[Chugalug] 58, 000 Security Camera Systems Critically Vulnerable To Attackers

Dan Lyke danlyke at flutterby.com
Tue Jan 29 17:45:07 UTC 2013


On Tue, 29 Jan 2013 12:23:59 -0500 (EST)
Rod-Lists <rod-lists at epbfi.com> wrote:
> from /.
> "Eighteen brands of security camera digital video recorders are
> vulnerable to an attack that would allow a hacker to remotely gain
> control of the devices to watch, copy, delete or alter video streams
> at will,

I'm giving a talk at the first "Personal Clouds Gathering" in SF
tonight, and I think this touches on two things:

First, firewall that stuff. Firewall and NAT everything, and then proxy
a few things through it. Maybe with a VPN, but probably not.

Second, how much do you trust your devices? Your browser? The last time
I was talking to a guy doing deep security work, he was talking about
trying to detect "exploit in the browser" infiltrations, where IE
plug-ins were detecting accesses to specific banks, providing the
credentials elsewhere, and then providing faked transaction and balance
history pages while making withdrawals in the background.

Stuff like that makes the fact that your new DSL modem is probably
TR-069 enabled and your ISP's tech support person can see your WiFi
connection info sound positively heartwarming.

Dan



More information about the Chugalug mailing list