Nova-Security Posted November 23, 2015 Share Posted November 23, 2015 (edited) to assist? in what way? Dualcom are a BSIA member and the BSIA have a lot to do the the standards dont they? so they could explain the standards to them. The next thing you will be telling me is grading of CCTV is coming in http://www.bsia.co.uk/Portals/4/Publications/218-CCTV-graded-requirements.pdf Edited November 23, 2015 by Nova-Security www.nova-security.co.uk www.nsiapproved.co.uk No PMs please unless i know you or you are using this board with your proper name. Link to comment https://www.thesecurityinstaller.co.uk/community/topic/39405-csl-dualcom-cs2300-r-vulnerabilities/page/2/#findComment-435473 Share on other sites More sharing options...
Nova-Security Posted November 23, 2015 Share Posted November 23, 2015 They haven't communicated with me at all since they tried getting my home address 6 weeks ago. If they spent 10mins i think they could have your address quite easy. www.nova-security.co.uk www.nsiapproved.co.uk No PMs please unless i know you or you are using this board with your proper name. Link to comment https://www.thesecurityinstaller.co.uk/community/topic/39405-csl-dualcom-cs2300-r-vulnerabilities/page/2/#findComment-435474 Share on other sites More sharing options...
james.wilson Posted November 23, 2015 Share Posted November 23, 2015 I believe it can, yes. Certainly the ones that use the IP path can be sniffed and spoofed with little trouble. The problem is that I can't push the boundaries any further to prove it. why cant you test it further? Dualcom are a BSIA member and the BSIA have a lot to do the the standards dont they? so they could explain the standards to them. The next thing you will be telling me is grading of CCTV is coming in http://www.bsia.co.uk/Portals/4/Publications/218-CCTV-graded-requirements.pdf self certed i believe securitywarehouse Security Supplies from Security Warehouse Trade Members please contact us for your TSI vetted trade discount. Link to comment https://www.thesecurityinstaller.co.uk/community/topic/39405-csl-dualcom-cs2300-r-vulnerabilities/page/2/#findComment-435475 Share on other sites More sharing options...
cybergibbons Posted November 23, 2015 Author Share Posted November 23, 2015 Who did they try to get your address from? I hear if you boil the horses head it makes quite a pleasant soup. Me. For "formal communications". Seems odd, as I am a business. why cant you test it further? The law. I have a blog, some of which is about alarm security and reverse engineering:http://cybergibbons.com/ Link to comment https://www.thesecurityinstaller.co.uk/community/topic/39405-csl-dualcom-cs2300-r-vulnerabilities/page/2/#findComment-435476 Share on other sites More sharing options...
james.wilson Posted November 23, 2015 Share Posted November 23, 2015 the law? securitywarehouse Security Supplies from Security Warehouse Trade Members please contact us for your TSI vetted trade discount. Link to comment https://www.thesecurityinstaller.co.uk/community/topic/39405-csl-dualcom-cs2300-r-vulnerabilities/page/2/#findComment-435478 Share on other sites More sharing options...
cybergibbons Posted November 23, 2015 Author Share Posted November 23, 2015 the law? I can't actually do anything except passive observation. If I connect to CSL's servers, or actually interfere with the operation of another device, I have broken the law. Computer Misuse Act. I have a blog, some of which is about alarm security and reverse engineering:http://cybergibbons.com/ Link to comment https://www.thesecurityinstaller.co.uk/community/topic/39405-csl-dualcom-cs2300-r-vulnerabilities/page/2/#findComment-435479 Share on other sites More sharing options...
james.wilson Posted November 23, 2015 Share Posted November 23, 2015 ah i see shame be interested in the tests on that side too securitywarehouse Security Supplies from Security Warehouse Trade Members please contact us for your TSI vetted trade discount. Link to comment https://www.thesecurityinstaller.co.uk/community/topic/39405-csl-dualcom-cs2300-r-vulnerabilities/page/2/#findComment-435480 Share on other sites More sharing options...
cybergibbons Posted November 23, 2015 Author Share Posted November 23, 2015 The ball is in CSL's court with that. They could let any pentesting company take a look at their systems and publish the report. I have a blog, some of which is about alarm security and reverse engineering:http://cybergibbons.com/ Link to comment https://www.thesecurityinstaller.co.uk/community/topic/39405-csl-dualcom-cs2300-r-vulnerabilities/page/2/#findComment-435481 Share on other sites More sharing options...
james.wilson Posted November 23, 2015 Share Posted November 23, 2015 probably a good idea now? securitywarehouse Security Supplies from Security Warehouse Trade Members please contact us for your TSI vetted trade discount. Link to comment https://www.thesecurityinstaller.co.uk/community/topic/39405-csl-dualcom-cs2300-r-vulnerabilities/page/2/#findComment-435483 Share on other sites More sharing options...
cybergibbons Posted November 23, 2015 Author Share Posted November 23, 2015 Really depends on what they want to do. They can keep on with the smoke and mirrors, pitching themselves as "IoT poster boys", or they could actually start developing secure products. I have a blog, some of which is about alarm security and reverse engineering:http://cybergibbons.com/ Link to comment https://www.thesecurityinstaller.co.uk/community/topic/39405-csl-dualcom-cs2300-r-vulnerabilities/page/2/#findComment-435484 Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now