matthew.brough Posted May 17, 2013 Share Posted May 17, 2013 If your signalling system claimed it was encrypted and it turned out to be as weak as this, would that not be of concern? Absolutely Quote www.securitywarehouse.co.uk/catalog/ Link to comment Share on other sites More sharing options...
cybergibbons Posted May 17, 2013 Author Share Posted May 17, 2013 Your constant play on words, inferences, claims suggesting you are the 'good guy' etc etc are misleading. The easily led fall for it, not i. I'm out!! One of the big reasons I am here is to make sure anything I infer isn't false. Quote I have a blog, some of which is about alarm security and reverse engineering:http://cybergibbons.com/ Â Â Â Link to comment Share on other sites More sharing options...
matthew.brough Posted May 17, 2013 Share Posted May 17, 2013 One of the big reasons I am here is to make sure anything I infer isn't false. He gets moody occasionally. Quote www.securitywarehouse.co.uk/catalog/ Link to comment Share on other sites More sharing options...
Cubit Posted May 17, 2013 Share Posted May 17, 2013 He gets moody occasionally. not at all.But if you'd pay more attention you'd notice the issues...and who I was referring to. Quote Link to comment Share on other sites More sharing options...
Joe Harris Posted May 17, 2013 Share Posted May 17, 2013 It wouldn't have been hard to make this secure at all. Actually, I think it would be less effort just using something ready made.  One of my many arguments for standardised protocols.  Why reinvent the wheel?  Especially when you make a round wheel square in the process..... Quote  Link to comment Share on other sites More sharing options...
matthew.brough Posted May 17, 2013 Share Posted May 17, 2013 One of my many arguments for standardised protocols. Â Why reinvent the wheel? Â Especially when you make a round wheel square in the process..... Totally agree. I know webway use a few in their stuff rather than recreate something that already existed. Quote www.securitywarehouse.co.uk/catalog/ Link to comment Share on other sites More sharing options...
cybergibbons Posted May 17, 2013 Author Share Posted May 17, 2013 It is almost always without exception a bad idea to "roll your own" encryption: http://security.stackexchange.com/questions/18197/why-shouldnt-we-roll-our-own  It's also a really bad idea to keep encryption schemes secret - the security should lie in the key, not the algorithm. If you keep it secret, the most clever person to look at it is going to be you. Make it public, and there is almost always someone more clever than you to take a look.  I partly understand why Technistore is like this - it was implemented for embedded systems 25 years ago. Even with that in mind, it's got issues. Quote I have a blog, some of which is about alarm security and reverse engineering:http://cybergibbons.com/    Link to comment Share on other sites More sharing options...
james.wilson Posted May 17, 2013 Share Posted May 17, 2013 but again technistore is just a reset algo. There are easy ways to reset a system than to hack it. It was originally a separate device that wired into the panel. It was then later added to panels as a built in function. Most panels don't even have a seed, ie castle, aritech etc. If you get hold of the software you can reset any panel. Im not a fan of it and once we have all of our estate on udl we will be disabling it. Quote securitywarehouse Security Supplies from Security Warehouse Trade Members please contact us for your TSI vetted trade discount. Link to comment Share on other sites More sharing options...
cybergibbons Posted May 17, 2013 Author Share Posted May 17, 2013 How does the UDL software authenticate with the panels? Quote I have a blog, some of which is about alarm security and reverse engineering:http://cybergibbons.com/ Â Â Â Link to comment Share on other sites More sharing options...
james.wilson Posted May 17, 2013 Share Posted May 17, 2013 Well depends. If using modems then we use dial back and they call the office, either from a remote request or the customer pressing the relevant buttons. On the higher security stuff we use webways and the data is sent over an ssh tunnel. Quote securitywarehouse Security Supplies from Security Warehouse Trade Members please contact us for your TSI vetted trade discount. Link to comment Share on other sites More sharing options...
matthew.brough Posted May 17, 2013 Share Posted May 17, 2013 Just for clarity Aritech ATS does use seed codes, Aritech CD does not. Quote www.securitywarehouse.co.uk/catalog/ Link to comment Share on other sites More sharing options...
james.wilson Posted May 17, 2013 Share Posted May 17, 2013 ok 0-255? Quote securitywarehouse Security Supplies from Security Warehouse Trade Members please contact us for your TSI vetted trade discount. Link to comment Share on other sites More sharing options...
matthew.brough Posted May 17, 2013 Share Posted May 17, 2013 ok 0-255? 000001 - 999999 Quote www.securitywarehouse.co.uk/catalog/ Link to comment Share on other sites More sharing options...
james.wilson Posted May 17, 2013 Share Posted May 17, 2013 wow, useless point scored there for the ats Quote securitywarehouse Security Supplies from Security Warehouse Trade Members please contact us for your TSI vetted trade discount. Link to comment Share on other sites More sharing options...
matthew.brough Posted May 17, 2013 Share Posted May 17, 2013 wow, useless point scored there for the ats I thought it a bit strange having such a big number. No idea why it is so. Quote www.securitywarehouse.co.uk/catalog/ Link to comment Share on other sites More sharing options...
Oxo Posted May 17, 2013 Share Posted May 17, 2013 To give CG 5 more mins of brain ache. Quote Link to comment Share on other sites More sharing options...
matthew.brough Posted May 17, 2013 Share Posted May 17, 2013 Lol Quote www.securitywarehouse.co.uk/catalog/ Link to comment Share on other sites More sharing options...
Lwillis Posted May 17, 2013 Share Posted May 17, 2013 The aritech cd panels are a 1-99 list lol Quote Link to comment Share on other sites More sharing options...
james.wilson Posted May 17, 2013 Share Posted May 17, 2013 old panel though now Quote securitywarehouse Security Supplies from Security Warehouse Trade Members please contact us for your TSI vetted trade discount. Link to comment Share on other sites More sharing options...
Lwillis Posted May 17, 2013 Share Posted May 17, 2013 Yeah . Still quite a few around tho. Quote Link to comment Share on other sites More sharing options...
james.wilson Posted May 17, 2013 Share Posted May 17, 2013 agreed but unfair to compare to modern security requirements was all I was meaning Quote securitywarehouse Security Supplies from Security Warehouse Trade Members please contact us for your TSI vetted trade discount. Link to comment Share on other sites More sharing options...
Lwillis Posted May 17, 2013 Share Posted May 17, 2013 Oh yeah, much better in those days IMO lol Must admit I'm guessing most companies use the same seed code. Depends what the arc can support Aswell . - ours only supports certain scantronic rem reset seeds Quote Link to comment Share on other sites More sharing options...
cybergibbons Posted May 17, 2013 Author Share Posted May 17, 2013 000001 - 999999 How long is the anticode though? Quote I have a blog, some of which is about alarm security and reverse engineering:http://cybergibbons.com/ Â Â Â Link to comment Share on other sites More sharing options...
matthew.brough Posted May 17, 2013 Share Posted May 17, 2013 How long is the anticode though? 4 digits Quote www.securitywarehouse.co.uk/catalog/ Link to comment Share on other sites More sharing options...
Joe Harris Posted May 17, 2013 Share Posted May 17, 2013 Oh yeah, much better in those days IMO lol Must admit I'm guessing most companies use the same seed code. Depends what the arc can support Aswell . - ours only supports certain scantronic rem reset seeds  The ARC can do any seed - they may need to pay to implement though if they don't know how to do db inserts Quote  Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.