ZDNet recently had an article about new attacks that allow systems to be exposed to the worst kind of attacks just by visiting a web page with a bit of Javascript.  The root of the problem is actually not changing the default passwords on those ubiquitous home routers from linksys and netgear (among others).  As Duane Laflotte and I work on our book (I know it is about 2 years overdue), we are struck by the fact that there really aren’t many new kinds of attacks, just more ways to exploit the same old stupid mistakes people seem intent on ignoring forever.

If you bought a combination based high security lock system for a new car would you change the default code?  What if the code was 0000?  Would that be enough for you to realize that anyone who ever took a test drive or just made an effort to think about it could guess your code?  Read the article and just think about how ridiculous this would be in any other arena other than computers.  If we could just get people thinking about this stuff I think we would go a long way to reducing the security problems we see.  The Spam storm that is clogging the Internet lately and other incidents might be much less common if this one little change could occur…