[EAS] Another EAS hack: Zombie alerts

[Ed Czarnecki]

Not quite the same thing, but some time ago we changed the DASDEC software
to force a user to change a password when they first configure the box.
Also rejects re-using the one-time default password, or any on a list of
well-known passwords ...

Regardless of how we try to accommodate human nature, it doesn't help when
users don't apply software updates, and leave key infrastructure exposed to
the Internet, and so forth ...

And I'm not talking about users being a version or two behind ... I
occasionally run into folks that are 7 years behind in updating software ...

<sigh>

-----Original Message-----
From: EAS [mailto:eas-bounces at radiolists.net] On Behalf Of Botterell,
Arthur at CalOES

Not sure the box vendors have any strong business incentive to help with
this, but might it be constructive for them to start randomizing the default
passwords the boxes ship with.  We can curse human nature or we can
accommodate it.