Search the Community
Showing results for tags 'CSL'.
-
Hi. I am hoping that someone can give me a steer on this one. I am working for a client who is transferring maintenance and monitoring to me from an existing provider. A couple of their sites are CSL dualcom systems. The previous company has written to CSL allowing the change over. Can someone tell me the steps needed to take over from this point. Its not something I have done before. I look forward to your thoughts.
-
As many of you know, I spent some time researching the CSL CS2300-R SPTs last year. I found a series of issues that I think are serious problems. CSL have had 17 months to deal with these issues, and after them dawdling, I opted for co-ordinated disclosure of the issues via CERT/CC. CSL have had 45 days to respond to CERT/CC, and only did so on Friday with a statement that is largely spin and distraction. In summary, the issues found: CSL have developed incredibly bad encryption, on a par with techniques state-of-the-art in the time before computers. CSL have not protected against substitution very well CSL can’t fix issues when they are found because they can’t update the firmware There seems to be a big gap between the observed behaviour of the CS2300-R boards and the standards It’s likely that the test house didn’t actually test the encryption or electronic security Even if a device adheres to the standard, it could still be full of holes CSL either lack the skill or drive to develop secure systems, making mistake after mistake I have written a blog post detailing these issues, which also links to the full PDF report. Until CSL can demonstrate that their products are standards compliant and secure, I would advise not using them, especially for higher grades.
- 144 replies
-
- CSL
- CSL Dualcom
-
(and 3 more)
Tagged with: