Re: [AFMUG] OT vacation, yeah right

[TJ Trout]

Chuck are you visiting any other islands besides Ohaū?

On Fri, Dec 27, 2019, 8:01 AM Jaime Solorza 
wrote:

> my heart bleeds for you...NOT
> Jaime Solorza
> Wireless Systems Architect
> 915-861-1390
>
>
> On Thu, Dec 26, 2019 at 7:59 PM  wrote:
>
>> So, here I sit in Oahu combing through thousands of OTDR traces that I
>> need to hand into a customer.  We had some rework to do so I have to find
>> the rework trace results and manually swap files into the transmittal
>> file...  Been at this for days.  I am down to needing to re test  one
>> strand of one cable in one direction but we are missing retest data for
>> that same cable for about 30 strands in the other direction.  I know they
>> are good because all the B to A shots are clean.  But I am missing the
>> rework files for A to B.  Argh.
>>
>> I coughed up the dough to bring all my kids and grandkids on this once in
>> a lifetime extravaganza.  At least I mastered the metro bus system.  Had to
>> ride across town to buy a mouse as I forgot to pack one.  None of my kids
>> volunteered to drive me and I am not on the rental car agreement.
>>
>> So, half blind from combining massive pdf files all day, but at least I
>> am mostly done...
>>
>> Does anyone feel sorry for me?
>> --
>> AF mailing list
>> AF@af.afmug.com
>> http://af.afmug.com/mailman/listinfo/af_af.afmug.com
>>
> --
> AF mailing list
> AF@af.afmug.com
> http://af.afmug.com/mailman/listinfo/af_af.afmug.com
>
-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

[AFMUG] Russian Cybertruck available now!

[Ken Hohhof]

https://arstechnica.com/cars/2019/12/a-cybertruck-goes-on-sale-for-10800-in-
russia/

 

-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

[AFMUG] OT Movie Review

[chuck]

Bombshell

Skip it, wait for streaming.  Very similar to the one on Netflix? earlier this 
year.  Nice eye candy but I think you actually get more meat from the other 
one.  -- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

Re: [AFMUG] Ring doorbell lawsuit

[Ken Hohhof]

Apparently yes, but also apparently that’s above the pay grade of most 
customers.

 

I’m not sure if that would require the token every time you wanted to use the 
Ring app on your phone, or just the first time you paired the phone with the 
service.

 

 

From: AF  On Behalf Of ch...@wbmfg.com
Sent: Saturday, December 28, 2019 12:15 PM
To: 'AnimalFarm Microwave Users Group' 
Subject: Re: [AFMUG] Ring doorbell lawsuit

 

Is there a two factor option for ring?

 

From: Ken Hohhof 

Sent: Saturday, December 28, 2019 6:26 AM

To: 'AnimalFarm Microwave Users Group' 

Subject: Re: [AFMUG] Ring doorbell lawsuit

 

In the case of Ring doorbells, I believe the doorbells communicate with a cloud 
server, in which case the doorbell’s IP address and whether or not you have a 
firewall is irrelevant.  Most cameras work this way, although some seem to act 
as servers and let the mobile device app contact the camera directly, I assume 
via some sort of dynamic DNS.

 

Reportedly all it takes to access your Ring account and access the doorbell or 
camera is your email address and password.  These “hackers” are using 
email/password combinations from previous data breaches and trying them against 
the Ring service to see which ones work.  Once Ring grants access to your 
account, they can view your stored video, watch the camera in real time, or 
even talk through the speaker.  It’s like hacking someone’s Gmail account, 
except Gmail does a better job of alerting you to  suspicious login attempts.

 

The reporting on this doesn’t do a very good job on this detail, you could get 
the impression they are directly accessing your device over the Internet and 
hacking into it, rather than hacking into your cloud account Ring’s servers.

 

https://www.vice.com/en_us/article/epg4xm/amazon-ring-camera-security

 

I would also point out that firewalls don’t protect against a device on the 
trusted side establishing a connection to the outside, and also that all bets 
are off if you enable UPnP.

 

 

From: AF mailto:af-boun...@af.afmug.com> > On Behalf 
Of Matt Hoppes
Sent: Saturday, December 28, 2019 9:44 AM
To: AnimalFarm Microwave Users Group mailto:af@af.afmug.com> >
Subject: Re: [AFMUG] Ring doorbell lawsuit

 

I appreciate an honest conversation. 

