[EAS] Another EAS hack: Zombie alerts
Clay Freinwald
k7cr at blarg.net
Fri Mar 3 18:13:27 CST 2017
Just yesterday I accessed a web site ..I was provided with a User Name and a
Password that would only get me to a new page where I was forced to enter a
new password before I could move forward. It appears that this is SOP for
Web Sites....Tell me why it can't be SOP for dedicated hardware?
Having the default password be unable to make the gizmo function - UNTIL -
you have changed the log-in information seems to be the solution. Granted
it would require a software change for those machines in the field...but can
it be that hard and/or expensive?
Clay Freinwald
In my personal view this problem starts when vendors ship their product in
an insecure configuration and expect their customers to correct that
insecurity. We can wag our fingers at station staff all across the nation,
but I think we all know how much that will achieve. Or we could demand that
vendors render their boxes secure-on-delivery. Shipping each box with a
unique initial password would be a start, and Ed has suggested some other
steps that might work as well.
Ideally broadcasters would apply their market power to require the vendors
to take steps, but again, I think we all know they probably won't. So,
which is less bad... to accept continuing occasional zombifications... or to
resort to the blunt instrument of regulation to nip it in the bud?
More information about the EAS
mailing list