Anybody who leaves the default passwords set on any kit (hardware or software) they install is asking for trouble. If it is true that Red Hat did not document the default password properly, that is bad news, but does not constitute a "backdoor". To be honest, they have left the front door open and hidden the key.

The M$ "weenies" key was just misreported. It is a weak encryption key buried in a DLL most of us have on at least one computer we own / maintain (just what machine do you play games on?) Has anyone actually looked at the encryption tech - weak key and duff algorithm, or good basic tech and incredibly crap implementation (the last phrase TM M$ Corp, c/o 2001 Business Plan.)

The various shopping carts have had actual doors, bypassing the standard password mechanisms - no-one knew or could have known they were there without doing the sort of code analysis that no employed sysadmin could legitimately find time to justify, never mind do. What is worse is that, as these systems de facto require internet access, you can't even block them off at the boundary.

Ho hum, back to chasing ineffective anarchists.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/25/1606#1606