 

To me the whole “use temporary IPs” thing just says we are offering security 
through obscuring what IP it might be at. 

 

 


On Dec 28, 2019, at 9:34 AM, Adam Moffett mailto:dmmoff...@gmail.com> > wrote:

Matt, I really appreciate your candor.  Your opinions often get flak for being 
blunt rather than being wrong and I think you don't deserve the heat as often 
as you get it.

But in this particular case, that definitely doesn't meet the definition of 
security through obscurity.

-Adam

 

On 12/28/2019 3:17 AM, Matt Hoppes wrote:

So security through obscurity. Got it. 


On Dec 27, 2019, at 10:17 PM, Cassidy B. Larson mailto:c...@infowest.com> > wrote:

temp ips are used until the tcp session ends for that stream. If I have an ssh 
window open for a  day, the temp IP is still showing in my interface config, 
but only until that particular ssh session is closed. New tcp sessions for a 
bank website would use a different temp IP then get expired after an hour or so 
if nothing else is using that temp address. 

 

Inbound connections to temp ips that are not already “setup” (similar to a 
router nat translation rule) would be blocked by the os as temp ips are for 
outbound connections only.

 

 

On Dec 27, 2019, at 20:07, Matt Hoppes mailto:mattli...@rivervalleyinternet.net> > wrote:

 

Second time I’ve heard this. If it’s using random addresses how does anything 
communicate back with it?

 

And things like banks that secure sessions based on ip addresss will break if 
the IP changes with each click. 


On Dec 27, 2019, at 9:58 PM, Cassidy B. Larson mailto:c...@infowest.com> > wrote:

IPv6 uses temporary addresses for sourcing outbound connections.  Some random 
joe trying to connect back to that temp IP they found in their logs wont get 
them anywhere.  

Of course, who knows if your ring doorbell on v6 might actually implement temp 
ipv6 ips. 

 

On Dec 27, 2019, at 6:53 PM, Matt Hoppes mailto:mattli...@rivervalleyinternet.net> > wrote:

 

You’re putting a lot of faith in that SOHO router. 

 

I know NAT is not a firewall, but even poorly configured it takes some effort 
to open ports. 

 

With ipv6 dropping the inbound firewall is rather trivial. 


On Dec 27, 2019, at 8:24 PM, Adair Winter mailto:ada...@amarillowireless.net> > wrote:

it's not like that won't be firewalled... NAT doesn't stop anything a firewall 
wouldn't. Consumer routers are going to come out of the box with in incoming 
deny.

 

On Fri, Dec 27, 2019 at 7:21 PM Matt Hoppes mailto:mattli...@rivervalleyinternet.net> > wrote:

And we want to roll ipv6 out to every device in the house and let them on the 
internet directly


On Dec 27, 2019, at 8:05 PM, Ken Hohhof 

Re: [AFMUG] Ring doorbell lawsuit

[chuck]

Is there a two factor option for ring?

From: Ken Hohhof 
Sent: Saturday, December 28, 2019 6:26 AM
To: 'AnimalFarm Microwave Users Group' 
Subject: Re: [AFMUG] Ring doorbell lawsuit

In the case of Ring doorbells, I believe the doorbells communicate with a cloud 
server, in which case the doorbell’s IP address and whether or not you have a 
firewall is irrelevant.  Most cameras work this way, although some seem to act 
as servers and let the mobile device app contact the camera directly, I assume 
via some sort of dynamic DNS.

 

Reportedly all it takes to access your Ring account and access the doorbell or 
camera is your email address and password.  These “hackers” are using 
email/password combinations from previous data breaches and trying them against 
the Ring service to see which ones work.  Once Ring grants access to your 
account, they can view your stored video, watch the camera in real time, or 
even talk through the speaker.  It’s like hacking someone’s Gmail account, 
except Gmail does a better job of alerting you to  suspicious login attempts.

 

The reporting on this doesn’t do a very good job on this detail, you could get 
the impression they are directly accessing your device over the Internet and 
hacking into it, rather than hacking into your cloud account Ring’s servers.

 

https://www.vice.com/en_us/article/epg4xm/amazon-ring-camera-security

 

I would also point out that firewalls don’t protect against a device on the 
trusted side establishing a connection to the outside, and also that all bets 
are off if you enable UPnP.

 

 

From: AF  On Behalf Of Matt Hoppes
Sent: Saturday, December 28, 2019 9:44 AM
To: AnimalFarm Microwave Users Group 
Subject: Re: [AFMUG] Ring doorbell lawsuit

 

I appreciate an honest conversation. 

 

To me the whole “use temporary IPs” thing just says we are offering security 
through obscuring what IP it might be at. 

 

 


On Dec 28, 2019, at 9:34 AM, Adam Moffett  wrote:

  Matt, I really appreciate your candor.  Your opinions often get flak for 
being blunt rather than being wrong and I think you don't deserve the heat as 
often as you get it.

  But in this particular case, that definitely doesn't meet the definition of 
security through obscurity.

  -Adam

   

  On 12/28/2019 3:17 AM, Matt Hoppes wrote:

So security through obscurity. Got it. 


On Dec 27, 2019, at 10:17 PM, Cassidy B. Larson  wrote:

  temp ips are used until the tcp session ends for that stream. If I have 
an ssh window open for a  day, the temp IP is still showing in my interface 
config, but only until that particular ssh session is closed. New tcp sessions 
for a bank website would use a different temp IP then get expired after an hour 
or so if nothing else is using that temp address. 

   

  Inbound connections to temp ips that are not already “setup” (similar to 
a router nat translation rule) would be blocked by the os as temp ips are for 
outbound connections only.

   





On Dec 27, 2019, at 20:07, Matt Hoppes 
 wrote:

 

Second time I’ve heard this. If it’s using random addresses how does 
anything communicate back with it?

 

And things like banks that secure sessions based on ip addresss will 
break if the IP changes with each click. 


On Dec 27, 2019, at 9:58 PM, Cassidy B. Larson  
wrote:

  IPv6 uses temporary addresses for sourcing outbound connections.  
Some random joe trying to connect back to that temp IP they found in their logs 
wont get them anywhere.  

  Of course, who knows if your ring doorbell on v6 might actually 
implement temp ipv6 ips. 





On Dec 27, 2019, at 6:53 PM, Matt Hoppes 
 wrote:

 

You’re putting a lot of faith in that SOHO router. 

 

I know NAT is not a firewall, but even poorly configured it takes 
some effort to open ports. 

 

With ipv6 dropping the inbound firewall is rather trivial. 


On Dec 27, 2019, at 8:24 PM, Adair Winter 
 wrote:

  it's not like that won't be firewalled... NAT doesn't stop 
anything a firewall wouldn't. Consumer routers are going to come out of the box 
with in incoming deny.

   

  On Fri, Dec 27, 2019 at 7:21 PM Matt Hoppes 
 wrote:

And we want to roll ipv6 out to every device in the house and 
let them on the internet directly


On Dec 27, 2019, at 8:05 PM, Ken Hohhof  wrote:

  I am no fan of Amazon or of Ring doorbells.  But seriously, 
you can sue them for not forcing you to use two factor authentication?  Even 
when the customers say they have no idea what two factor authentication is?  As 
I understand it, these devices weren’t so much hacked as people chose weak 
passwords, or the same password as something else that had a data breach.

   

  It also seems that the class 

Re: [AFMUG] Ring doorbell lawsuit

[Ken Hohhof]

In the case of Ring doorbells, I believe the doorbells communicate with a cloud 
server, in which case the doorbell’s IP address and whether or not you have a 
firewall is irrelevant.  Most cameras work this way, although some seem to act 
as servers and let the mobile device app contact the camera directly, I assume 
via some sort of dynamic DNS.

 

Reportedly all it takes to access your Ring account and access the doorbell or 
camera is your email address and password.  These “hackers” are using 
email/password combinations from previous data breaches and trying them against 
the Ring service to see which ones work.  Once Ring grants access to your 
account, they can view your stored video, watch the camera in real time, or 
even talk through the speaker.  It’s like hacking someone’s Gmail account, 
except Gmail does a better job of alerting you to  suspicious login attempts.

 

The reporting on this doesn’t do a very good job on this detail, you could get 
the impression they are directly accessing your device over the Internet and 
hacking into it, rather than hacking into your cloud account Ring’s servers.

 

https://www.vice.com/en_us/article/epg4xm/amazon-ring-camera-security

 

I would also point out that firewalls don’t protect against a device on the 
trusted side establishing a connection to the outside, and also that all bets 
are off if you enable UPnP.

