For Fails Sake!

I just noticed in Comcast’s account page, appropriately they note the default address, username, and password to login to the web interface for setup of the particular wireless router in question. However…the scary thing is they encourage you to connect using the default SSID and the network key printed on the label (hopefully not also out of a can….), skipping any need to use the web interface what so ever.

Right, let me paint you a picture. Joe & Jane Luser, don’t know squat about routers. Most people don’t even if they know how to use computers well beyond average (but it’s not that hard). The label says skip the rocket ma-science setup smetz up and just plug it in, connect to this network name and type in this password…you’re done! The Lusers are probably so inept, they even put the label on the router just in case.

Now, let’s say they have a neighbor help fix a computer problem someday and she notes the label. Sometime later they piss her off, so she connects from her apartment, logs in with the default, and locks the Lusers out. Or maybe does all sorts of nasty shit; winning!

It’s probably a good thing that routers rarely default to allowing remote administration, so at least the SSID/Key are there…but that isn’t good enough that I would want to bank on it. And trust me, if someone gets deep enough into your network, you can be banking on it.