Re: Time to get rid of weird connected appliances! <> check this
On 10/23/2016 9:32 PM, Cameron Kaiser wrote: Similarly, my home camera system connects to an Axis concentrator I'm using Foscam cameras, which are ip connected, but the model I have isn't "cloud" connected, there is a mini DVR the size of a cigarette pack that does a 16 channel recorder to an attached USB drive. You do all yourself. paranoia is a good thing. Mouse mentioned Sparc systems. I know of a friend who runs a well known site to us (not Jay) on an Alpha for the reasons Mouse mentioned. Thanks jim
Re: Time to get rid of weird connected appliances! <> check this
> Nevertheless, most IoT devices only talk (outgoing) to some server in > some cloud, and are reasonably safe, at least until the server is > attacked. Which is why I'll only buy systems for which the API is either open or well-understood. I have several sets of Philips hue bulb networks in the house. They sit on the secured non-routable internal network and have never been able to phone home. The central server drives them directly using a Perl tool I wrote (huepl), and now the security and access controls are metered by me, not by Philips. Similarly, my home camera system connects to an Axis concentrator that is only accessible on that same non-routable network. The central server grabs snapshots and motion JPEG feeds from it. Again, the security is now in my hands. I admit I'm paranoid and having this requirement reduces the amount of hardware I'll see fit to buy, but usually it reduces it to the higher quality devices in any case. -- personal: http://www.cameronkaiser.com/ -- Cameron Kaiser * Floodgap Systems * www.floodgap.com * ckai...@floodgap.com -- Reality is when it finally happens to you, too.
RE: Time to get rid of weird connected appliances! <> check this
In 2011 Barnaby Jack warned of insulin pump attacks (https://en.wikipedia.org/wiki/Barnaby_Jack) yet in 2016 J had to warn their customers that they were vulnerable to attack (https://www.techdirt.com/articles/20161004/06242635699/johnson-johnson-warns-insulin-pump-owners-they-could-be-killed-hackers.shtml). When are companies going to get compliant with security? -Original Message- From: cctalk [mailto:cctalk-boun...@classiccmp.org] On Behalf Of Alexandre Souza Sent: Sunday, October 23, 2016 2:36 PM To: General Discussion: On-Topic and Off-Topic Posts Subject: Re: Time to get rid of weird connected appliances! <> check this A good linux machine running a firewall wouldn't make all of this work flawlessly? 2016-10-23 17:31 GMT-02:00 Chuck Guzis <ccl...@sydex.com>: > On 10/23/2016 01:29 AM, Guy Dawson wrote: > > It's not so much an attack on IoT as with IoT. The worm's ( assuming > > a compromised IoT device is used to compromise others - I'm not sure > > about this) job is to make IoT devices available to a control system > > so that IoT devices can be used to generate the loads needed in DDOS > > attacks. > > > > The attackers would rather you did not know your IoT devices were > > compromised as that way you'll leave them connected to the Internet > > and under their control. > > I contrast NFC and IoT. At least to me, "IoT" implies an > Internet-connected device. NFC implies only that there's a device > that can communicate wirelessly with nearby devices. > > Having said that, if one prowls the web for vulnerabilities in, say, > DSL modems, it's shocking. Many, if not most, are running some sort > of Linux, usually BusyBox (not known for its security). There are > millions of the things out there, many with telnet enabled and still > with the default password. The ISPs who distribute these things > usually view them as "black boxes" and apparently have little interest in > security. > > Whether or not some malefactor can hack a Carrier or Trane connected > thermostat is something that I've not researched. > > --Chuck >
RE: Time to get rid of weird connected appliances! <> check this
> -Original Message- > From: cctalk [mailto:cctalk-boun...@classiccmp.org] On Behalf Of Alexandre > Souza > Sent: 23 October 2016 20:36 > To: General Discussion: On-Topic and Off-Topic Posts >> Subject: Re: Time to get rid of weird connected appliances! < DIE>> check this > > A good linux machine running a firewall wouldn't make all of this work > flawlessly? > Not once the devices are compromised. There are many devices, each device just needs to deliver a single DNS lookup. Dave
Re: Time to get rid of weird connected appliances! <> check this
