, and for many ./ers, it would be the right to accumulate gadgets, for the musically inclined, the right to procure instruments, etc. It doesn't take much of a stretch to go from this sort of enlightened satisfaction, to calling it merely "happiness" for simplicity.

            Take it from someone who, at 51, is debt-free, has a net-worth of almost $2M, but lost his wife in 2006 after 20 years together, "property" does not make "happiness". Though having "things" might make your pursuit of satisfaction and/or productivity (whatever that means to you) easier, property is a means to an end. Happiness is something you realize from within and, possibly, experience with someone else.

            Even after 20 years together, Sue and I held hands where ever we went - I miss that and nothing else I have can, or could ever, compensate for losing her. Remember Sue... [tumblr.com]

            The line is better written as, "the pursuit of happiness."

      • ...Blame is not a limited commodity - you can add blame to the idiots who don't take precautions without removing any blame from those who break in....

        Using your logic, if someone uses an armored vehicle to break down the door and go into someone's house, then the homeowner is to blame because he did not have a door lock strong enough to stop an armored vehicle.

        • by arth1 ( 260657 )

          Using your logic, if someone uses an armored vehicle to break down the door and go into someone's house, then the homeowner is to blame because he did not have a door lock strong enough to stop an armored vehicle.

          There's a "reasonable" part to "reasonable precautions". I know, "reasonable" requires an ability to reason.
          If armored vehicles become a problem, putting up Czech hedgehogs is a reasonable precaution. If contact spreading diseases become a problem, a reasonable precaution is to wash your hands, even if it won't stop everything. If bike theft is a problem, using a bike lock is a reasonable precaution, even if it won't stop a thief with a high speed diamond saw.

          And, by Babbage and Hollerith, attacks on Int

    • by s.petry ( 762400 )

      Your analogy does not work unless you want to claim that everyone with a Diebold lock is issued the same key. It is not breaking in, it's looking in a windows lacking shutters. If you, as an adult, see a crowd of kids watching someone undress in an open window you have 3 options.

      1. Ignore it. Kids are still going to peek, so IMHO you are a douche for ignoring it.

      2. Tell the person "Hey, you may want to close that blind when your changing because kids are peeking". This seems to be the most rational an

    • Just because a door is unlocked does not mean you may walk inside, even if it is to tell the owner their door is unlocked.

      This is a good analogy, because it is impossible to tell if a door is unlocked (or if a camera has the default username/password) without trying to open the door.

      So, what your advice boils down to is that you never can accurately inform someone their door (system) is unlocked..

    • by ls671 ( 1122017 )

      They aren't really doors you know. They are cameras hooked on the Internet I assume.

      Now, to be easily accessible with default credentials, wouldn't they have to have a public IP address with an open port?

      Otherwise, I wonder how those guys got behind so many routers. Plug and play that requires a specific port on the router public IP?

      I have a hard time imagining that all those cameras would have their own dedicated public IP.

    • An internet-connected camera left on publicly known default credentials is nothing like an unlocked door.

      Rather, it's like a wall-sized window on the first floor facing the busiest street of the busiest city on the planet, with the shutters wide open.

    • How is this modded +5 or insightful? It's neither. Why are we still comparing locks and doors in meatspace to virtual servers and ports and IP addresses on a globally-interconnected network of computing nodes and electronic resources? They are nowhere near the same thing. When you advertise and/or broadcast a service on a given port and on a given IP-address, you can rest assured that unless it is properly secured, anyone and everyone will access it and utilize the resources it provides.

      In most cases, t

  • by alen ( 225700 ) on Friday November 07, 2014 @12:21PM (#48334783)

    my father in law went to the at&t store with help on his wifi only ipad. he's totally confused by the need for an itunes store account password, wifi password on his home wifi and wifi passwords at other places

  • by FlyHelicopters ( 1540845 ) on Friday November 07, 2014 @12:24PM (#48334807)

    Film at 11...

    The truth is, many people are using technology today without really understanding any of it. Even my own wife is pretty gumby with computers, if I wasn't there to do something about it, I have no doubt they would be full of malware and viruses.

    To quote my own Mother, "I don't want to learn all that technical stuff, I just want to use my computer".

    Yea, I have to say, I have to clean her machine off of crap every year. Every time I go over there, Internet Explorer has 5 or 6 toolbars installed because she clicks on everything.

