[saguro]

I would say that if people on HN are saying the attack is too stupid to be government supported, then the government has succeeded at their primary goal of having plausible deniability with these issues.

If we take recent history, we now have hard evidence of all sorts of conspiracy theory type stuff being absolutely true. With that in mind, do we just keep defaulting to 'not government' every time there's a deliberate backdoor identified? Sounds like a great way to maintain the status quo and ensure that no action is ever taken to curb this.

> this is a textbook example of a sloppy developer who doesn't understand security

From TFA:

02 - Hard coded backdoor

02.1 - Vulnerable code analysis

02.2 - Remote exploitation

[acdha]

Your argument is that because one thing which some people considered a conspiracy theory, but most experts did not, was true we should believe all of them?

Yes, there’s a hardcoded password. The field has a long history of people adding those to make support easier, and I’d bet a lot more that that password means someone with that name worked on the mydlink project than that the NSA put it there, just as most burglaries are routine crime even if the CIA or FBI has been known to quietly bug houses.

[madez]

The evidence for a backdoor by the government vs a programming mistake or backdoor by somebody else is weak, I think. Also, what would change even if?

[saguro]

From TFA:

> As you can see in the above code, the login functionality specifically

> looks for an admin user named "mydlinkBRionyg" and will accept the password

>of "abc12345cba" if found. This is a classic backdoor. Simply login with

> the credentials that I just mentioned from the above code.

Programming mistake? Seriously?