[Chugalug] 58, 000 Security Camera Systems Critically Vulnerable To Attackers

Dave Brockman dave at brockmans.com
Tue Jan 29 21:11:56 UTC 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 1/29/2013 12:45 PM, Dan Lyke wrote:
> First, firewall that stuff. Firewall and NAT everything, and then
> proxy a few things through it. Maybe with a VPN, but probably not.

+1 Firewall
- -1 NAT
+1 VPN

We *have* to get out of this IPv4 mindset that NAT is a good thing (tm).

> Second, how much do you trust your devices? Your browser? The last
> time I was talking to a guy doing deep security work, he was
> talking about trying to detect "exploit in the browser"
> infiltrations, where IE plug-ins were detecting accesses to
> specific banks, providing the credentials elsewhere, and then
> providing faked transaction and balance history pages while making
> withdrawals in the background.

The bad guys have been winning this particular war for at least the
past 5 years.  And I mean the really bad guys, not the script kiddie
punk kind, the Estonian Mafia kind.....

> Stuff like that makes the fact that your new DSL modem is probably 
> TR-069 enabled and your ISP's tech support person can see your
> WiFi connection info sound positively heartwarming.

Using your modem as a modem and not a router with a proper firewall at
your border will prevent that nonsense also.

Regards,

dtb


- -- 
"Some things in life can never be fully appreciated nor
understood unless experienced firsthand. Some things in
networking can never be fully understood by someone who neither
builds commercial networking equipment nor runs an operational
network."  RFC 1925
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJRCDscAAoJEMP+wtEOVbcdnwgH/i3onxpf+uCik8gjqTMwNcXB
A6HUQnZ9HsLrttY8jHh3W/zLMVQ9eRuzI+fjTC/ODuUR0wshWSZ61vlg3ZKPS4fc
WiDs44v8EhxUqO1lWQnclRMxX/7MpZRORI0mNVPwFEMQ3MUEb7R2NIV+H82kyrcK
hkeXJStjeiF0NR0RSajsF0x1055kX8fQo+L2d0OKRO2cTONd4cCMrMp9Llv9iA/w
y8kzeThTPIb7DyGRjT7RWaCsgqZAl5Jf+v2twaFAlVBbbCdPV0btceOnEOXtJI5L
lX94tQvfTaUaBZvCDoMN9v861gv9FcW8SoxkzdSryupzT5eLdTtsDDmCSfG/USU=
=zPF3
-----END PGP SIGNATURE-----


More information about the Chugalug mailing list