Why NO Cloud In House? Uh.....
The Market Ticker - Commentary on The Capital Markets
Logging in or registering will improve your experience here
Main Navigation
Display list of topics
Sarah's Resources You Should See
Sarah's Blog Buy Sarah's Pictures
Full-Text Search & Archives
Legal Disclaimer

The content on this site is provided without any warranty, express or implied. All opinions expressed on this site are those of the author and may contain errors or omissions.

NO MATERIAL HERE CONSTITUTES "INVESTMENT ADVICE" NOR IS IT A RECOMMENDATION TO BUY OR SELL ANY FINANCIAL INSTRUMENT, INCLUDING BUT NOT LIMITED TO STOCKS, OPTIONS, BONDS OR FUTURES.

The author may have a position in any company or security mentioned herein. Actions you undertake as a consequence of any analysis, opinion or advertisement on this site are your sole responsibility.

Market charts, when present, used with permission of TD Ameritrade/ThinkOrSwim Inc. Neither TD Ameritrade or ThinkOrSwim have reviewed, approved or disapproved any content herein.

The Market Ticker content may be sent unmodified to lawmakers via print or electronic means or excerpted online for non-commercial purposes provided full attribution is given and the original article source is linked to. Please contact Karl Denninger for reprint permission in other media, to republish full articles, or for any commercial use (which includes any site where advertising is displayed.)

Submissions or tips on matters of economic or political interest may be sent "over the transom" to The Editor at any time. To be considered for publication your submission must include full and correct contact information and be related to an economic or political matter of the day. All submissions become the property of The Market Ticker.

Considering sending spam? Read this first.

2018-06-28 20:10 by Karl Denninger
in Technology , 103 references Ignore this thread
Why NO Cloud In House? Uh.....
[Comments enabled]

Gee, you should have found a HomeDaemon-MCP distributor -- or become the one. smiley

Swann Security has blamed a factory error for the data breach - which was brought to its attention by the BBC - and said it was a "one-off" incident.

However, last month another customer reported a similar problem saying his version of the same app had received footage from a pub's CCTV system.

Swann said it was attempting to recover the kit involved in this second case.

In the meantime, it said it had notified the UK's data privacy watchdog of both cases.

And this is why either the computer is your computer or it is someone else's computer.

There is no "cloud."

Sorry 'ya had to learn that the hard way.

Who wants the entrepreneurial opportunity to make a bunch of money on a system to do this sort of thing that does not have that issue?

Well...... right here folks.  http://homedaemon.net

Go to responses (registration required to post)
 

 
Comments.......
User: Not logged on
Login Register Top Blog Top Blog Topics FAQ
User Info Why NO Cloud In House? Uh..... in forum [Market-Ticker]
Rollformer
Posts: 316
Incept: 2013-02-13

Report This As A Bad Post Add To Your Ignored User List
If I recall my programming courses correctly, they are likely correct that it is a one-off error. But those can, again IIrc, affect everything.
Oliver1655
Posts: 114
Incept: 2012-08-02

Report This As A Bad Post Add To Your Ignored User List
From the linked article.

"She said that "human error" had caused two cameras to be manufactured that shared the same "bank-grade security key - which secures all communications with its owner"."

bank-grade security key ?
smiley

I'd say that means the entire banking system is also "insecure"

I happen to have a Swann system set up here but it is only hard wired to a monitor for direct observation and a DVR for continuous recording. No internet connection was allowed and the phone app for viewing was never installed. While that would be very handy and something I could definitely use I questioned from the get go the security of their setup.

Looks like being 100% suspicious of their supposed security was the correct viewpoint to take.

Thanks to Karl preaching on the gaping security holes with IOT's I knew there were potential issues.

I'm very much interested in seeing Karl's system brought to the market place. Curious if homedaemon could be used to secure Swann's type of cameras or if there was some alternate way of securing them. I'm guessing No since their app is involved.

