One security issue that befuddles me is the default password issue. When you put a device in an Internet-facing position, you really should make sure the password is not set to the default.
You can probably guess why I am ranting. Yes, a client for whom we are performing a security assessment just received their first status report, and that report showed a MAJOR device on the Internet was set with a default password. This device literally controls their Internet connection, and THEY HAD A DEFAULT PASSWORD ON IT. Argh…
Normally I would write this kind of post pretty quickly in Twitter, but I really feel like it warranted a blog post since it is such a pet peeve, especially since my blogging here has become almost nonexistent since I can summarize things so quickly in Twitter. It seems to fit the way my brain works. Of course, that is a whole other post.