Feeds

back to article Filesharers spread Allied Telesis networking 'backdoor' info

"Backdoor passwords" for a range of Allied Telesis networking devices have been leaked online. Allied Telesis said that although the leaked document referred to a "backdoor password" (screenshot via H Security here), this was an unfortunate choice of phrase for what was actually a password-recovery feature of the type most …

COMMENTS

This topic is closed for new posts.
Silver badge
Holmes

Correction

"...making security-related documents that are meant to be restricted openly available is seldom a good idea. "

s/b

"...making security-related documents that are meant to be restricted is seldom a good idea. "

If your security system isn't good enough to be open to scrutiny, it's not good enough.

3
0
Silver badge
Thumb Down

The write-lock switch, yet again.

The answer for all such issues, is to make the functionality work only if something mechanical has been done to the hardware. The classic is the write-lock button on an old exchangeable-platter disk drive. These days, any hardware that is user-flashable should have a firmware write enable switch (shipped OFF), and anything with a built-in password should have a built-in-password-enable switch (ditto shipped OFF).

Best, in my view, if the switch requires taking the cover off the equipment. But even more important, that these switches exist in the first place.

1
0
Silver badge

"Allied Telesis is reportedly working on removing the leaked documents from the filesharing sites"

GLWT

3
0
Silver badge
Coat

Put the Genie back in the bottle

Perhaps they could use a Super-Injunction or something ?

0
0
Anonymous Coward

Allied Telesis?

Haven't heard that name since 10Base5 networks and their "vampire" transceivers.

Does anyone still use them?

Maybe it's all just a publicity stunt?

0
0
Silver badge

Duh.

Come on, what's wrong with the "hold reset button for 10 seconds at power up to reset default options (and password)"?

0
0
Anonymous Coward

yeah, they're still around

fortunately, the fiber adapters don't have this feature/flaw

0
0
Silver badge
Thumb Down

Not very clever at all

Whether it's a back-door or a password-recovery capability is immaterial - it shouldn't have been there. No matter how secretive they thought they were about it, they put a weakness into the devices. I'd rather accept the risk that a full reset (and consequent down-time) is necessary to recover the situation.

0
1
Silver badge
Mushroom

Really?

"Allied Telesis is reportedly working on removing the leaked documents from the filesharing sites"

Meanwhile we look forward to getting the mushroom cloud back in the sphere of plutonium...

0
0
Trollface

Private, Exposed Notes on Internets and other Syndicates

That's even more lulzy than your ludicrous suggestion that security-by-obscurity could somehow have helped!

0
0

Pointless article

Cisco devices have the same. Plug in the console cable and change the confreg setting on bootup. This allows config recovery as well so is also not secure.

I'm not certain there is a network device that is secure against someone with physical access to the device.

So what is required to make sure a device is secure is the rest of the network only allowing 'trusted' and 'uncompromised' devices to connect to the rest of the network.

0
0
This topic is closed for new posts.