Shame On Linksys For Plain-Text Passwords
Wednesday, March 11, 2009
I was minding my own business, installing a wireless router for a client, when Linksys gave me the screaming heebie-jeebies.
At first I was pleased with the latest Linksys/Cisco installer. It's become common knowledge that wireless routers aren't secure out of the box, but what isn't widely known is how to configure them correctly. So the wireless makers have been improving the install process to help folks secure their wireless networks. The installer for the Linksys WRT110 walks you through password-protecting first the router itself, then the wireless network. Nice, I thought, until I got to the last screen...
Heebie-jeebies! Bad enough to display those passwords right there on the screen, but saving them by default to a text file on the desktop?! Text files are like candy to viruses, easy to devour. How soon before some malcontent writes a virus that searches for those text files? Hackers already scan the wireless networks of hapless users, hoping to get in with a default password. Saving plain text files of passwords is like leaving the code to the burglar alarm on the front door. The Linksys installer gives people a false sense of security, helping to change the passwords then revealing them in plain sight.
Shame on Linksys for such an obvious security gaffe, and let's hope they eliminate it in their next installer version.
Posted byTriona Guidry at 9:49 AM