Thursday, May 02, 2024

It can’t hurt. Googling “list of default passwords” was the first step for any hacker.

https://www.schneier.com/blog/archives/2024/05/the-uk-bans-default-passwords.html

The UK Bans Default Passwords

The UK is the first country to ban default passwords on IoT devices.

On Monday, the United Kingdom became the first country in the world to ban default guessable usernames and passwords from these IoT devices. Unique passwords installed by default are still permitted.
The Product Security and Telecommunications Infrastructure Act 2022 (PSTI) introduces new minimum-security standards for manufacturers, and demands that these companies are open with consumers about how long their products will receive security updates for.

The UK may be the first country, but as far as I know, California is the first jurisdiction. It banned default passwords in 2018, the law taking effect in 2020.

This sort of thing benefits all of us everywhere. IoT manufacturers aren’t making two devices, one for California and one for the rest of the US. And they’re not going to make one for the UK and another for the rest of Europe, either. They’ll remove the default passwords and sell those devices everywhere.

Another news article.





What price poor security?

https://www.cnbc.com/2024/05/01/unitedhealth-ceo-says-company-paid-hackers-22-million-ransom.html

UnitedHealth CEO tells lawmakers the company paid hackers a $22 million ransom

… Sen. Thom Tillis, R-N.C., held up a bright yellow copy of “Hacking for Dummies” during the hearing, saying the breach is UnitedHealth’s responsibility to fix.

“This is some basic stuff that was missed, so shame on internal audit, external audit and your systems folks tasked with redundancy, they’re not doing their job,” Tillis said.





Resource.

https://tech.co/news/google-ai-essentials

Google AI Essentials: Learn How to Use Generative AI for Work

The course from Google — titled AI Essentials — is designed to give students some hands-on experience with generative AI platforms like ChatGPT, so they can feel comfortable using it in a work setting.



No comments: