On Aug 24, 2005, at 9:30 AM, Michael Fraase wrote:

> Why would a vendor ship a wireless router with the wireless disabled?
> Secured, yes. Disabled, no.
>
> Seems to me, admittedly a non-coder, a relatively trivial task to  
> make the
> device boot into a web screen that prompts the administrator to  
> define a
> WPA/WPA2 key when it's first plugged in. Make it so it won't run  
> until this
> key is defined.

this is only really half of the problem.  it's the half near and dear  
to adam's heart right now but in the general case the real problem is  
making the end stations happily talk to the AP with the appropriate  
flavor of crypto.

it's this poor interoperability that has most vendors de-tuning their  
products to the least common denominator of, well,  wide open.

{snipped - misc. signatures}


>> -----Original Message-----
>> Why not ship it with wireless disabled, so at least it's not
>> a gaping security hole the minute it's plugged in?
>

{snipped - misc. signatures}

-- 
steve ulrich                       sulrich at botwerks.org
PGP: 8D0B 0EE9 E700 A6CF ABA7  AE5F 4FD4 07C9 133B FAFC