Jump to content
Security Installer Community

Recommended Posts

Posted

I really don't understand how anyone could think this isn't sensitive information? Regardless where else you can get it from, we all work within the industry and have a duty of care to stop these hacks/floors become broadcasted to the public.

 

Like I said, no problem discussing it with fellow professionals as there's clearly an issue, but not just anyone who can use google. And if its the case other sites have the same info then so be it, but at least someone's DVR didn't get hacked from TSI (a professional security installation forum)...

 

I might have it wrong so please tell me if I do and why...

Posted (edited)

and have a duty of care to stop these hacks/floors become broadcasted to the public.

 

It may very well be sensitive information, but we don't have any such duty of care at this time, and if we did, it is or was already front page news on regular mainstream, non security specific sites.

 

Again this is my own personal opinion and other members may disagree too.

Edited by datadiffusion

So, I've decided to take my work back underground.... to stop it falling into the wrong hands

 

Posted (edited)

It may very well be sensitive information, but we don't have any such duty of care, and if we did, it is already front page news on regular mainstream, non security specific sites.

 

wow...... and the trade RESTRICTED forum is for what exactly? Private boys club?

 

I know it's your view and I respect them but your views matter..... You have 8k+ posts.... Your obviously b*lls deep in the site so your view will carry weight!

Edited by ElecTech
Posted

Not sure what you mean there. It's for discussing specific issues to do with the industry, faults, problems, business ideas.

 

All very personal and with a very good reason not to be in public.

So, I've decided to take my work back underground.... to stop it falling into the wrong hands

 

Posted (edited)

This surely runs in line with the industry, faults, problems, and business ideas... And has massive reason to not be in public domain...

 

If engineer codes are so readily available elsewhere like you said, why do we protect such info? Yet keep a topic like this on public, same vulnerabilities, same damage could be caused getting into the wrong hands.

 

Do people see engineer codes as a cash cow if kept secret? And before anyone says, I know money isnt made directly from this site by engineer resets, but industry wise it is... Serious question...

Edited by ElecTech
Posted

This should be in trade only in my opinion. Yeah it might be splattered all over the web but site rules don't allow default engineer codes let alone back doors to DVRs....? I agree the issue should be raised but not in public view.

And anyway, from an installation point of view, what's the solution?

 

It's been viewed by tens of thousands already, so the cat is out of the bag.

 

The solution has a few aspects:

1. Don't trust very cheap gear, especially if it has no firmware updates.

2. Make sure you change passwords from defaults.

3. Don't port forward to the device from the open internet

4. If remote access is required, use a VPN.

5. Segregate it from the rest of your network on a VLAN or subnet.

6. Block outbound traffic so it can't create a reverse shell.

7. If it has HTTPS, enable it.

I have a blog, some of which is about alarm security and reverse engineering:
http://cybergibbons.com/

 

 

 

Posted (edited)

It's been viewed by tens of thousands already, so the cat is out of the bag.

 

That's it then, just leave it for the next 10,000 to read...

 

My point is, this site in particular is full of security professional's who when it suits act all hush hush about engineering codes etc, yet leave this in public view....

 

Daft...

 

But anyway enough of that...

 

Seems an IT networking guru will need to be on hand to be truly safe?

Edited by ElecTech
Posted (edited)

That's it then, just leave it for the next 10,000 to read...

My point is, this site in particular is full of security professional's who when it suits act all hush hush about engineering codes etc, yet leave this in public view....

Daft...

But anyway enough of that...

Seems an IT networking guru will need to be on hand to be truly safe?

"No offence seriously"

But your talking rubbish , generally some stuff is on the web not all codes and many wouldn't know what to do with them anyway, they are simply protecting the ones they install for because nature of people is to mess with there system by not giving out info and of course the teefs who will have ago at something

IT guru can makr mistakes to

Edited by al-yeti
Posted

It's a lot easier to find this out now than engineer codes.

 

The thing with engineer codes is that they are a built-in part of the system, known and accepted by many.

The problems in the DVR aren't exactly in the manual.

I have a blog, some of which is about alarm security and reverse engineering:
http://cybergibbons.com/

 

 

 

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.



×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.