ElecTech Posted February 18, 2016 Posted February 18, 2016 I really don't understand how anyone could think this isn't sensitive information? Regardless where else you can get it from, we all work within the industry and have a duty of care to stop these hacks/floors become broadcasted to the public. Like I said, no problem discussing it with fellow professionals as there's clearly an issue, but not just anyone who can use google. And if its the case other sites have the same info then so be it, but at least someone's DVR didn't get hacked from TSI (a professional security installation forum)... I might have it wrong so please tell me if I do and why... Quote
datadiffusion Posted February 18, 2016 Posted February 18, 2016 (edited) and have a duty of care to stop these hacks/floors become broadcasted to the public. It may very well be sensitive information, but we don't have any such duty of care at this time, and if we did, it is or was already front page news on regular mainstream, non security specific sites. Again this is my own personal opinion and other members may disagree too. Edited February 18, 2016 by datadiffusion Quote So, I've decided to take my work back underground.... to stop it falling into the wrong hands
ElecTech Posted February 18, 2016 Posted February 18, 2016 (edited) It may very well be sensitive information, but we don't have any such duty of care, and if we did, it is already front page news on regular mainstream, non security specific sites. wow...... and the trade RESTRICTED forum is for what exactly? Private boys club? I know it's your view and I respect them but your views matter..... You have 8k+ posts.... Your obviously b*lls deep in the site so your view will carry weight! Edited February 18, 2016 by ElecTech Quote
datadiffusion Posted February 18, 2016 Posted February 18, 2016 Not sure what you mean there. It's for discussing specific issues to do with the industry, faults, problems, business ideas. All very personal and with a very good reason not to be in public. Quote So, I've decided to take my work back underground.... to stop it falling into the wrong hands
ElecTech Posted February 18, 2016 Posted February 18, 2016 (edited) This surely runs in line with the industry, faults, problems, and business ideas... And has massive reason to not be in public domain... If engineer codes are so readily available elsewhere like you said, why do we protect such info? Yet keep a topic like this on public, same vulnerabilities, same damage could be caused getting into the wrong hands. Do people see engineer codes as a cash cow if kept secret? And before anyone says, I know money isnt made directly from this site by engineer resets, but industry wise it is... Serious question... Edited February 18, 2016 by ElecTech Quote
cybergibbons Posted February 18, 2016 Author Posted February 18, 2016 This should be in trade only in my opinion. Yeah it might be splattered all over the web but site rules don't allow default engineer codes let alone back doors to DVRs....? I agree the issue should be raised but not in public view. And anyway, from an installation point of view, what's the solution? It's been viewed by tens of thousands already, so the cat is out of the bag. The solution has a few aspects: 1. Don't trust very cheap gear, especially if it has no firmware updates. 2. Make sure you change passwords from defaults. 3. Don't port forward to the device from the open internet 4. If remote access is required, use a VPN. 5. Segregate it from the rest of your network on a VLAN or subnet. 6. Block outbound traffic so it can't create a reverse shell. 7. If it has HTTPS, enable it. Quote I have a blog, some of which is about alarm security and reverse engineering:http://cybergibbons.com/
ElecTech Posted February 18, 2016 Posted February 18, 2016 (edited) It's been viewed by tens of thousands already, so the cat is out of the bag. That's it then, just leave it for the next 10,000 to read... My point is, this site in particular is full of security professional's who when it suits act all hush hush about engineering codes etc, yet leave this in public view.... Daft... But anyway enough of that... Seems an IT networking guru will need to be on hand to be truly safe? Edited February 18, 2016 by ElecTech Quote
MrHappy Posted February 18, 2016 Posted February 18, 2016 That's it then, just leave it for the next 10,000 to read... nah you'd need to be popular website like - http://twitter.com/cybergibbons Quote Mr Veritas God
al-yeti Posted February 18, 2016 Posted February 18, 2016 (edited) That's it then, just leave it for the next 10,000 to read... My point is, this site in particular is full of security professional's who when it suits act all hush hush about engineering codes etc, yet leave this in public view.... Daft... But anyway enough of that... Seems an IT networking guru will need to be on hand to be truly safe? "No offence seriously"But your talking rubbish , generally some stuff is on the web not all codes and many wouldn't know what to do with them anyway, they are simply protecting the ones they install for because nature of people is to mess with there system by not giving out info and of course the teefs who will have ago at something IT guru can makr mistakes to Edited February 18, 2016 by al-yeti Quote
cybergibbons Posted February 18, 2016 Author Posted February 18, 2016 It's a lot easier to find this out now than engineer codes. The thing with engineer codes is that they are a built-in part of the system, known and accepted by many. The problems in the DVR aren't exactly in the manual. Quote I have a blog, some of which is about alarm security and reverse engineering:http://cybergibbons.com/
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.