Kevin Beaumont
If you heard about that hacking of the voices of traffic light crosswalks in the US recently, the root cause is the devices all had the password '1234' and an app to reprogram the devices was on the Apple app store.
https://www.theregister.com/2025/04/19/us_crosswalk_button_hacking/
Hacking US crosswalks to talk like Zuck is as easy as 1234

Video: AI-spoofed Mark joins fellow billionaires as the voice of the street – here's how it was probably done

The Register
Apr 22, 2025 at 7:13pmWeb
Show threadAnneHApr 22, 2025
@GossiTheDog πŸ˜‚
Show threadBytebro πŸ‡¬πŸ‡§ πŸ‡ΊπŸ‡¦ πŸ‡¬πŸ‡±Apr 22, 2025

@GossiTheDog

Nearly as good as admin:admin.

TIoT is such shite.

Show threadsrslypascalApr 22, 2025

@bytebro @GossiTheDog

One could argue that the password "admin" is slightly more secure than "1234" because
a) it is longer, and
b) it is composed of characters from an alphabet that has 26 characters instead of only 10.

Show threadDan, the world needs an enema!Apr 23, 2025
@srslypascal @bytebro @GossiTheDog I miss the admin:system of the VMS era! 
Show threadDec [{()}]Apr 24, 2025
@WastelandWandrr @srslypascal @bytebro @GossiTheDog
I accidentally got into a SYSTEM account this one time, with test:test (I was only supposed to be testing circuits, and I was sure that one wouldn't work).
Show threadBytebro πŸ‡¬πŸ‡§ πŸ‡ΊπŸ‡¦ πŸ‡¬πŸ‡±Apr 24, 2025

@dec23k

Sure; not at work, bcs most places I have worked would fire people if such obvious access was available because it would get picked up on the most trivial security audit, however, I've reasonably often been round to help a friend with 'internet issues', and everything on the router is set to factory defaults, and I learned that admin:admin works for a terrifying number of older routers.

@WastelandWandrr @srslypascal @GossiTheDog

Show threadDec [{()}]Apr 24, 2025

@bytebro @WastelandWandrr @srslypascal @GossiTheDog
The one I found was on a VAX in the HQ of a large corporate entity in the food sector (on the other end of a private link). I was at a remote site, testing a LAN extension that shared an existing DECnet LAT with a new Novell IPX deployment. On the same wire. Which was coaxial.
Gradually, PC terminal software replaced the flickering glow of VT52 and VT100 terminals.

I was making sure that 'average' traffic could coexist for both systems.

Show threadDec [{()}]Apr 24, 2025

@bytebro @WastelandWandrr @srslypascal @GossiTheDog
I was just making sure that the site's LAT was still reaching CORPVAX1 in HQ with Novell users active. I wasn't expecting an "I'm in" moment on a machine several hours drive away.

So I logged out, and raised my concern about the test/test account with the most appropriate person at the local site.

The admins in the company HQ determined that a 3rd party vendor had left the backdoor in place. I don't know what happened about that.

Show threadtrainguyromApr 22, 2025
@bytebro @GossiTheDog wait you have a password? Mine is just admin with no password!
Show threadno brain no painApr 22, 2025
@GossiTheDog 😱
Show threadTim Ward ⭐πŸ‡ͺπŸ‡ΊπŸ”Ά #FBPEApr 22, 2025

@GossiTheDog Yes well, can you imagine the bureaucratic hassle involved in correctly and accurately recording a separate password for each device, and making sure it can be found in fifteen years' time next time someone needs to change the programming?

Password control doesn't sound like a very clever design choice to me, given how impractical it would be in real life to change the default password.

So ... in real life, if the password were changed then legitimate people making legitimate configuration changes would have to fall back on sticking a pin up the factory reset hole to get the default password back. And ... guess what ... the hacker could do that too!

