[EAS] Digital Alert Systems From Monroe Electronics Contain a Known SSH Private Key and are Vulnerable to Remote Attack
Dave Turnmire
eassbelist at cableone.net
Tue Jul 9 13:15:14 CDT 2013
On 7/9/2013 10:43 AM, Richard Langevin - EMERMGTX wrote:
> All,
> >From a IT friend of mine
> Well, so even if you change the login username and password, they're still not always safe.
>
> http://www.securityweek.com/root-ssh-key-compromised-emergency-broadcast-systems
>
It boggles my mind why there is so much concern about the SSH key when
the root password itself is widely known (or guessed) and yet there is
little help for the typical end user on altering it, nor any
notifications that I'm aware of to point out the need.
Do you like "twofers" for your time investment? How about this one...
make a list of "basic" good security practices for products connected to
a LAN. Bingo... you have just created a list of what was likely
violated by _______ (pick your broadcast vendor).
Dave
More information about the EAS
mailing list