Menu
What's new

Dahua video kit left user credentials in plain sight

hmjgriffon

hmjgriffon

Known around here
Joined
Mar 30, 2014
Messages
3,386
Reaction score
979
Location
North Florida
I block incoming and outgoing traffic from China, it's all good

Sent from my Nexus 6P using Tapatalk
 
hmjgriffon

hmjgriffon

Known around here
Joined
Mar 30, 2014
Messages
3,386
Reaction score
979
Location
North Florida
Jack B Nimble said:
How would you know traffic is coming from China lol I think they know what VPN's are as well. I think they would make thier IP a U.S one if I were attacking would they not ?
Click to expand...
They have blocks of assigned IPs, could they be using some non Chinese IP, maybe, but does anyone even know what the traffic is? When I'm feeling less lazy perhaps I will block the cams from being able to hit anything.
 
nayr

nayr

IPCT Contributor
Joined
Jul 16, 2014
Messages
9,329
Reaction score
5,325
Location
Denver, CO
IPVM should get there asses off that high horse; Guess everyone should ditch Microsoft and Cisco and all the others with poor history of security issues..

A google search shows one measly article on VPN Use by IPVM, Published in February of 2017.. They know as much about network security as Dahua; bah.. Whats that precious subscription given to there customers over the last decade? Apparently not one mention of VPN so they are just part of the problem.. a bunch of so called security professionals without a clue about network security.

There is not a Video Surveillance system made by any manufacturer that can handle the full force of the internet; Yes Dahua makes stupid security mistakes.. Everyone does, this shit is complicated and hard to get right... They are acknowledging it, announcing issues, fixing it and releasing firmware to address problems found at a relatively fast pace for the industry.. If they just stuck there fingers in their ears and pretended there was no problem then perhaps the'd have an argument.
 
Last edited:
hmjgriffon

hmjgriffon

Known around here
Joined
Mar 30, 2014
Messages
3,386
Reaction score
979
Location
North Florida
nayr said:
IPVM should get there asses off that high horse; Guess everyone should ditch Microsoft and Cisco and all the others with poor history of security issues..

A google search shows one measly article on VPN Use by IPVM, Published in February of 2017.. They know as much about network security as Dahua; bah.. Whats that precious subscription given to there customers over the last decade? Apparently not one mention of VPN so they are just part of the problem.. a bunch of so called security professionals without a clue about network security.

There is not a Video Surveillance system made by any manufacturer that can handle the full force of the internet; Yes Dahua makes stupid security mistakes.. Everyone does, this shit is complicated and hard to get right... They are acknowledging it, announcing issues, fixing it and releasing firmware to address problems found at a relatively fast pace for the industry.. If they just stuck there fingers in their ears and pretended there was no problem then perhaps the'd have an argument.
Click to expand...
I was about to say something like that, what is the alternative anyways? If someone wants you bad enough, yer fucked, everything out there has been hacked from macs to Cisco to Windows, the bigger the payoff, the more people who will poke at it until something breaks and they find a zero day. Nobody on earth writes code that doesn't have bugs.
 
tangent

tangent

IPCT Contributor
Joined
May 12, 2016
Messages
4,428
Reaction score
3,669
nayr said:
IPVM should get there asses off that high horse; Guess everyone should ditch Microsoft and Cisco and all the others with poor history of security issues..

A google search shows one measly article on VPN Use by IPVM, Published in February of 2017.. They know as much about network security as Dahua; bah.. Whats that precious subscription given to there customers over the last decade? Apparently not one mention of VPN so they are just part of the problem.. a bunch of so called security professionals without a clue about network security.

There is not a Video Surveillance system made by any manufacturer that can handle the full force of the internet; Yes Dahua makes stupid security mistakes.. Everyone does, this shit is complicated and hard to get right... They are acknowledging it, announcing issues, fixing it and releasing firmware to address problems found at a relatively fast pace for the industry.. If they just stuck there fingers in their ears and pretended there was no problem then perhaps the'd have an argument.
Click to expand...
Pretty much, and cameras have company in this regard. Check out this 2014 article, I don't think things have improved much. Researchers find 25 vulnerabilities per IoT device

There are so many holes in embedded web servers for all sorts of devices it isn't even funny and it's only getting worse as companies have started adding wifi to your dishwasher. How often is that going to get software updates and is it going to be good for anything but telling advertisers when you're going to want takeout? My personal favorite however are the flaws baked into silicon.
 
J

john-ipvm

Known around here
Joined
Oct 15, 2015
Messages
420
Reaction score
675
nayr said:
Apparently not one mention of VPN so they are just part of the problem
Click to expand...
In addition to the VPN guide you cite, we have a 2015 Remote Network Access Guide that covers VPNs, we have a 10 manufacturer cyber security comparison, we have examinations of hardening guide, etc. I am not sure how many articles we need to prove to you we are serious about security, but we have nearly 200 tutorials on a variety of topics, nearly 500 tests, etc.

And as for Dahua acknowledging it and being motivated to fix it, IPVM plays a critical role there because Dahua knows that our role in publicizing these things pushes companies like Dahua to fix it. Dahua has admitted as much to us.
 
Last edited:
You must log in or register to reply here.
Top