On Wed, 2005-08-24 at 07:44 -0500, Adam Maloney wrote: > The issue of knowingly shipping products with a default insecure > configuration has been hashed to death on many lists, but you must have > missed them all. I'll bring you up to speed... Thanks. > > Why not ship it with wireless disabled, so at least it's not a gaping > security hole the minute it's plugged in? Because it's not a gaping security hole. Joe Clueless just went from having their Windows PC wired directly into their cable modem to putting it behind a NAT device, if the wireless is unencrypted that just means that someone can drive up and (attempt) to exploit the bug of the week on his Windows PC. Are you sharing files across your network without password protection? Failing to secure your systems because you think they're safe behind NAT? I think you're concerned as an ISP who doesn't want customers sharing their Internet connection accidently (or purposely =), that's fine, but don't try to claim it's for their security. I have plenty of devices that cannot do much more than 64 or 128 bit WEP, shipping a wireless AP in such a way that it forces me to choose some advanced encryption (that I do not wish to use) will cause whatever company does it to lose my business. If you need security you should not be relying on the wireless encryption method of the week, you should be using a VPN, SSL, etc. What kind of network administrator allows "the helpdesk" to recommend a consumer wireless device like this to a "remote site". If you don't have someone with half a clue managing the remote site it's probably not important enough to cry about. Set an encryption key, turn down the power, take off the antennas, etc. If giving anyone nearby a direct connection to your LAN is that much of an issue then you should have mac address ACL's on your switch ports that prevent people from plugging in random devices. All that said, when we install wireless APs at customers homes I have instructed our installers to setup the best encryption available between the PC and the AP being installed, you would be surprised at the number of customers who DO NOT want it enabled for one reason or another.