 

 

From: AF  On Behalf Of Matt Hoppes
Sent: Saturday, December 28, 2019 9:44 AM
To: AnimalFarm Microwave Users Group 
Subject: Re: [AFMUG] Ring doorbell lawsuit

 

I appreciate an honest conversation. 

 

To me the whole “use temporary IPs” thing just says we are offering security 
through obscuring what IP it might be at. 

 

 


On Dec 28, 2019, at 9:34 AM, Adam Moffett mailto:dmmoff...@gmail.com> > wrote:

Matt, I really appreciate your candor.  Your opinions often get flak for being 
blunt rather than being wrong and I think you don't deserve the heat as often 
as you get it.

But in this particular case, that definitely doesn't meet the definition of 
security through obscurity.

-Adam

 

On 12/28/2019 3:17 AM, Matt Hoppes wrote:

So security through obscurity. Got it. 


On Dec 27, 2019, at 10:17 PM, Cassidy B. Larson mailto:c...@infowest.com> > wrote:

temp ips are used until the tcp session ends for that stream. If I have an ssh 
window open for a  day, the temp IP is still showing in my interface config, 
but only until that particular ssh session is closed. New tcp sessions for a 
bank website would use a different temp IP then get expired after an hour or so 
if nothing else is using that temp address. 

 

Inbound connections to temp ips that are not already “setup” (similar to a 
router nat translation rule) would be blocked by the os as temp ips are for 
outbound connections only.

 





On Dec 27, 2019, at 20:07, Matt Hoppes mailto:mattli...@rivervalleyinternet.net> > wrote:

 

Second time I’ve heard this. If it’s using random addresses how does anything 
communicate back with it?

 

And things like banks that secure sessions based on ip addresss will break if 
the IP changes with each click. 


On Dec 27, 2019, at 9:58 PM, Cassidy B. Larson mailto:c...@infowest.com> > wrote:

IPv6 uses temporary addresses for sourcing outbound connections.  Some random 
joe trying to connect back to that temp IP they found in their logs wont get 
them anywhere.  

Of course, who knows if your ring doorbell on v6 might actually implement temp 
ipv6 ips. 





On Dec 27, 2019, at 6:53 PM, Matt Hoppes mailto:mattli...@rivervalleyinternet.net> > wrote:

 

You’re putting a lot of faith in that SOHO router. 

 

I know NAT is not a firewall, but even poorly configured it takes some effort 
to open ports. 

 

With ipv6 dropping the inbound firewall is rather trivial. 


On Dec 27, 2019, at 8:24 PM, Adair Winter mailto:ada...@amarillowireless.net> > wrote:

it's not like that won't be firewalled... NAT doesn't stop anything a firewall 
wouldn't. Consumer routers are going to come out of the box with in incoming 
deny.

 

On Fri, Dec 27, 2019 at 7:21 PM Matt Hoppes mailto:mattli...@rivervalleyinternet.net> > wrote:

And we want to roll ipv6 out to every device in the house and let them on the 
internet directly


On Dec 27, 2019, at 8:05 PM, Ken Hohhof mailto:af...@kwisp.com> > wrote:

I am no fan of Amazon or of Ring doorbells.  But seriously, you can sue them 
for not forcing you to use two factor authentication?  Even when the customers 
say they have no idea what two factor authentication is?  As I understand it, 
these devices weren’t so much hacked as people chose weak passwords, or the 
same password as something else that had a data breach.

 

It also seems that the class action suit waiver agreeing to arbitration should 
get the suit thrown out, but who knows.

 

https://www.vox.com/recode/2019/12/27/21039517/amazon-ring-hacking-lawsuit

 

I’m guessing people are filling their homes with “things” that will have 

Re: [AFMUG] Ring doorbell lawsuit

[Matt Hoppes]

I appreciate an honest conversation. 

To me the whole “use temporary IPs” thing just says we are offering security 
through obscuring what IP it might be at. 



