cybergibbons Posted April 24, 2013 Author Share Posted April 24, 2013 Why not? I have a blog, some of which is about alarm security and reverse engineering:http://cybergibbons.com/ Link to comment Share on other sites More sharing options...
Joe Harris Posted April 24, 2013 Share Posted April 24, 2013 Disclosures are often made prior to a fix being released. Sometimes this is due to uneducated or unethical disclosure practices, those discovering an issue may not be aware of the correct reporting procedure or may simply want to boost their ego by announcing it as a 0day vuln... Sometimes it is a result of a company failing to respond to a notification or to act upon a disclosure within a fair agreed time scale. The driver here is that without a policy or procedure in place you make it harder for people to report such issues. There was an example on Monday the 22nd or someone struggling to contact Vodafone to advise of a vulnerability (curiously the same day that we had network outages - purely coincidence ofc...) if someone cannot contact a manufacturer or service provider directly then they often expose the issue to more people while trying to find a route to report it if not just telling the world. Closing the door to such information is the same as burying your head in the sand. Some firms have a great reputation for responding to (and in some cases awarding) potential security issues when they are found. These firms tend to have the favour returned in some cases when people opt to go to them instead of to the black market. Link to comment Share on other sites More sharing options...
cybergibbons Posted April 24, 2013 Author Share Posted April 24, 2013 Let's say there were two options: 1. A vulnerability reporting and disclosure policy, where the manufacturer is given the chance to replicate, fix or simply respond to vulnerabilities. 2. A third party site where vulnerabilities are reported in 0-day style, possibly where participants try to exclude manufacturers. Which sounds better? Thanks Joe. A good oversight of how it works in IT. Take another example. There are huge botnets dedicated to DDoS attacks and sending spam. Generally these are PCs, but there is increasing interest in harnessing devices considered unpatchable - mainly embedded systems like routers. Some alarms certainly have the ability to send arbitrary email. Would it not be hugely harmful to an alarm manufacturer to have an alarm acting in this way, and to not be able to fix it? I have a blog, some of which is about alarm security and reverse engineering:http://cybergibbons.com/ Link to comment Share on other sites More sharing options...
MrHappy Posted April 24, 2013 Share Posted April 24, 2013 RF Explorer, nice bit of kit? Mr Veritas God Link to comment Share on other sites More sharing options...
cybergibbons Posted April 24, 2013 Author Share Posted April 24, 2013 Yes. Good. I can give more detail if interested. Useful for site surveys and can identify most types of modulation including spread spectrum. I have a blog, some of which is about alarm security and reverse engineering:http://cybergibbons.com/ Link to comment Share on other sites More sharing options...
Joe Harris Posted April 24, 2013 Share Posted April 24, 2013 Take another example. There are huge botnets dedicated to DDoS attacks and sending spam. Generally these are PCs, but there is increasing interest in harnessing devices considered unpatchable - mainly embedded systems like routers. Some alarms certainly have the ability to send arbitrary email. Would it not be hugely harmful to an alarm manufacturer to have an alarm acting in this way, and to not be able to fix it? 100% agree - tbh embedded devices are being harnessed to this end already and now it is simply a race by miscreants to ident device fingerprints and inject - our devices are just a.n.other among many Link to comment Share on other sites More sharing options...
PeterJames Posted April 24, 2013 Share Posted April 24, 2013 FFS when do you people sleep! Link to comment Share on other sites More sharing options...
cybergibbons Posted April 24, 2013 Author Share Posted April 24, 2013 100% agree - tbh embedded devices are being harnessed to this end already and now it is simply a race by miscreants to ident device fingerprints and inject - our devices are just a.n.other among many Just on this note, do many of you fit alarms with IP connectivity? FFS when do you people sleep! Sleep is for the weak. This is some of the best and most open discussion I've had around these topics. It's great! I have a blog, some of which is about alarm security and reverse engineering:http://cybergibbons.com/ Link to comment Share on other sites More sharing options...
matthew.brough Posted April 24, 2013 Share Posted April 24, 2013 Just on this note, do many of you fit alarms with IP connectivity? Sleep is for the weak. This is some of the best and most open discussion I've had around these topics. It's great! No, we are one of the handful that exclusively monitor via IP www.securitywarehouse.co.uk/catalog/ Link to comment Share on other sites More sharing options...
Joe Harris Posted April 24, 2013 Share Posted April 24, 2013 Most ARCs have some degree of IP connectivity utilised (A rare few avoid it as if it is black magic voodoo and curse be upon thee if used). Current proliferation or wired IP is between ~3% to ~5% of most monitoring estates and will increase slowly but surely. The dominant increase in IP utilisation is in GPRS / 3G /xG. This areas has had phenomenal growth over recent years and looks set to continue as the next generation broadband roll outs are firmly supporting it also as well as of course the massive demand from smart phones / wearable technology... Matt is ofc the exception to the rule - not like him to be different lol Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.