If I can answer "why" a bit further: I have seen a number of "IOT" (internet of things) type devices where the manufacturer, frequently a Taiwanese or mainland China based company, decided to implement unencrypted communications between the IOT device and their backend servers. Cheap ethernet enabled webcams, doorbells, thermostats, etc.
Frequently it's a company with an app very similar to what's on the front page of your non-https website, and immediately makes me suspicious. On Wed, Apr 12, 2017 at 8:49 AM, Harold Bledsoe <[email protected]> wrote: > I'm not security expert by any means but why do we need to encrypt our > marketing website. For example we don't force https on ignitenet.com but > then it doesn't really do much. The cloud controller on the other hand is > encrypted and also intrusion tested. > > It's easy to force https I suppose. I'd just like to understand why. > > -Hal > > On Wed, Apr 12, 2017 at 11:29 AM Eric Kuhnke <[email protected]> > wrote: > >> Not really, in my opinion, if you're selling a security related product >> and can't be bothered to have https on your marketing page... It makes me >> wonder if you're doing proper TLS1.2 between your iphone/android app and >> your cloud based security product's hosted back end. >> >> It says maybe your IP/Ethernet enabled security product maybe wasn't >> designed by a company with the highest level of clue? >> >> https://letsencrypt.org/stats/ >> >> >> >> On Tue, Apr 11, 2017 at 8:28 PM, Mike Hammett <[email protected]> wrote: >> >> That seems like an arbitrary and silly stick to measure against. >> >> >> >> ----- >> Mike Hammett >> Intelligent Computing Solutions <http://www.ics-il.com/> >> <https://www.facebook.com/ICSIL> >> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> >> <https://www.linkedin.com/company/intelligent-computing-solutions> >> <https://twitter.com/ICSIL> >> Midwest Internet Exchange <http://www.midwest-ix.com/> >> <https://www.facebook.com/mdwestix> >> <https://www.linkedin.com/company/midwest-internet-exchange> >> <https://twitter.com/mdwestix> >> The Brothers WISP <http://www.thebrotherswisp.com/> >> <https://www.facebook.com/thebrotherswisp> >> >> >> <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg> >> ------------------------------ >> >> *From: *"Eric Kuhnke" <[email protected]> >> *To: *[email protected] >> *Sent: *Tuesday, April 11, 2017 10:27:07 PM >> *Subject: *Re: [AFMUG] Looking for a few good beta testers >> >> If you're advertising anything for security and don't have an >> https-enabled website (LetsEncrypt is free), it's hard to take seriously. >> Even if it's just marketing material. >> >> >> On Tue, Apr 11, 2017 at 11:59 AM, Harold Bledsoe <[email protected]> >> wrote: >> >> Hi folks, >> >> We have a new integration launching soon on the IgniteNet platform that >> is a home/business cloud video surveillance solution. It essentially lets >> you as an operator offer a Nest-like video solution to your customers so >> you can get paid for what folks are going to do anyways over your network. >> >> We are looking for a handful of early adopters who would be interested to >> roll out something like this to beta test, give feedback, etc. It would be >> great if you can hit me offlist if you want to try it out! >> >> http://na.smc.com/ >> >> Highlights are here. :-) >> >> Thanks, >> -Hal >> >> >>