Show threadShoestring Budget Console CowboyApr 22, 2025
@GossiTheDog Master hackers strike again
Show threadennenineApr 22, 2025
@GossiTheDog #hacktheplanet
Show threadJohn G FitzgeraldApr 22, 2025
@GossiTheDog Now hack street lamp posts to sound like Dementia Donald.
Show threadBen S.Apr 22, 2025
@GossiTheDog that's amazing, I've got the same combination on my luggage
Show threadThadApr 22, 2025
@HunterZ Good thing I had the sense to read the replies and see if somebody else had already made that reference.
Show threadgloria deiApr 22, 2025
@GossiTheDog Too bad the hackers didn't do something useful like putting them in ped recall.
Show threadAlan Miller  πŸ‡ΊπŸ‡¦Apr 22, 2025
@GossiTheDog article covers one of the important points: automatic lockout after too many tries. Leaves out: are they all 4 digit PIN even if changed? Does the lockout expire?
Show threadCadenApr 22, 2025
@fencepost @GossiTheDog not sure if lockout expires, but only 4-digit pass codes seem to be supported by the Polara app
Show threadm_berberichApr 22, 2025

@GossiTheDog

Has the Microsoft president already announced that this must have been the work of 1000+ Hackers?

https://www.infosecurity-magazine.com/news/microsoft-1000-hackers-worked/

https://specopssoft.com/blog/solarwinds-hack-weak-password-solarwinds123-cause/

#Microsoft

Microsoft: 1000+ Hackers Worked on SolarWinds Campaign

Russian-backed cyber-espionage operation is β€œlargest” world has seen

Infosecurity Magazine
Show threadxs4me2Apr 22, 2025

@GossiTheDog

Haha, hilarious!

Show threadsortiusApr 22, 2025
@GossiTheDog and this is why the PB/5 is awesome, and the best in the world. Good luck hacking that
Show threadDavid Scott MoyerApr 22, 2025
@GossiTheDog And the hackers fucked over any person who needed the sound to cross safely.
Show threadBill Sharpe GadflyApr 22, 2025
@GossiTheDog
I sure HOPE the parking lot security robots have better passwords. I'm worried knowing Kristi Noem is looking for a new purse.
Bill
Show threadSatan - PaulApr 22, 2025
@GossiTheDog how is the US even real
Show thread🐜Apr 22, 2025
@GossiTheDog https://www.youtube.com/watch?v=a6iW-8xPw3k (pretend there is no 5).
Spaceballs 12345

A scene from the movie "Spaceballs" (MGM, 1987). I use it to educate people to choose better "combinations" aka passwords. The scene has been slightly edited...

YouTube
Show threadCat 🐈πŸ₯— (D.Burch) β Apr 22, 2025
@GossiTheDog Hardcore password cracking!
1️⃣2️⃣3️⃣4️⃣
Show threadT2RApr 22, 2025
@catsalad @GossiTheDog https://www.youtube.com/watch?v=_JNGI1dI-e8
Spaceballs Luggage Password

YouTube
Show threadAlida AntoniaApr 22, 2025
@GossiTheDog 
Show threadPhrackerApr 23, 2025
@GossiTheDog
As a general rule, people don't think of embedded systems (like those in traffic lights) as something that needs to be secured, probably partly because they're not viewed as true computers and also because people can't think of a reason why anyone would want to hack them. I remember a DEF CON talk that I watched a while ago where someone was able to remotely disable their neighbor's drone because it had an open Telnet port with absolutely no security whatsoever.
Show thread⁂ Fish Id WardrobeApr 23, 2025
@GossiTheDog move fast, break things
Show threadJoe βŒπŸ‘‘Apr 23, 2025
@GossiTheDog Anyone reading this and getting ideas: please don't fuck with the crosswalks. Blind people rely on the voices to cross the street safely.
Show threadKevin Karhan Apr 23, 2025
@GossiTheDog in #Germany one needs at least a modified #Siemens #DECT phone to do so....
Show threadMartinApr 23, 2025
@GossiTheDog Lolololol! Ridiculous!
Show threadpiku    minor!Apr 23, 2025
@GossiTheDog the password for half the stuff in my school is admin ​​
Show threadBill ZaumenApr 23, 2025
@GossiTheDog I wonder if they'll change the "1234" password to "4321".
Show threadNairamtrab πŸ‹πŸ‡ͺπŸ‡ΊπŸ‡ΊπŸ‡¦πŸ³οΈβ€βš§οΈπŸ³οΈβ€πŸŒˆApr 23, 2025
@GossiTheDog 🀣
Show threadOwlor πŸ¦‹Apr 23, 2025
@GossiTheDog It never stops being funny how the blanket term "hacking" serves to obscure how deeply stupid a lot of exploits are. It's less like "a skilled team of professionals broke into the high tech bank vault by dodging lasers and cracking safes" and more like "someone walked through an unlocked door that was slightly ajar and people seem genuinely confused about how they managed to pull it off, cus they had a 'no trespassing'-sign up."