The UK Home Automation Archive

Archive Home
Group Home
Search Archive


Advanced Search

The UKHA-ARCHIVE IS CEASING OPERATIONS 31 DEC 2024


[Message Prev][Message Next][Thread Prev][Thread Next][Message Index][Thread Index]

Re: CCTV DVRs



--20cf3079b90835897204f7a002d2
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Hi

Yes you are right it is probably hard to tell which DVR's on the market are
re-badged Swann units.

In the absence of any control over what software a box has on it and it's
security risks, then the only real option is to put something you have
control of between the CCTV box and the internet.

This could be a VPN, an SSH tunnel or maybe even a Apache reverse proxy
running through SSL and a password.

Of course this could be beyond the average user, who just wants a CCTV box.

In the absence of the knowledge to do that, I would probably try to find a
manufacturer who is proactive to security and quick to patch. For me, this
would be as high a requirement as picture quality and disk capacity.

Max





On 22 April 2014 12:11, Simon McCaughey <simonmcc@xxxxxxx> wrote:

>
>
> Max,
>
> wow, that does make for an interesting read. I'm not sure how to react
> though, so if I don't buy swann, but buy 'x' that runs from the same
base
> system, or if I buy 'y' that has the same flaws, but no-one has
written i=
t
> up, am I any better off?
>
> Obviously having the device on the internet has great benefits, but as
yo=
u
> point out this may come at great cost.
>
>
> Regards
>
> Simon
> ---
> "I rejoice at your word like one who finds great spoil" (Ps.
119:162).
> Treasure just waiting to be enjoyed every morning.
>
>
> On 22 April 2014 10:52, Max Hodgson <max@xxxxxxx> wrote:
>
>>
>>
>>
>> On 22 April 2014 10:45, Simon McCaughey <simonmcc@xxxxxxx>
wrote:
>>
>>>
>>>
>>> Our Geovision system died a few months ago, and I haven't got
round to
>>> replacing it yet. I was thinking of going for one of the Swann
Trublue
>>> systems from maplin, as they seem of a reasonable spec and
they are not=
too
>>> expensive.
>>>
>>> Had you considered them, or do you think the others are a lot
better? (=
I
>>> know they might not tick all your boxes)
>>>
>>>
>>>
>> Hi,
>>
>> Before looking at Swann stuff I would recommend looking at this:
>>
>>
>> http://console-cowboys.blogspot.co.uk/2013/01/swann-song-dvr-insecurity.=
html
>>
>> Edited Highlights: "tl;dr; A whole slew of security dvr
devices are
>> vulnerable to an unauthenticated login disclosure and
unauthenticated
>> command injection."
>>
>> If you are thinking of having one accessible to the internet, I
would
>> probably think twice...
>>
>> Max.
>>
>>
>>
>>
>=20=20
>

--20cf3079b90835897204f7a002d2
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable





<head>

<style type=3D"text/css">
<!--

/* start of attachment style */
.ygrp-photo-title{
clear: both;
font-size: smaller;
height: 15px;
overflow: hidden;
text-align: center;
width: 75px;
}
div.ygrp-photo{
background-position: center;
background-repeat: no-repeat;
background-color: white;
border: 1px solid black;
height: 62px;
width: 62px;
}

div.photo-title=20
a,
div.photo-title a:active,
div.photo-title a:hover,
div.photo-title a:visited {
text-decoration: none;=20
}

div.attach-table div.attach-row {
clear: both;
}

div.attach-table div.attach-row div {
float: left;
/* margin: 2px;*/
}

p {
clear: both;
padding: 15px 0 3px 0;
overflow: hidden;
}

div.ygrp-file {
width: 30px;
valign: middle;
}
div.attach-table div.attach-row div div a {
text-decoration: none;
}

div.attach-table div.attach-row div div span {
font-weight: normal;
}

div.ygrp-file-title {
font-weight: bold;
}
/* end of attachment style */
-->
</style>
</head>
<html>
<head>
<style type=3D"text/css">
<!--
#ygrp-mkp {
border: 1px solid #d8d8d8;
font-family: Arial;
margin: 10px 0;
padding: 0 10px;
}

