@WPalant So dumb. This is not hacking, nor is it “security research”. It’s called “troubleshooting”.
The company that hardcoded the password into the DB string should be prosecuted for negligence.
Top-level
@WPalant So dumb. This is not hacking, nor is it “security research”. It’s called “troubleshooting”. The company that hardcoded the password into the DB string should be prosecuted for negligence. 1 comment
|
@scottwilson @WPalant Certainly, it violates ETSI 303 645. That has not yet any force of law in the EU, but the UK has a law on the books that makes default passwords illegal.