> Serious Cayman problem?
Not half as serious as the default setup on some (all?) Cayman DSL routers,
which come with such "features" as:
* No administrative password set by default
* A mini webserver....to access the unprotected administrative commands
* Telnet that lets a person in without a password
This is a pretty old issue, first reported (I think) back in March 2000:
http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Fend%3
D2001-07-14%26mid%3D50343%26threads%3D0%26list%3D1%26start%3D2001-07-08%26fr
omthread%3D1%26
However, there are still tons of these out there, with no password. Also the
above advisory does not mention that these machines respond to SNMP queries
(default public/private SNMP strings) with enough info to choke a horse - -
not to mention that once a user is logged in, they can telnet OUT as
well.....
Has Cayman fixed the problem? I don't know. But you would think that any ISP
which has promoted these products would have long since contacted their
customers to remedy the situation - - obviously many have not.
-J