> On Dec 28, 2019, at 9:34 AM, Adam Moffett  wrote:
> 
> Matt, I really appreciate your candor.  Your opinions often get flak for 
> being blunt rather than being wrong and I think you don't deserve the heat as 
> often as you get it.
> 
> But in this particular case, that definitely doesn't meet the definition of 
> security through obscurity.
> 
> -Adam
> 
> 
> 
>> On 12/28/2019 3:17 AM, Matt Hoppes wrote:
>> So security through obscurity. Got it. 
>> 
>> On Dec 27, 2019, at 10:17 PM, Cassidy B. Larson  wrote:
>> 
>>> temp ips are used until the tcp session ends for that stream. If I have an 
>>> ssh window open for a  day, the temp IP is still showing in my interface 
>>> config, but only until that particular ssh session is closed. New tcp 
>>> sessions for a bank website would use a different temp IP then get expired 
>>> after an hour or so if nothing else is using that temp address.
>>> 
>>> Inbound connections to temp ips that are not already “setup” (similar to a 
>>> router nat translation rule) would be blocked by the os as temp ips are for 
>>> outbound connections only.
>>> 
>>> 
 On Dec 27, 2019, at 20:07, Matt Hoppes  
 wrote:
 
 
 Second time I’ve heard this. If it’s using random addresses how does 
 anything communicate back with it?
 
 And things like banks that secure sessions based on ip addresss will break 
 if the IP changes with each click. 
 
 On Dec 27, 2019, at 9:58 PM, Cassidy B. Larson  wrote:
 
> IPv6 uses temporary addresses for sourcing outbound connections.  Some 
> random joe trying to connect back to that temp IP they found in their 
> logs wont get them anywhere. 
> Of course, who knows if your ring   doorbell on v6 
> might actually implement temp ipv6 ips. 
> 
>> On Dec 27, 2019, at 6:53 PM, Matt Hoppes 
>>  wrote:
>> 
>> You’re putting a lot of faith in that SOHO router. 
>> 
>> I know NAT is not a firewall, but even poorly configured it takes some 
>> effort to open ports. 
>> 
>> With ipv6 dropping the inbound firewall is rather trivial. 
>> 
>> On Dec 27, 2019, at 8:24 PM, Adair Winter  
>> wrote:
>> 
>>> it's not like that won't be firewalled... NAT doesn't stop anything a 
>>> firewall wouldn't. Consumer routers are going to come out of the box 
>>> with in incoming deny.
>>> 
 On Fri, Dec 27, 2019 at 7:21 PM Matt Hoppes 
  wrote:
 And we want to roll ipv6 out to every device in the house and let them 
 on the internet directly
 
 On Dec 27, 2019, at 8:05 PM, Ken Hohhof  wrote:
 
> I am no fan of Amazon or of Ring doorbells.  But seriously, you can 
> sue them for not forcing you to use two factor authentication?  Even 
> when the customers say they have no idea what two factor 
> authentication is?  As I understand it, these devices weren’t so much 
> hacked as people chose weak passwords, or the same password as 
> something else that had a data breach.
> 
>  
> 
> It also seems that the class action suit waiver agreeing to 
> arbitration should get the suit thrown out, but who knows.
> 
>  
> 
> https://www.vox.com/recode/2019/12/27/21039517/amazon-ring-hacking-lawsuit
> 
>  
> 
> I’m guessing people are filling their homes with “things” that will 
> have similar problems.  Oh, and I had the radio on in the car and the 
> one guy said “Hey Alexa” and the other guy scolded him for saying 
> “the A word”.  Evidently if you give Alexa an instruction on the 
> radio, thousands of houses get their lights turned on or thermostat 
> turned up or whatever.
> 
> -- 
> AF mailing list
> AF@af.afmug.com
> http://af.afmug.com/mailman/listinfo/af_af.afmug.com
 -- 
 AF mailing list
 AF@af.afmug.com
 http://af.afmug.com/mailman/listinfo/af_af.afmug.com
>>> 
>>> 
>>> -- 
>>> Adair Winter
>>> VP, Network Operations / Co-Owner
>>> Amarillo Wireless | 806.316.5071
>>> C: 806.231.7180
>>> http://www.amarillowireless.net
>>> 
>>> 
>>> 
>>> 
>>> -- 
>>> AF mailing list
>>> AF@af.afmug.com
>>> http://af.afmug.com/mailman/listinfo/af_af.afmug.com
>> -- 
>> AF mailing list
>> AF@af.afmug.com
>> http://af.afmug.com/mailman/listinfo/af_af.afmug.com
> 
> -- 
> AF mailing list
> AF@af.afmug.com
> http://af.afmug.com/mailman/listinfo/af_af.afmug.com
 -- 
 AF mailing list
 AF@af.afmug.com
 http://af.afmug.com/mailman/listinfo/af_af.afmug.com

Re: [AFMUG] Ring doorbell lawsuit

[Adam Moffett]

Matt, I really appreciate your candor.  Your opinions often get flak for 
being blunt rather than being wrong and I think you don't deserve the 
heat as often as you get it.


But in this particular case, that definitely doesn't meet the definition 
of security through obscurity.


-Adam


On 12/28/2019 3:17 AM, Matt Hoppes wrote:

So security through obscurity. Got it.

On Dec 27, 2019, at 10:17 PM, Cassidy B. Larson > wrote:


temp ips are used until the tcp session ends for that stream. If I 
have an ssh window open for a  day, the temp IP is still showing in 
my interface config, but only until that particular ssh session is 
closed. New tcp sessions for a bank website would use a different 
temp IP then get expired after an hour or so if nothing else is using 
that temp address.


Inbound connections to temp ips that are not already “setup” (similar 
to a router nat translation rule) would be blocked by the os as temp 
ips are for outbound connections only.



On Dec 27, 2019, at 20:07, Matt Hoppes 
> wrote:



Second time I’ve heard this. If it’s using random addresses how does 
anything communicate back with it?


And things like banks that secure sessions based on ip addresss will 
break if the IP changes with each click.


On Dec 27, 2019, at 9:58 PM, Cassidy B. Larson > wrote:


IPv6 uses temporary addresses for sourcing outbound connections. 
 Some random joe trying to connect back to that temp IP they found 
in their logs wont get them anywhere.
Of course, who knows if your ring doorbell on v6 might actually 
implement temp ipv6 ips.


On Dec 27, 2019, at 6:53 PM, Matt Hoppes 
> wrote:


You’re putting a lot of faith in that SOHO router.

I know NAT is not a firewall, but even poorly configured it takes 
some effort to open ports.


With ipv6 dropping the inbound firewall is rather trivial.

On Dec 27, 2019, at 8:24 PM, Adair Winter 
mailto:ada...@amarillowireless.net>> 
wrote:


it's not like that won't be firewalled... NAT doesn't stop 
anything a firewall wouldn't. Consumer routers are going to come 
out of the box with in incoming deny.


On Fri, Dec 27, 2019 at 7:21 PM Matt Hoppes 
> wrote:


And we want to roll ipv6 out to every device in the house and
let them on the internet directly

On Dec 27, 2019, at 8:05 PM, Ken Hohhof mailto:af...@kwisp.com>> wrote:


I am no fan of Amazon or of Ring doorbells.  But seriously,
you can sue them for not forcing you to use two factor
authentication?  Even when the customers say they have no
idea what two factor authentication is?  As I understand it,
these devices weren’t so much hacked as people chose weak
passwords, or the same password as something else that had a
data breach.

It also seems that the class action suit waiver agreeing to
arbitration should get the suit thrown out, but who knows.

https://www.vox.com/recode/2019/12/27/21039517/amazon-ring-hacking-lawsuit

I’m guessing people are filling their homes with “things”
that will have similar problems.  Oh, and I had the radio on
in the car and the one guy said “Hey Alexa” and the other
guy scolded him for saying “the A word”.  Evidently if you
give Alexa an instruction on the radio, thousands of houses
get their lights turned on or thermostat turned up or whatever.

-- 
AF mailing list

AF@af.afmug.com 
http://af.afmug.com/mailman/listinfo/af_af.afmug.com
-- 
AF mailing list

AF@af.afmug.com 
http://af.afmug.com/mailman/listinfo/af_af.afmug.com



--

Adair Winter
VP, Network Operations / Co-Owner
Amarillo Wireless | 806.316.5071
C: 806.231.7180
http://www.amarillowireless.net 



--
AF mailing list
AF@af.afmug.com 
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

--
AF mailing list
AF@af.afmug.com 
http://af.afmug.com/mailman/listinfo/af_af.afmug.com


--
AF mailing list
AF@af.afmug.com 
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

--
AF mailing list
AF@af.afmug.com 
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

--
AF mailing list
AF@af.afmug.com 
http://af.afmug.com/mailman/listinfo/af_af.afmug.com


-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

Re: [AFMUG] Ring doorbell lawsuit

[Matt Hoppes]

So security through obscurity. Got it. 

