From: "Federico Lucifredi" <[EMAIL PROTECTED]>
Date: Sat, 18 Jan 2003 11:45:51 -0500
Dear Mongers,
a sudden question I woke up with this morning: many of you are probably
familiar with the Xanboo "home management" system or similar devices such as
the X10 series. Now, I was wondering, which hardware do you recommend, what
solutions other than Xanboo are out there (possibly not requiring a monthly
subscription ofr a silly website), which on the hackers among you have
played with, and, most importantly, can any of them be programmed in Perl ?
-Federico
Personally, I find their web site scary. Pages and pages of all the
cool stuff you (or anyone else) could control remotely, but scarcely a
word about security. Until you get to their privacy page, hidden in a
non-obvious link after the copyright notice, which only says that they
are not responsible for anything. They did have some blather about
using "industry standard" protocols for the server-to-remote-access-
client link, but they also mention ASP somewhere, which could mean that
they consider IIS an "industry standard" -- another scary thought.
Nowhere do I find anything that talks about the security of the
home-to-server link.
Even assuming they use HTTPS exclusively, I still have questions
about the server security: Is all this stuff protected only by a
password, and if so, how many characters do they actually use? Are any
cookies required? Must I enable Javascript for the site to work?
So, here's the big question in my mind: Even if you consider it
useful to be able to control your appliances from anywhere in the world,
or spy on the babysitter and boy/girlfriend on the couch, why would you
want to choose a solution that requires a third party to provide access
your personal data? Why not something that you contact directly on your
home machine via ssh, or IPSEC, or something else with better-understood
security implications? Using something other than HTTP/HTML would mean
that you couldn't control your microwave from everybody's PDA . . . but
that's a good thing, isn't it?
Besides, Xanboo only works with Windows, unchallenged favorite of
crackers everywhere. Which probably explains why the security section
concludes in the following vein:
Due to the nature of current technology, there exists the
possibility of unauthorized access to your computer by third
parties. As such, all data on your computer, including Xanboo
Home Control software, and related connections, can be
comprised. Xanboo is not liable for damages resulting from the
unauthorized access to your computer, and related Xanboo
software and hardware by third parties.
Nice of them to forewarn you about the shortcomings of "current
technology" . . .
-- Bob Rogers
http://rgrjr.dyndns.org/
_______________________________________________
Boston-pm mailing list
[EMAIL PROTECTED]
http://mail.pm.org/mailman/listinfo/boston-pm
