This is another one of those things that, for the vast majority of IT professionals, ought to be second nature. When you get something new, with a default username and password…you change it. It’s always my first order of business, next to changing the default IP addresses. Locking down any new network gear is imperative, because with user guides online, anyone can figure out the default access information.

Need further proof of how bad being lazy can be, or added incentive to change the defaults before ever using the device? Look no further than a recent study revealing that the hacktivist group Anonymous has apparently made use of a plethora of SOHO access points, still running with all their default information, to put together a massive and powerful botnet. This would be a tool similar to what another group used against Sony last year, among others.

It’s also a reminder that, many times, hackers don’t really want to look at your family pictures, or find out your great grandmother’s prized recipes. For every one time a hacker could gain access to a home device and exploit personal information, there are countless others where the perpetrator is actually looking to take something more valuable-your computing cycles, by tying a number of compromised machines together, it gives groups what amounts to a distributed Beowulf cluster, a powerful tool that they can bring to bear. Also, because it is distributed and computing is spread out, should any piece of the cluster be removed, found out or blacklisted, there’s a strong chance the remaining nodes will continue to work. It makes locating the cluster and taking it offline that much more challenging.

Just another reminder that it is imperative to change any and all default settings, as soon as it is possible to do so. Failure to do so could be a very bad experience.

BACK TO BLOGS