    And no, she won't let me restrict and lock down the machine, I've tried that.

    • by arth1 ( 260657 ) on Friday November 07, 2014 @12:30PM (#48334873) Homepage Journal

      To quote my own Mother, "I don't want to learn all that technical stuff, I just want to use my computer".

      That sounds like "I don't want to learn all that traffic stuff, I just want to drive on the highway."

      It might be better if there were two classes of devices, one run by others for them, and ones you drive yourself. All some people need is the equivalent of public transportation. We don't let people drive cars or fly planes without some basic skills, and while most don't get good at it, at least good enough to not be an instant hazard for everybody else.

       

      • by PPH ( 736903 )

        It might be better if there were two classes of devices, one run by others for them, and ones you drive yourself.

        Apple vs Android.

        Windows vs Linux.

        Self driving cars vs stick shifts.

        etc, etc.

    • by Jason Levine ( 196982 ) on Friday November 07, 2014 @12:32PM (#48334893) Homepage

      Many people look at computers as if they are appliances. You don't need to know how to configure your toaster. You just plug it in and toast your bread. You don't need to edit some config file to make your refrigerator keep your food cold. Any "settings" come in the form of easy-to-read dials or buttons. Turn the dial on the stove and the heat goes on/up. Turn it the other way and it goes off. There's a group of people who expect computers to act like this. Unfortunately, computers are far more complex than any fridge or stove - especially once you go online and you are opened up to all of the security issues that this entails.

      • They could be made simpler by designing and creating applications, UIs and features which "do one thing but do it well".
        There's little incentive to do so, though, although I have to say that smartphones got there already, more or less.

      • the "unfortunately" part. A machine that effectively extends human intelligence and communication beyond its natural limits, among other things, can't be toaster-level stupid while maintaining its vast flexibility.

        I think dumbing it down would cost functionality (as well as jobs, like mine ;)).

        • I meant unfortunately for the person who was operating a computer while expecting a toaster level of complexity.

    • There's an easy solution to that problem. Don't fix it and tell her why.

      Seriously, if someone isn't willing to learn and use the most basic of computer hygiene practices, they will eventually fall prey to malware and will almost certainly lose data to hardware failure at some point. And if you're the administrator of the computer when that happens, it'll be your fault for not protecting them (at least in their eyes).

      You could also try explaining it as a car analogy: e.g. "You wouldn't just hop in your ca

      • There's an easy solution to that problem. Don't fix it and tell her why.

        I've thought about that... but the truth is, she's my Mom and I can't do that... She loves me, she brought me into this world, and if her one great fault is a refusal to be knowledgeable in computers, well... I'm not perfect either...

    • I think this is the important one, most devices come with a 1 page guide in at least 5 languages that say "CHANGE THE PASSWORD BY DOING THIS ONE THING" and people don't even bother to read the 1 page guide. It's not just an issue of understanding, it's apathy and laziness.
      • It's not just an issue of understanding, it's apathy and laziness.

        Yes, laziness on the part of the programmers of the device.

        The default password should allow you to access exactly one function on the device: the "pick a username and password for a new admin" feature. Once that finishes, either the default password is set to cat < /dev/urandom > password_storage_file or else the default user is removed. In case you forget the username and password you set, the device can be reset to factory defaults using some sort of physical "reset" button.

        • by s.petry ( 762400 )
          I agree fully, it would not be hard to detect if the default password was in place and disable routing outside of RFC1918 addresses if it's the default.
    • To quote my own Mother, "I don't want to learn all that technical stuff, I just want to use my computer".

      Computer hygiene should be taught like personal hygiene, at the school level for the kids and through other public programs to try to reach the adults and the elderly.

      Yea, I have to say, I have to clean her machine off of crap every year. Every time I go over there, Internet Explorer has 5 or 6 toolbars installed because she clicks on everything. And no, she won't let me restrict and lock down the machine, I've tried that.

      In case you're the one who usually buys her a computer, she's the perfect use case for a cheap Chromebook. That's what I did for my mom. I didn't really force it on her. I just bought it for her to keep next to her Windows XP laptop. Eventually, as her machine became much slower and slower, she just switched to using the Chromebook on her own.

      • Computer hygiene should be taught like personal hygiene, at the school level for the kids and through other public programs to try to reach the adults and the elderly.