#ygrp-mkp hr {
border: 1px solid #d8d8d8;
}

#ygrp-mkp #hd {
color: #628c2a;
font-size: 85%;
font-weight: 700;
line-height: 122%;
margin: 10px 0;
}

#ygrp-mkp #ads {
margin-bottom: 10px;
}

#ygrp-mkp .ad {
padding: 0 0;
}

#ygrp-mkp .ad p {
margin: 0;
}

#ygrp-mkp .ad a {
color: #0000ff;
text-decoration: none;
}
-->
</style>
</head>
<body>



<!-- **begin egp html banner** -->

<br><br>

<!-- **end egp html banner** -->


<div dir=3D"ltr"><div>Hi<br><br>Yes you
are right it is probably hard to te=
ll which DVR&#39;s on the market are re-badged Swann
units.<br><br>In the a=
bsence of any control over what software a box has on it and it&#39;s
secur=
ity risks, then the only real option is to put something you have control
o=
f between the CCTV box and the internet. <br>

<br>This could be a VPN, an SSH tunnel or maybe even a Apache reverse
proxy=
running through SSL and a
password.<br><br></div><div>Of course this could=
be beyond the average user, who just wants a CCTV
box.<br><br></div><div>

In the absence of the knowledge to do that, I would probably try to find a
=
manufacturer who is proactive to security and quick to patch. For me, this
=
would be as high a requirement as picture quality and disk capacity.
<br>

<br></div><div>Max<br></div><div><br><br></div><br></div><div
class=3D"gmai=
l_extra"><br><br><div
class=3D"gmail_quote">On 22 April 2014 12:11, Simon M=
cCaughey <span dir=3D"ltr">&lt;<a href=3D"mailto:simonmcc@xxxxxxx";
target=
=3D"_blank">simonmcc@xxxxxxx</a>&gt;</span>
wrote:<br>

<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0
.8ex;border-left:1p=
x #ccc solid;padding-left:1ex">


<u></u>









=20
<div style>
<span>=C2=A0</span>


<div>
<div>


<div>
=20=20=20=20=20=20
=20=20=20=20=20=20
<p></p><div
dir=3D"ltr">Max,<div><br></div><div>wow,
that does make f=
or an interesting read. I&#39;m not sure how to react though, so if I
don&#=
39;t buy swann, but buy &#39;x&#39; that runs from the same base
system, or=
if I buy &#39;y&#39; that has the same flaws, but no-one has
written it up=
, am I any better off?</div>



<div><br></div><div>Obviously having the device on
the internet has great b=
enefits, but as you point out this may come at great
cost.</div><div><br></=
div></div><div class=3D"gmail_extra"><div
class=3D""><br clear=3D"all"><div=
>



<div
dir=3D"ltr">Regards<br><br>Simon<div>---</div><div><span
style=3D"colo=
r:rgb(51,51,51);font-family:&#39;lucida
grande&#39;,tahoma,verdana,arial,sa=
ns-serif">&quot;I rejoice at your word like one who finds great
spoil&quot;=
(Ps. 119:162).=C2=A0</span></div>



<div><span
style=3D"color:rgb(51,51,51);font-family:&#39;lucida
grande&#39;=
,tahoma,verdana,arial,sans-serif">Treasure just waiting to be
enjoyed every=
morning.</span><br></div></div></div>
<br><br></div><div><div
class=3D"h5"><div class=3D"gmail_quote">On 22
April=
2014 10:52, Max Hodgson <span dir=3D"ltr">&lt;<a
href=3D"mailto:max@mjhodg=
son.com"
target=3D"_blank">max@xxxxxxx</a>&gt;</span>
wrote:<br><bloc=
kquote class=3D"gmail_quote" style=3D"border-left:1px #ccc
solid">










