From: news-1513678000@discworld.dascon.de   
      
   On 2025-01-26, Chris Green  wrote:   
   >   
   > Is there **really** such a big security issue with default login names   
   > and passwords on Raspberry Pis?  Surely almost all of them are going   
   > to be on home networks behind NAT routers and also surely no one is   
   > going to (without thinking about it a bit!) put confidential data on   
   > one.  Anyone installing any system which is going to be directly out   
   > on the internet should be very aware of the risks and will do what's   
   > required.   
      
   Probably not.  People installing special-purpose distributions (media   
   player, dns filtering, hoem automazion etc.) may not even be aware that they   
   need to change the SSH password when they only interact with some web   
   frontend.   
      
   Also, it is not just the data on the device that is at risk. There is also   
   the risk that such an exposed machine will be used as part of a botnet to   
   attack other machines.   
      
   A quick check on shodan shows 86362 hits for "ssh raspbian". If only a small   
   percentage of these use the default password, that is way too much.   
      
   cu   
   Michael   
   --   
   Some people have no respect of age unless it is bottled.   
      
   --- SoupGate-DOS v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)