Change your defaults..

This is why you should change your default password.

During a meeting tonight our digital projector went into a screensaver mode and displayed the wireless network it was broadcasting (Shame on you Epson). It eventually went to another screen save that gave me the brand. With a little DuckDuckGo searching I was able to log in with the default password and username. I was able to log in and access the projector interface. As you can see, there is a lot of control. I didn’t even screenshot the config page! It was during the end of the meeting so I thought I’d try shutting it down. After I hit the button twice the projector shut down before the meeting. No one really seem to take notice. Bizarre. I wonder if someone did and if the password will change soon.

Sadly many places here where I live in SE Asia don’t bother to change the default passwords to wireless access points, or other network devices. If someone wanted to, the could shut down the legitimate wireless network, change the password and start broadcasting the SSID with a device that captures all the traffic and do a man in the middle attack. Or they could just be a pesk and continually reboot the device to frustrate others. Additionally could gather info on other devices and attempt to gain access or exploit them. Either way it’s a good reason to change your default passwords.

Secure Email vs. Encrypted Email

I often find there is always this misunderstanding when it comes to the security of email. The term, secure email, is often over used and often mistaken for something it’s not. Many email services use this as a selling point, and don’t really explain what it really means.

To use some simple analogies, I hope to show you that secure email really isn’t secure. Email was never really designed for secure communications between sender and receiver and the technology behind it doesn’t really support the protocols to make it secure either. In recent years, email providers have taken steps to help improve security, but it has created a false sense of security for its users.

Read more