        Are you kidding? :) My mother turned 70 years old this year, and comes from another time...

        In 11th grade, she spend her second half of the year as an exchange student in France. She sailed there on the RMS Queen Elizabeth. No, not the QE2, the original... Back then, you didn't fly across the Atlantic, you sailed...

        ---

        Get her a Mac? Get her a Chromebook? Yea, I've thought about that. She knows Windows, she has used it for 20 years, and frankly, she doesn't want to change.

        You can't help someone who doe

      • In case you're the one who usually buys her a computer, she's the perfect use case for a cheap Chromebook.

        Yes, she is actually... except that Microsoft Office isn't offered on the Chromebook, neither is Internet Explorer (I've installed Chrome, she won't use it)...

        She has a few small applications and games that she likes to play, while I could find similar stuff on Chrome (or Mac, or Linux), she doesn't want to change.

        ---

        So why do I keep cleaning her machine? Because she is my Mother, I love her, and that is what a good son does for his Mother.

    • And no, she won't let me restrict and lock down the machine, I've tried that.

      "Son, there's no way I'm wasting my time changing the oil in my car - you will fix the engine for me if you love me."

  • by arth1 ( 260657 ) on Friday November 07, 2014 @12:24PM (#48334809) Homepage Journal

    Strong passwords are not mandatory because it's the responsibility of the user to read the instructions and secure the device. If they don't, they have no reason to complain. It was their choice to disregard the instructions.
    A question is whether people who are that stupid should be allowed to own surveillance devices. The risk of stupid people reacting inappropriately to real situations and causing harm instead of preventing it seems rather high.

    • by Imazalil ( 553163 ) on Friday November 07, 2014 @12:41PM (#48334961)

      But if a large number of users are not able to use their devices properly (ie. secure them) is that not the fault of the device maker? This isn't even about strong passwords, but just default passwords.

      It's a known fact that the general public is not security conscious, and that they do not read through manuals. Shouldn't the makers of these systems work towards making some basic security the default?

      The best, but not very good example is Windows. Microsoft provides lots of guidance on how not to get viruses or malware on Windows. Does that mean they get to wash their hands of anything that infects their user's machines when they open powerpoint slides from uncle Bob? Technically yes, but they do have some duty to make their product more secure because they know full well a large number (the majority) of people will click on any link that lands in their inbox.

      • by arth1 ( 260657 )

        But if a large number of users are not able to use their devices properly (ie. secure them) is that not the fault of the device maker? This isn't even about strong passwords, but just default passwords.

        No. A large number of users are not able to change oil, tires, brake pads or plugs on their cars either, and that's not the manufacturer's fault. In the case of cars, service stations appeared to fill that market, at a cost.

        The problem is that people feel entitled to not bother about doing things themselves

        • by jd ( 1658 )

          I could build a device that is, by default, secure against remote intrusion. That's easy. I haven't, because the NSA wants to ban public encryption and GCHQ wants to declare all secure devices terrorist command-and-control centres. I'd rather not be a target for a hellfire missile, thank you very much.

          But if I can do it, anyone with half a wit and a credit card can. It's not hard. It's not cheap, but it's not hard.

          Such a device aught to be mandatory on eCommerce systems and a minimal version aught to be man

      • Initial set up of the device could certainly require setting a password to activate. However, there's nothing stopping, and many will, set an easily guessable password anyway. Fools will forever be fools.
    • by Higaran ( 835598 )
      Most users don't care about security. If you made setting up a user name and password the first thing the user see before you can do anything else, people would still put a user name as "user" and password as "pass" or "1234"
    • by jd ( 1658 )

      Users aren't allowed to secure their own devices. Didn't you get the memo from GCHQ?

      http://www.ft.com/cms/s/2/c89b... [ft.com]

      Encryption and security of any kind are ipso facto creating a terrorist command-and-control centre, apparently.

  • What is the actual risk here to those using cameras as baby monitors?

    Step 1: Someone sees a baby sleeping
    Step 2: ????
    Step 3: Profit?

    "Help! A stranger saw my baby turn over. Call the police!!!" ?

    • Step 1: Kid is playing out in the living room
      Step 2: Mom and dad in the baby room for a little slap and tickle
      Step 3: Capture and post to redtube.com
      Step 4: Profit!
    • What is the actual risk here to those using cameras as baby monitors?

