cybergibbons Posted November 8, 2015 Author Posted November 8, 2015 Isn't that 'Self Declared' bit the whole industry in general. I think that is part of the problem, but to sell signalling devices in some places (Spain, at least), you need third-party testing. The CS2300 has been tested: https://twitter.com/CSLDualCom/status/486496083322093568 But, after speaking to the testing house, it is highly likely that the entire encryption and substitution protection bit is self-declared, even when third-party tested. Personally, I don't think that's made clear. Quote I have a blog, some of which is about alarm security and reverse engineering:http://cybergibbons.com/
james.wilson Posted November 8, 2015 Posted November 8, 2015 If self certing is part of it what's the point of 3rd party certification? Quote securitywarehouse Security Supplies from Security Warehouse Trade Members please contact us for your TSI vetted trade discount.
Belfastengineer Posted November 8, 2015 Posted November 8, 2015 On 1st May this year, I found it was possible to dump the names, addresses, emails, usernames, and phone numbers of every single user of every single company who had registered on the CSL M2M SIM page. I did not push the investigation any further, but worse may have been visible. http://cybergibbons.com/alarms-2/customer-database-leak-on-csl-dualcoms-sim-registration-portal/ If you would like to know if your company was one of the listed ones, I can check for you. Can you check if I'm on there Mercury Security Management? Quote
datadiffusion Posted November 8, 2015 Posted November 8, 2015 If you're a CSL customer or have ever called them about *any* product I'd say it looks like you will be. Quote So, I've decided to take my work back underground.... to stop it falling into the wrong hands
al-yeti Posted November 8, 2015 Posted November 8, 2015 If it's general info Ie phone number email address being registered company anyway What's the big deal it's all available anyway ? Quote
MrHappy Posted November 8, 2015 Posted November 8, 2015 What's the big deal it's all available anyway ? Well lets say Kev Hall appears on the list under his co's name, At one time the site would have given out his email & password to those in the know. If the same credentials are used else where, that presents quite a risk ? Quote Mr Veritas God
al-yeti Posted November 8, 2015 Posted November 8, 2015 We just go into housing and building like you , get bigger cone cutters and your done Is csl overall cheapest? Quote
cybergibbons Posted November 8, 2015 Author Posted November 8, 2015 Can you check if I'm on there Mercury Security Management? Yes, Frank. If self certing is part of it what's the point of 3rd party certification? The point is that most people don't realise this, and it took quite a lot of work to arrange a meeting with the test house before I found this out. So you have a cert and people think it means all of it was third-party tested. Quote I have a blog, some of which is about alarm security and reverse engineering:http://cybergibbons.com/
Belfastengineer Posted November 8, 2015 Posted November 8, 2015 Yes, Frank. That would be our CEO Quote
cybergibbons Posted November 8, 2015 Author Posted November 8, 2015 (edited) If it's general info Ie phone number email address being registered company anyway What's the big deal it's all available anyway ? There are sole traders on there, who might not want their addresses out there. A lot of mobile numbers. Usernames - they should not be leaking. It's also strongly indicative that they have done no security testing at all. This was found in under a minute of browsing their site. What else is there? Also, it's a great tool for social engineering. And a great list of contacts for a competitor. Edited November 8, 2015 by cybergibbons Quote I have a blog, some of which is about alarm security and reverse engineering:http://cybergibbons.com/
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.