On February 9, 2017 at 12:04 r...@gsp.org (Rich Kulawiec) wrote: > On Wed, Feb 08, 2017 at 08:30:15AM -0800, Damian Menscher wrote: > > The devices are trivially compromised (just log in with the default root > > password). So here's a modest proposal: log in as root and brick the > > device. > > No. It's never a good idea to respond to abuse with abuse. Not only > is it unethical and probably illegal (IANAL, this is not legal advice) > but it won't take more than a day for someone to figure out that this > is happening and use some variety of misdirection to cause third parties > to target devices that aren't actually part of the problem.
Ok but what if you broke in and fixed their security w/o breaking the user experience? Would a vendor, presented with a good demo, sign off on that? If so isn't it just a mandatory patch? -- -Barry Shein Software Tool & Die | b...@theworld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD The World: Since 1989 | A Public Information Utility | *oo*