      Step 1: Someone sees a baby sleeping
      Step 2: ????
      Step 3: Profit?

      "Help! A stranger saw my baby turn over. Call the police!!!" ?

      You could make the rather egregious leap that it would assist in kidnapping the child (a crime) since you know exactly where/when they sleep. If someone decided to stand at the curb and look at your kid's window for an awkwardly long time, would you call the police? But yes, the baby monitor thing is just a headline-getter.

      Using the cams to identify high value merchandise (certainly some of these cams are protecting things of actual value?) and also identify when no one is around, and then take the final

      • by jd ( 1658 )

        If someone decided to stand on the curb for a long time, they'd probably be reported for suspicious activity. Casing a place is a very common precursor to a break-in. I see no reason for the monitoring of a private webcam to be treated any differently in that regard.

        A more likely scenario would be for a criminal to drive past at night, see the car gone, and then check the internal cameras of the house for any activity to determine if it's easy to rob. If there's no baby, there's likely no babysitter either.

    • Depending on where the camera is pointed, it could capture a mother breastfeeding. Plus, if we assume the camera also has a mic, there's a lot of information that could be picked up audibly.
  • It goes to show that, especially in the computer security world, no good deed goes unpunished. You hear about it over and over, try to tell someone something is wrong with their computer security and the instant reaction is to shoot the messenger.

  • Enough of the Word Perfect Users already!

    "Take it back to the store, You're too dumb to own a computer" Are these threats now as dangerous or potentially dangerous as operating a motor vehicle?

    Training and License? Why not? It couldn't be any worse than it is now. I've literally had a client complaining that he couldn't get his email using Wordpad...

    How dumb and negligent do we need people to be before we do something serious about this?

    Spam, drive by downloads, malware. Isn't it about time we told the use

    • by PRMan ( 959735 )
      Because as long as the harm isn't too egregious, it's better to let people learn from their own suffering rather than making additional laws.
      • by jd ( 1658 )

        I would agree, except that most users live in outright denial, rarely (if ever) learn correctly from mistakes and frequently prefer to ignore their suffering until the harm is truly excessive.

        Better critical thinking techniques need to be taught in school, along with practices that impede cognitive dissonance.

        Further, there need to be recognized groups that have the authority to mentor those who aren't clued up.

  • Because not everything needs to be legislated, FFS. The last thing we need are more rules and laws.
  • by NoNonAlphaCharsHere ( 2201864 ) on Friday November 07, 2014 @12:37PM (#48334935)
    If these cameras get secured, how will law enforcement hack into them, get a partial reflection of a face in a hubcap, enhance and run it through facial recognition software and have the perps drivers license picture onscreen within 40 seconds?
  • Not just cameras (Score:5, Interesting)

    by RobinH ( 124750 ) on Friday November 07, 2014 @12:44PM (#48334991) Homepage
    Cameras are a problem, but it's not just cameras anymore. Nest thermostats, for instance, have occupancy sensors and they connect to the internet to work. So your thermostat tells a server on the internet if anyone's home (potentially). Smart meters have similar problems. We recently bought a temperature sensor (AVTECH brand) for our small server closet, and it automatically connected to GoToMyDevices.com as soon as I got it on the network, and started uploading sensor data. There was nowhere in the device's built-in web interface to enable or even disable this "feature". Nothing in the documentation. I looked online and found a forum where it explained that you had to telnet to the device, and at the main menu you had to select a hidden menu item, and then type a command to turn off this feature. It's that kind of absurdity that makes the whole "internet of things" just a house of cards waiting to collapse.
  • by phantomfive ( 622387 ) on Friday November 07, 2014 @12:45PM (#48335001) Journal

    why are strong passwords not required for these cameras?

    Mainly because most programmers don't know/care about security. Security is hard even when you care (for example a default password isn't a security vulnerability if your userbase is sophisticated enough to change it, and even ssh has had a vulnerability), but if you don't care, it's impossible.

    Sad but true.

    • Default, simple or non-existent passwords on consumer appliances have nothing to do with programmers. You are silly. There is another vocation called "manufacturing engineering" that might have a problem

      • by phantomfive ( 622387 ) on Friday November 07, 2014 @01:10PM (#48335243) Journal

        Default, simple or non-existent passwords on consumer appliances have nothing to do with programmers.

