SN 751: SHAmbles

Beep boop - this is a robot. A new show has been posted to TWiT…

What are your thoughts about today’s show? We’d love to hear from you!

I’ve used AVM Fritz!Box routers since I moved to Germany. They don’t have a password set by default, when you first turn it on and go through the set-up, the first thing they do is ask for a password.

They also have a unique SSID for the Wi-Fi and a strong password (with a QR-Code to automatically set it up on smartphones on the underside of the router). I always change the default.

Likewise, I now use Ubiquiti Unifi kit for firewall and wi-fi (the Fritz!Box is only used as a modem and VOIP/DECT router, my network is then behind the Unifi USG) and they also require a strong password when being set-up for the first time.

I believe it is now a legal requirement in Europe (or they wanted to make it a requirement) that the Wi-Fi router has a unique SSID password upon delivery. Shame they don’t insist on a unique admin password on delivery…

You touched on this this week and I wondered what you thought about this: there appears to be a growing chasm between theoretical but unexploited threats on one side and common, ongoing threats on the other. There appears to be a gradient between these poles in which new threats are currently being exploited more than before (e.g., you did a great and very timely coverage on the back-to-school ransomware wave last fall).

I was wondering if it would be useful to try and sort the different items you discuss on a continuum between the two. Maybe discuss the different items in segments of the show (like: start with the current security “weather” and later speak about what’s on the horizon of security “climate”). We’ve been hearing so much about academically sourced and evidenced threats. These certainly further the career of the discoverers. But they don’t really become effective in the real world (meaning for regular users). Thus, their reporting can add to a sense of insecurity even though these threats are of negligible impact on regular systems and might draw attention from the basics of security hygiene.

Now you guys do a stellar job on highlighting several facets of security hygiene (you even labelled the studio to highlight one). So this is really only an idea, somwhat short of a suggestion, but I believe it might be useful. Also: it would be awesome to have a top ten list of security hygiene measures by Leo and Steve which we might be able to share with friends and family.