Quoting Hal:
>People who own Avaya systems are supposed to have >a relationship with a dealer who would handle >such things a lost admin password and remote >administration. There would be no reason for the >customer to need the backdoor or even know one >existed. Dealers do not divulge such information >anyway.
Hmm, that's interesting, is there actually a legal clause in the sales contract that says, "In order to own or use this physical hardware & software, you MUST have a contract with a dealer for support and service"? Are there enforceable legal penalties against private acquistion and use of Avaya/Lucent phone systems? If not, your remarks are just wishful thinking.
----
>Enter the internet. Buyers think they are getting >a slick deal but there is no dealer that they can >turn to and tech support is almost non existant >or incompetant from gray market sellers. So not >only is there a desire to know by the end user >but now the information gets freely distributed >when it is learned.
-----
This is a fact of life called "change" (i.e. the Internet and its availability of all types of easily searchable information) and is no excuse for piss-poor security. Lucent/Avaya ought to have anticipated this a decade or more ago -- the Internet was sufficiently widespread even in 1995 for this development (distribution of backdoors) to have been expected.
>>So basically by buying off the internet you have >>screwed yourselves on the security issue.
That's not a fair remark. You're saying because *I* personally got a donated system from another end-user that I am responsible for the system's security problems? Silly. Think about it. How many people does it take to spoil the secret of the Partner VS backdoor? How many, Hal? One person.
Don't lump together the hundreds, probably thousands of other non-dealer system installers and end-user admins with the one (or few) people in YOUR industry who decided to divulge the passwords.
Again, the entire problem could have been avoided with even the slightest forethought by Avaya.
What stinks, generally, about Telecom providers is not your prices, per se, but the general attitude of condescension toward your end-users. The fact that your business depends on a small amount of private and arbitrary information (such as back door passwords) makes it understandable that you would resort to "Well it shouldn't be that way!" as an excuse for covering over poor security.