        So, I had a wireless router once that would not turn on until I changed the password. It is very much a problem that can be solved by programmers.

        • Nope, programmers already have made multitudes of solutions over the years for these issues, but they are not in the manufactured products image. That is another realm, and I speak from industry experience

        • by bigpat ( 158134 )
          The best solution is to have a complex unique default password for each device and just print it on the back of the device. Sure, that means the company could keep a centralized list of all the passwords which could then get hacked or an invited guest could flip it over and then be able to access your cameras. But that seems a reasonable risk and trade off between security and usability.
    • by Geeky ( 90998 )

      Why not have a default password and have it force a change at first logon? Ideally before the device can connect to the wider net, so there isn't a window of vulnerability to someone locking out the device as soon as it's switched on. Have a physical factory reset button on the device itself to deal with lost passwords. That doesn't require a sophisticated userbase.

      Mind you, these cameras require the user to take steps within their home router config to allow external access anyway - they'll pick up an IP f

      • Why not have a default password and have it force a change at first logon?

        It's a great idea, but it gets back to the problem of programmers not caring. Remember there are plenty of websites out there that still don't encrypt their password lists. It's really bad.

        • by Geeky ( 90998 )

          True. I cringe if I forget a password and the password recovery actually emails me my password rather than sending me to a link to enter a new one. Not many do that now, but at least one large shared hosting provider does and if anyone should know better...

    • by tomhath ( 637240 )

      Mainly because most programmers...

      Programmers just implement the requirements.

  • I love the way the pages come with adverts for people selling CCTV cameras for the home!

  • by Terry Pearson ( 935552 ) on Friday November 07, 2014 @01:10PM (#48335241) Journal

    This is because of people who are too lazy or too intimidated by technology to understand it. You buy the camera, many times you open a port on a router, but you fail to change the password. I am not going to blame the manufacturer for that.

    However, manufacturers could make the default a lot more secure by using methods to randomize the default passwords of the cameras. I've setup routers where the default password is printed on a plate on the bottom (next to the mac address and default IP). This gives you a degree of randomness and makes brute force near impossible without physical access to the device. This way, the user still has the freedom to change to a blank password, 'password' as password etc. if they choose to unprotect themselves. But the default becomes reasonably secure.

    This is mostly a problem with users, but sometimes the manufacturer needs to adjust the process to help the intimidated, ignorant, or lazy user along.

    • Re: (Score:3, Interesting)

      by phorm ( 591458 )

      These days when the local ISP's give out routers, there is a stamp on the router that has the default login, wifi ESSID, and wifi login. You can change these of course, but the defaults are not the same between customers.

      When I setup my firewall, it *WOULDN'T* work until I first set a password. This was the very first step.

      This isn't customers - many who are less tech savvy - being lazy, it's the manufactures. There is absolutely no reason that they can't either package a unique password or simply require t

  • by Lumpy ( 12016 ) on Friday November 07, 2014 @01:31PM (#48335465) Homepage

    People are stupid, People when confronted with technology are triple stupid.

  • by Charliemopps ( 1157495 ) on Friday November 07, 2014 @01:46PM (#48335625)

    So... some random person somewhere... can see my sleeping baby. But they have no idea where that baby is other than the last hop out of my ISP so they might know I'm somewhere in Atlanta... or whatever. Maybe if they stared at the feed 24/7 for years I might drop my water bill in the crib before I picked the baby up so they could get my address or something... But ok, so they can see a video feed of my sleeping baby? So what?

    Short of a camera pointed directly at my bed, or my toilet, I don't see how this would be that god awful. First, I'd never point a camera at my bed. Any camera. Second, someone seeing pictures of me walking around my pizza restaurant? With no address and no idea who I am or where my restaurant is? So what?!?! There are plenty of horribly invasive privacy problems out there. This isn't one of them.

  • Time sink ... (Score:4, Informative)

    by CaptainDork ( 3678879 ) on Friday November 07, 2014 @01:58PM (#48335737)

    ... after an hour of poking around. Nothing to see.

  • by cetan ( 61150 ) on Friday November 07, 2014 @02:58PM (#48336393) Journal

    2005 wasn't that long ago, was it?

    http://it.slashdot.org/story/0... [slashdot.org]

Pascal is not a high-level language. -- Steven Feiner

Working...