If you’ve been reading this thing for any amount of time, you’ll probably notice I tend to come up with all manner of very strongly worded opinions. Particularly in the neighbourhood of geek things. Like, for instance, when it comes to folks who set up a piece of hardware–like, say, a router, or a server–and decide to leave the default password in place. So your state-of-the-art Lynksys router, which you’ve had for all of 24 hours, has become a hot spot for the local script kiddy and the mass amount of software he’s employing even as I’m writing this so he can expand his porn collection–and all because, well, you didn’t follow the first rule of basic security. Change the goddamn password. That goes double if you run a website for a school district, and its default login credentials are, uh, well, only slightly above no login credentials at all.
A Texas school district is learning the hard way about website security basics. If you’d like to keep your site from being compromised, the very least you can do is reset the default login. According to a post at Hackforums, the Round Rock Independent School District of Austin, TX was using the following name and password for its admin account. (h/t to Techdirt reader Vidiot)
hacked – idiots used default login/pass
u; admin
p; admin1
Needless to say I’m not exactly world’s most qualified hacker, and if it were me on the delivering end of all of that, I figure it’d take me about a minute to gain access. Provided I was 1: doing it manually and 2: not trying very hard. I’m going to go out on a bit of a limb, here, and disprove the theory that you get what you paid for. Whatever the school district paid the folks what set up and apparently didn’t maintain the website, I’m making the offfer right here–not, you know, that I figure it’ll go anywhere, but hey. Take the amount that supposed third-party company brought in. Divide it by 2. Now, write me a check for that amount. Stick it in the mail. Upon receipt, I’ll hand you a website infinitely more secure/stable than that hot mess. No? Well, I tried. In the meantime, for the love of all things holely somebody please provide SharpSchool with a better selection of passwords. Because clearly, they’ve got approximately nothing.
2 responses to “Once more with feeling: Default passwords are bad. Not kidding.”
Not sure what happened, but this here post cuts off before I’m betting you were aiming for it to cut off. In the middle of a sentence, to be specific. You forget to close a tag or something?
That was me failing at basic HTML. A link that should have been, er, wasn’t. Fixed, now.