Subj : Re: Headless Pi 4B problems - continued
To   : Andy Burns
From : Chris Green
Date : Sun Jan 26 2025 20:23:47

Andy Burns <usenet@andyburns.uk> wrote:
> Chris Green wrote:
>
> > Is there **really** such a big security issue with default login names
> > and passwords on Raspberry Pis?  Surely almost all of them are going
> > to be on home networks behind NAT routers and also surely no one is
> > going to (without thinking about it a bit!) put confidential data on
> > one.
>
> Plenty of Pis (especially the compute modules) end-up in industrial kit,
> maybe not much data on them, but you don't want them being used to
> laterally attack other systems.
>
> <https://www.legislation.gov.uk/uksi/2023/1007/schedule/1/paragraph/1/made>
>
>        "Passwords must be—
>                (a)unique per product; or
>                (b)defined by the user of the product."

Ah, so it's legislation has caused this. :-)

Again I say, anyone who is actually deploying Pis in such a situation
needs to know what they're doing.  If they don't know what they're
doing no amount of legislation is going to help much.


What really is getting to me is that the non-GUI user who wants to use
a Pi (or arduino or BBB) to moinitor the temperature in his garage
ends up having to jumpo through lots of unnecessary hoops to do it. To
a significant extent it's because the Pi has become much more 'mass
market'.

Oh well, I guess I can live with it. Rant over.  :-)

--
Chris Green
·

--- SoupGate-Win32 v1.05
 * Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)

.