Just thought it was worth mentioning for anyone who missed it that just because you received an email from Neural regarding the security breach, does not necessarily mean you had your WiFi passwords exposed. That exposure required that you sent them a crash log at some point. Look for the text in the email that says “Crash log found?:” to check your status on this.
While I was not happy to see a notice of a security vulnerability on the QC, I do appreciate Neural being forthcoming about it as well as proactive with a fix that can’t come soon enough. This is just one of the risks and tradeoffs of having devices that can connect to the internet remotely. Hopefully they will lock things down better in the future, but I still love having Wi-Fi and Bluetooth (Boss modelers for example) access to my devices. Would not want to give that up.
The option to have all operations that might require Wi-Fi connectivity, e.g., firmware updating and editor/librarian available directly via USB for those who would prefer better security (you are still connecting to the internet at some point) to flexibility might be a good option to offer. Perhaps worthy of Neural’s consideration IMO if security is going to be an issue via the Wi-Fi adaptor on the QC. Some people may prefer the level of security they are able to achieve by locking down their own router with firewalls and various other security options.
Update: After reading the post in the link below I had to reframe my opinion of this particular breach as one that was self-inflicted by some less than stellar security practices on Neural’s part rather than as the inevitable risk of hacking that comes with the territory when you have Internet connectivity on a device, or for that matter customer data on corporate servers. Amazing how many Fortune 500 companies have been hacked with considerably more financial resources to devote to protecting their data than Neural. This is one of the reasons I hate being asked to send logs. I have seen other companies make similar mistakes with them in the past. Add to that certain email service providers who intentionally “scrape” emails for demographic data for targeted advertising. Logs need to be anonymous first and foremost and encrypted is always a good thing. Could of happened to anyone though and not everyone would have owned up to it.