Maybe everyone needs to contact Swann and let them know the solution is already available they only need to pony up the money. It might be far cheaper than the suits that might come their way for violating individual privacy rights.
Tickerguy
Posts: 153486
Incept: 2007-06-26
A True American Patriot!
Report This As A Bad Post Add To Your Ignored User List
That depends; if they can speak RTSP then HomeDaemon should work. You then completely block them off from outside access (either direction) and mediate ALL access via the system. Thus no matter how idiotic the camera software writer was it cannot get beyond the local LAN. Of course if you're REALLY paranoid (e.g. you think they might have stuffed some ACTIVE malware in the camera!) then you need to segregate them on a separate PHYSICAL (or at least WiFi) VLAN so they literally cannot see ANYTHING other than HomeDaemon.

That's taking paranoia to an expectation of *active* malice (as opposed to stupidity), however.

----------
Winding it down.
Drdata
Posts: 1
Incept: 2018-06-24

Alabama
Report This As A Bad Post Add To Your Ignored User List
The three most frightening words in English are "For your convenience."

I will cite these posts as evidence.
Attilahooper
Posts: 2873
Incept: 2007-08-28

New York, by way of Montreal Canada.
Report This As A Bad Post Add To Your Ignored User List
^^ Well played Drdata^^
I use the same means of segregating that Karl mentions, a seperate VLAN for cams with outbound traffic only allowed to my Zoneminder IP. The Ubiquity wifi APs also support VLANs, so the kids are on seperate wifi ssid apart from the lan.

----------
I've retired and bought Shecky's - Welcome, have fun, **** **** up, let's get this party started
https://www.youtube.com/watch?v=ykZbxFub....

Jethrodull
Posts: 140
Incept: 2008-02-25

North Texas
Report This As A Bad Post Add To Your Ignored User List
Karl,

Perhaps with GDPR, someone/firm in the EU might have an interest in this.
-J
Tickerguy
Posts: 153486
Incept: 2007-06-26
A True American Patriot!
Report This As A Bad Post Add To Your Ignored User List
I do not care where the interest comes from....

FWIW I just did a modest re-factoring of the init code paths for a couple of reasons with the most-important being to make battery-powered unit includes what should be a completely hands-off procedure (where before it was not), even if the unit in question does things that are technically legit under the Zwave specs but utterly stupid (like being battery powered but not sending wakeups or being able to have wake intervals defined.) It was possible to wind up with a unit that couldn't be named this way since it never sent a wakeup and thus never got the list of things it can handle (so the software didn't know whether it can store names or it has to do it locally), and when it's listening.

I'd name names of manufacturers who are involved in that nice bit of stupidity but it no longer matters as long as you're using my code and as a bonus it makes it easier and results in less load and RF contention on a start/restart for everyone else's devices too.... smiley

When I get around to it I'll recompile the Pi3 "freeware" image; the underlying OS is quite out-of-date as is the image in there and the docs -- the current is v4.3.1. It takes a couple of hours to cross-build the Pi3 OS image on my fairly-big AMD64 machine here and then of course I have to make sure it actually runs....

----------
Winding it down.

Ckaminski
Posts: 4726
Incept: 2011-04-08

Mass-Hole!
Online
Report This As A Bad Post Add To Your Ignored User List
A bit OT, but I have been experimenting with Zwave door sensors, and one of the no-name brands I grabbed off Amazon won't pair with my Aeon (but did with my Razberry Pi). I'm not about to write it off, but it's proving to be vexxing getting it reset and unpaired with the Razberry. :-/
Tickerguy
Posts: 153486
Incept: 2007-06-26
A True American Patriot!
Report This As A Bad Post Add To Your Ignored User List
Send it to me I'll tell ya what's up :)

The Aeotec stick will work with anything IF the code driving it is right. It's VERY timing sensitive so your code has to be right or you're ****ed.

----------
Winding it down.

Ckaminski
Posts: 4726
Incept: 2011-04-08

Mass-Hole!
Online
Report This As A Bad Post Add To Your Ignored User List
I can't seem to get the Aeotec to pair with the sensor. Factory reset doesn't seem to be working with it. I'm trying to pair them inches apart so range shouldn't be an issue.. I'll give it one more shot. Failing that, it's all yours. :-)

Login Register Top Blog Top Blog Topics FAQ