On 23/10/2016 20:41, Alexis Kotlowy wrote: On 24/10/2016 06:05, Alexandre Souza wrote: A good linux machine running a firewall wouldn't make all of this work flawlessly? The problem is the 'average consumer' isn't going to bother with that. They'll just wire up their IoT devices, for convenience sake, and leave it to do its thing. True, but for many devices it's irrelevant because you can't easily get to them from the internet. Some security cameras are an obvious exception, along with other things you might connect to directly while "out and about" - things you have to set up "port forwarding" for. Nevertheless, most IoT devices only talk (outgoing) to some server in some cloud, and are reasonably safe, at least until the server is attacked. That's true of my thermostats and central heating control, for example, and you won't easily get to them over my wifi because they use almost-random 30-character keys. Attackers go for the low-hanging fruit. Unfortunately the number of people who will do this far outweigh the people who know what they're doing. Also true :-( And that applies as much to many manufacturers as to end users. Two of my above-mentioned thermostats were originally limited to an 8-character alphanumeric key, until I made a fuss about WiFi Alliance standards. As for modems/routers, over here (UK) the ISPs tend to go for fairly random 12-20 character passwords which aren't even obviously related to the MAC address. Even so, I ignored my ISP's offering in favour of something a bit more high-end, carefully configured, but I still see an average of about two connection attempts a second. -- Pete Pete Turnbull
Re: Time to get rid of weird connected appliances! <> check this
Too stupid of me forgetting about the common man :( Sorry! :D 2016-10-23 17:41 GMT-02:00 Alexis Kotlowy: > On 24/10/2016 06:05, Alexandre Souza wrote: > >> A good linux machine running a firewall wouldn't make all of this >> work flawlessly? >> > > The problem is the 'average consumer' isn't going to bother with that. > They'll just wire up their IoT devices, for convenience sake, and leave > it to do its thing. Unfortunately the number of people who will do this > far outweigh the people who know what they're doing. > > Alexis >
Re: Time to get rid of weird connected appliances! <> check this
On 24/10/2016 06:05, Alexandre Souza wrote: A good linux machine running a firewall wouldn't make all of this work flawlessly? The problem is the 'average consumer' isn't going to bother with that. They'll just wire up their IoT devices, for convenience sake, and leave it to do its thing. Unfortunately the number of people who will do this far outweigh the people who know what they're doing. Alexis
Re: Time to get rid of weird connected appliances! <> check this
A good linux machine running a firewall wouldn't make all of this work flawlessly? 2016-10-23 17:31 GMT-02:00 Chuck Guzis: > On 10/23/2016 01:29 AM, Guy Dawson wrote: > > It's not so much an attack on IoT as with IoT. The worm's ( assuming > > a compromised IoT device is used to compromise others - I'm not sure > > about this) job is to make IoT devices available to a control system > > so that IoT devices can be used to generate the loads needed in DDOS > > attacks. > > > > The attackers would rather you did not know your IoT devices were > > compromised as that way you'll leave them connected to the Internet > > and under their control. > > I contrast NFC and IoT. At least to me, "IoT" implies an > Internet-connected device. NFC implies only that there's a device that > can communicate wirelessly with nearby devices. > > Having said that, if one prowls the web for vulnerabilities in, say, DSL > modems, it's shocking. Many, if not most, are running some sort of > Linux, usually BusyBox (not known for its security). There are millions > of the things out there, many with telnet enabled and still with the > default password. The ISPs who distribute these things usually view > them as "black boxes" and apparently have little interest in security. > > Whether or not some malefactor can hack a Carrier or Trane connected > thermostat is something that I've not researched. > > --Chuck >
Re: Time to get rid of weird connected appliances! <> check this
On 10/23/2016 01:29 AM, Guy Dawson wrote: > It's not so much an attack on IoT as with IoT. The worm's ( assuming > a compromised IoT device is used to compromise others - I'm not sure > about this) job is to make IoT devices available to a control system > so that IoT devices can be used to generate the loads needed in DDOS > attacks. > > The attackers would rather you did not know your IoT devices were > compromised as that way you'll leave them connected to the Internet > and under their control. I contrast NFC and IoT. At least to me, "IoT" implies an Internet-connected device. NFC implies only that there's a device that can communicate wirelessly with nearby devices. Having said that, if one prowls the web for vulnerabilities in, say, DSL modems, it's shocking. Many, if not most, are running some sort of Linux, usually BusyBox (not known for its security). There are millions of the things out there, many with telnet enabled and still with the default password. The ISPs who distribute these things usually view them as "black boxes" and apparently have little interest in security. Whether or not some malefactor can hack a Carrier or Trane connected thermostat is something that I've not researched. --Chuck
