Hacker News new | past | comments | ask | show | jobs | submit login
Hacker Steals Military Docs Because Someone Didn’t Change a Default FTP Password (bleepingcomputer.com)
23 points by Jerry2 9 months ago | hide | past | web | favorite | 7 comments

He stole the docs by compromising a router that was running the FTP protocol.

That shouldn’t even be a thing happening in this decade! The default password barely enters into it. Vendor leaves giant foot gun. Customer blows foot off.

If they changed the default password, it would be much, much harder, FTP or not

I've noticed that in Enterprise environments, it's very common that people don't change default settings. I think it's because in a team, you don't care as much. It's not your own stuff, and you sometimes don't feel like you have the authority to change things like default passwords. Someone could be using that password, you could be breaking some app etc. Easier to ignore it.

I think I read somewhere that it's a lot harder to hack home networks than enterprise systems, which makes very much sense to me.

Home networks have only a single point of failure. Enterprise systems have multiple points of failure, some of which are unknown because the people who were the "failures" have left the company for decades.

There's also the fact that the default passwd often is a 'strong' one (ie. 7yYbaksOo... etc.)

I think this is misleading, because the reason for this hack is not technical issue. The strongest passwd is useless if it's transparent like this.

I can understand that shipping with no passwd included is also somewhat awkward or perhaps even not allowed by regulation

I hear ya, now hold on while I TFTP to update some networking equipment...

Why are the military using home routers?

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact