Subj : Re: Headless Pi 4B problems - continued To : Chris Green From : Michael Schwingen Date : Tue Jan 28 2025 18:30:50 On 2025-01-26, Chris Green wrote: > > Is there **really** such a big security issue with default login names > and passwords on Raspberry Pis? Surely almost all of them are going > to be on home networks behind NAT routers and also surely no one is > going to (without thinking about it a bit!) put confidential data on > one. Anyone installing any system which is going to be directly out > on the internet should be very aware of the risks and will do what's > required. Probably not. People installing special-purpose distributions (media player, dns filtering, hoem automazion etc.) may not even be aware that they need to change the SSH password when they only interact with some web frontend. Also, it is not just the data on the device that is at risk. There is also the risk that such an exposed machine will be used as part of a botnet to attack other machines. A quick check on shodan shows 86362 hits for "ssh raspbian". If only a small percentage of these use the default password, that is way too much. cu Michael -- Some people have no respect of age unless it is bottled. --- SoupGate-Win32 v1.05 * Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3) .