Re: Time to get rid of weird connected appliances! <> check this
It's not so much an attack on IoT as with IoT. The worm's ( assuming a compromised IoT device is used to compromise others - I'm not sure about this) job is to make IoT devices available to a control system so that IoT devices can be used to generate the loads needed in DDOS attacks. The attackers would rather you did not know your IoT devices were compromised as that way you'll leave them connected to the Internet and under their control. On 23 October 2016 at 08:08, jim stephens <jwsm...@jwsss.com> wrote: > > > On 10/22/2016 11:17 PM, couryho...@aol.com wrote: > >> Time to get rid of weird connected appliances! <> >> check this >> http://www.msn.com/en-us/news/technology/how-your-dvr-was-hi >> jacked-to-help-epic-cyberattack/ar-AAjh8Yr?ocid=mailsignout >> > I wish that writers had a clue what IoT is and what that means. I have no > network connected devices of this source facing the open net. All of the > premises equipment supplied by the internet, tv, and phone provider, are on > their own 10 net, and isolated from any connection to the internet. If > they are corrupted, fun, but not going to get to the internet. > > This is a worm from what I see, and it does target network connected > devices, but it doesn't attack what is currently bounced around as IoT. I > suppose if you want to call every network enlightened device out the > including ones developed before the IoT of the last couple of years came > into existence then okay. > > I know this is a bit new for the list, but the concept of having embedded > or other network controls on devices is not. > > I'll be interested to see what sort of attack is implemented by this, but > this worm attack is more like the Morris attack of years ago than an attack > on IoT. That will come, but will have very different symptoms. > > If you have a wireless controlled remote "cloud" device say a colored LED > light bulb, while you are watching TV some nite, loaded and not sure what > is going on, your LED light will start changing and putting out fun colors > and other patterns, and you will wonder if your latest pot maybe had a bit > of acid added to it. > > Thanks > Jim > -- 4.4 > 5.4
Re: Time to get rid of weird connected appliances! <> check this
On 10/22/2016 11:17 PM, couryho...@aol.com wrote: Time to get rid of weird connected appliances! <> check this http://www.msn.com/en-us/news/technology/how-your-dvr-was-hijacked-to-help-epic-cyberattack/ar-AAjh8Yr?ocid=mailsignout I wish that writers had a clue what IoT is and what that means. I have no network connected devices of this source facing the open net. All of the premises equipment supplied by the internet, tv, and phone provider, are on their own 10 net, and isolated from any connection to the internet. If they are corrupted, fun, but not going to get to the internet. This is a worm from what I see, and it does target network connected devices, but it doesn't attack what is currently bounced around as IoT. I suppose if you want to call every network enlightened device out the including ones developed before the IoT of the last couple of years came into existence then okay. I know this is a bit new for the list, but the concept of having embedded or other network controls on devices is not. I'll be interested to see what sort of attack is implemented by this, but this worm attack is more like the Morris attack of years ago than an attack on IoT. That will come, but will have very different symptoms. If you have a wireless controlled remote "cloud" device say a colored LED light bulb, while you are watching TV some nite, loaded and not sure what is going on, your LED light will start changing and putting out fun colors and other patterns, and you will wonder if your latest pot maybe had a bit of acid added to it. Thanks Jim
Time to get rid of weird connected appliances! <> check this
Time to get rid of weird connected appliances! <> check this http://www.msn.com/en-us/news/technology/how-your-dvr-was-hijacked-to-help-epic-cyberattack/ar-AAjh8Yr?ocid=mailsignout