Csl's M2M Sim Registration Portal Database Leak

[james.wilson]

surely in our industry we should be top of our game

[cybergibbons]

That would be our CEO

 

Well, his own email rather than a generic one is on the list.

[james.wilson]

id assume its not just csl that are lax, its long been roumored, where next?

[cybergibbons]

Well, I personally wouldn't touch Videofied gear with a bargepole. That's being released 30/11 - they need to get a fix out.

[jimcarter]

.....and WebWayOne, should definitely be pentested.

 

To clarify, our ATS has been independently pen-tested twice, by a UK Banking company and publicly owned shipping organisation. 

 

The pen testing covered very low level scrutinisation of our encryption techniques and policies.

 

Correct that 3rd party testing to EN only requires a self declaration on encryption and substitution protection. We deploy AES128 encryption with substitution protection and key changes. 

[james.wilson]

Jim has cyber played with your spt's

[jimcarter]

No. 

[jimcarter]

Jim has cyber played with your spt's

Just for continuity (as I have confirmed this on a separate thread). Andrew does indeed have a couple of our units (I was not aware until today) and he has carried out some basic testing and evaluation. As far as I'm aware, all ok but I'm sure I will hear otherwise if this is not the case!

[cybergibbons]

Yes - I have two of the recent SPTs.

 

The testing was basic, but nothing raised red-flags. I couldn't just download the firmware and tear it apart, and none of the common failings were made.

[secureiam]

interesting.