fenderman
Staff member
- Joined
- Mar 9, 2014
- Messages
- 36,902
- Reaction score
- 21,274
Security by obscurity.That a reason why i always use my own ports when forwarding..
Not a solution.That a reason why i always use my own ports when forwarding.. and No, i don’t use or ganna use a VPN because our customers want to check everywhere their cameras and don’t like if we change something in their phone, laptop, pc, etc...
Verzonden vanaf mijn iPhone met Tapatalk
That´s right, but automated scans normally first try default ports. To scan all possible ports last to long.Security by obscurity.
It just takes the automated scanner a little longer when the ports are not on the defaults - it doesn't eliminate the risk.
This is a normal behaviour for all IT manufacturers. In detail they won´t say it for security and customer reputation.We have numerous reports of much newer equipment, even units bought earlier this year. Part of the challenge is that Dahua is so poor at communicating and distributing firmware, it is not even clear what firmware versions have a 'fix'. We are still awaiting their response or official public notice.
But the Hikvision backdoor and the current Dahua hacks are not based on default admin passwords that are simply not changed. It is based on 'errors' in either (1) Dahua (not) validating local vs remote access and (2) Hikvision putting in a magic string that bypasses authentication.It´s always the same, default passwords
Stop being an idiot..Really...the hikvision hack has been PROVEN...as stated by others, it does not care what your password is, the password can remotely reset...what is worse, snapshots can be taken without changing the password so you would not know that you were even hacked...And Dahua and Hikvision is similar. I will wait to see when I can read the news without closed user access. The internet has every day shocking "news", I am not as paranoid because otherwise I could take a rope for myself, thats the only secure way LOL (joke).
If we see an trustful open information , I am welcome to shock my distributor
Totally agree, forget all your "strong" passwords, non-standard ports... whateverStop being an idiot..Really...the hikvision hack has been PROVEN...as stated by others, it does not care what your password is, the password can remotely reset...what is worse, snapshots can be taken without changing the password so you would not know that you were even hacked...
This dahua is extremely serious as well...and allows remote access...stop advocating port forwarding and changing ports, its been proven to be useless..
Too long, you say? When you have devices that are online with the same configuration, for years(!), would you think that's enough to fingerprint them? Or, again, it's too long?That´s right, but automated scans normally first try default ports. To scan all possible ports last to long.
no shit...The conversion script(s) in some firmware version(s) had a few... "glitches", so to speak. And, yes, the "null" user couldn't be deleted via web interface, via proprietary API (data/37777) using the SDK, nor via HTTP-SDK/"CGI".
There is three aspects with the Dahua backdoor worth considering.It´s always the same, default passwords, port forwarding, old firmware releases, wrong password account blocking not active and so on.
I kid you not!no shit...