> On Dec 27, 2019, at 10:17 PM, Cassidy B. Larson  wrote:
> 
> temp ips are used until the tcp session ends for that stream. If I have an 
> ssh window open for a  day, the temp IP is still showing in my interface 
> config, but only until that particular ssh session is closed. New tcp 
> sessions for a bank website would use a different temp IP then get expired 
> after an hour or so if nothing else is using that temp address.
> 
> Inbound connections to temp ips that are not already “setup” (similar to a 
> router nat translation rule) would be blocked by the os as temp ips are for 
> outbound connections only.
> 
> 
>> On Dec 27, 2019, at 20:07, Matt Hoppes  
>> wrote:
>> 
>> 
>> Second time I’ve heard this. If it’s using random addresses how does 
>> anything communicate back with it?
>> 
>> And things like banks that secure sessions based on ip addresss will break 
>> if the IP changes with each click. 
>> 
>>> On Dec 27, 2019, at 9:58 PM, Cassidy B. Larson  wrote:
>>> 
>>> IPv6 uses temporary addresses for sourcing outbound connections.  Some 
>>> random joe trying to connect back to that temp IP they found in their logs 
>>> wont get them anywhere. 
>>> Of course, who knows if your ring doorbell on v6 might actually implement 
>>> temp ipv6 ips. 
>>> 
 On Dec 27, 2019, at 6:53 PM, Matt Hoppes 
  wrote:
 
 You’re putting a lot of faith in that SOHO router. 
 
 I know NAT is not a firewall, but even poorly configured it takes some 
 effort to open ports. 
 
 With ipv6 dropping the inbound firewall is rather trivial. 
 
> On Dec 27, 2019, at 8:24 PM, Adair Winter  
> wrote:
> 
> it's not like that won't be firewalled... NAT doesn't stop anything a 
> firewall wouldn't. Consumer routers are going to come out of the box with 
> in incoming deny.
> 
>> On Fri, Dec 27, 2019 at 7:21 PM Matt Hoppes 
>>  wrote:
>> And we want to roll ipv6 out to every device in the house and let them 
>> on the internet directly
>> 
>>> On Dec 27, 2019, at 8:05 PM, Ken Hohhof  wrote:
>>> 
>>> I am no fan of Amazon or of Ring doorbells.  But seriously, you can sue 
>>> them for not forcing you to use two factor authentication?  Even when 
>>> the customers say they have no idea what two factor authentication is?  
>>> As I understand it, these devices weren’t so much hacked as people 
>>> chose weak passwords, or the same password as something else that had a 
>>> data breach.
>>> 
>>>  
>>> 
>>> It also seems that the class action suit waiver agreeing to arbitration 
>>> should get the suit thrown out, but who knows.
>>> 
>>>  
>>> 
>>> https://www.vox.com/recode/2019/12/27/21039517/amazon-ring-hacking-lawsuit
>>> 
>>>  
>>> 
>>> I’m guessing people are filling their homes with “things” that will 
>>> have similar problems.  Oh, and I had the radio on in the car and the 
>>> one guy said “Hey Alexa” and the other guy scolded him for saying “the 
>>> A word”.  Evidently if you give Alexa an instruction on the radio, 
>>> thousands of houses get their lights turned on or thermostat turned up 
>>> or whatever.
>>> 
>>> -- 
>>> AF mailing list
>>> AF@af.afmug.com
>>> http://af.afmug.com/mailman/listinfo/af_af.afmug.com
>> -- 
>> AF mailing list
>> AF@af.afmug.com
>> http://af.afmug.com/mailman/listinfo/af_af.afmug.com
> 
> 
> -- 
> Adair Winter
> VP, Network Operations / Co-Owner
> Amarillo Wireless | 806.316.5071
> C: 806.231.7180
> http://www.amarillowireless.net
> 
> 
> 
> 
> -- 
> AF mailing list
> AF@af.afmug.com
> http://af.afmug.com/mailman/listinfo/af_af.afmug.com
 -- 
 AF mailing list
 AF@af.afmug.com
 http://af.afmug.com/mailman/listinfo/af_af.afmug.com
>>> 
>>> -- 
>>> AF mailing list
>>> AF@af.afmug.com
>>> http://af.afmug.com/mailman/listinfo/af_af.afmug.com
>> -- 
>> AF mailing list
>> AF@af.afmug.com
>> http://af.afmug.com/mailman/listinfo/af_af.afmug.com
> -- 
> AF mailing list
> AF@af.afmug.com
> http://af.afmug.com/mailman/listinfo/af_af.afmug.com
-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com