INTL 3:770/1 3:770/3
REPLYADDR news-1513678000@discworld.dascon.de
REPLYTO 3:770/3.0 UUCP
MSGID:  880a932e
REPLY:  5ed4c435
PID: SoupGate-Win32 v1.05
On 2025-01-26, Chris Green  wrote:
>
> Is there **really** such a big security issue with default login names
> and passwords on Raspberry Pis?  Surely almost all of them are going
> to be on home networks behind NAT routers and also surely no one is
> going to (without thinking about it a bit!) put confidential data on
> one.  Anyone installing any system which is going to be directly out
> on the internet should be very aware of the risks and will do what's
> required.

Probably not.  People installing special-purpose distributions (media
player, dns filtering, hoem automazion etc.) may not even be aware that they
need to change the SSH password when they only interact with some web
frontend.

Also, it is not just the data on the device that is at risk. There is also
the risk that such an exposed machine will be used as part of a botnet to
attack other machines.

A quick check on shodan shows 86362 hits for "ssh raspbian". If only a small
percentage of these use the default password, that is way too much.

cu
Michael
--
Some people have no respect of age unless it is bottled.

--- SoupGate-Win32 v1.05
 * Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)
SEEN-BY: 10/0 1 19/10 103/705 105/81 106/201 124/5016 128/187 129/305
SEEN-BY: 153/757 7715 154/110 218/0 1 601 700 840 220/70 221/1 6 360
SEEN-BY: 226/17 30 100 227/114 229/110 111 114 200 206 275 300 317
SEEN-BY: 229/400 426 428 470 550 616 664 700 705 240/1120 266/512
SEEN-BY: 267/800 291/111 292/854 301/1 113 812 310/31 320/219 322/757
SEEN-BY: 335/364 341/66 342/200 396/45 460/58 633/280 712/848 770/1
SEEN-BY: 770/3 100 330 340 772/210 220 230 902/26 2320/105 5020/400
SEEN-BY: 5020/1042 5075/35
PATH: 770/3 1 218/840 221/6 301/1 218/700 229/426