=20=20=20=20=20=20=20=20




<div>





<br><br>




<div dir=3D"ltr"><div
class=3D"gmail_extra"><div><br><div
class=3D"gmail_qu=
ote">On 22 April 2014 10:45, Simon McCaughey <span
dir=3D"ltr">&lt;<a href=
=3D"mailto:simonmcc@xxxxxxx";
target=3D"_blank">simonmcc@xxxxxxx</a>&gt;=
</span> wrote:<br>





<blockquote class=3D"gmail_quote" style=3D"margin:0px 0px
0px 0.8ex;border-=
left:1px solid rgb(204,204,204)">


<u></u>









=20
<div>
<span>=C2=A0</span>


<div>
<div>


<div>
=20=20=20=20=20=20
=20=20=20=20=20=20
<p></p><div dir=3D"ltr">Our Geovision system
died a few months ago, a=
nd I haven&#39;t got round to replacing it yet. I was thinking of going
for=
one of the Swann Trublue systems from maplin, as they seem of a reasonable=
spec and they are not too expensive.<div>







<br></div><div>Had you considered them, or do you think
the others are a lo=
t better? (I know they might not tick all your
boxes)</div><div><br></div><=
/div><div class=3D"gmail_extra"><br
clear=3D"all"></div></div></div></div>





</div></blockquote><div><br></div></div></div>Hi,<br><br></div><div
class=
=3D"gmail_extra">Before looking at Swann stuff I would
recommend looking at=
this:<br><br><a href=3D"http://console-cowboys.blogspot.co.uk/2013/01/swan=
n-song-dvr-insecurity.html" target=3D"_blank">http://console-cowboys.blogsp=
ot.co.uk/2013/01/swann-song-dvr-insecurity.html</a><br>





<br></div><div class=3D"gmail_extra">Edited
Highlights: &quot;tl;dr; A whol=
e slew of security dvr devices are vulnerable to an=20
unauthenticated login disclosure and unauthenticated command
injection.&quo=
t;</div><div
class=3D"gmail_extra"><br></div><div
class=3D"gmail_extra">If =
you are thinking of having one accessible to the internet, I would
probably=
think twice...<span><font
color=3D"#888888"><br>





<br>Max.<br><br></font></span></div></div><div>






<br>


<br>




<div width=3D"1"
style=3D"color:white"></div>



</div></div></blockquote></div><br></div></div></div>
<p></p>

</div>
=20=20=20=20=20

=20=20=20=20
<div style=3D"color:#fff;min-height:0"></div>


</div>



=20=20






</blockquote></div><br></div>




<!-- **begin egp html banner** -->

<br>


<br>

<!-- **end egp html banner** -->


<div width=3D"1" style=3D"color: white; clear:
both;"/>__._,_.___</div>

=20=20=20=20=20=20
=20=20

=20=20=20=20
<!-- Start Recommendations -->
<!-- End Recommendations -->


<!-- **begin egp html banner** -->

<br><br>
<tt>
&lt;*&gt; Join the Automated Home Forums<BR>
&nbsp;&nbsp;&nbsp;&nbsp; <a href=3D"http://www.automatedhome.co.uk/vbulleti=
n/">http://www.automatedhome.co.uk/vbulletin/</a><BR>
<BR>
&lt;*&gt; UKHA_D Mailing list in association with:<BR>
&nbsp;&nbsp;&nbsp;&nbsp; <a href=3D"http://www.automatedhome.co.uk";>http://=
www.automatedhome.co.uk</a><BR>
<BR>
<BR>
</tt>
<br><br>

<!-- **end egp html banner** -->



<!-- **begin egp html banner** -->

<img src=3D"http://geo.yahoo.com/serv?s=3D97476590/grpId=3D1109639/grpspI=
d=3D1705041992/msgId=3D164815/stime=3D1398166542"
width=3D"1" height=3D"1">=
<br>

<!-- **end egp html banner** -->

=20=20
<!-- **begin egp html banner** -->

<br>



=20=20=20
=20=20=20=20=20
=20
<!-- **begin egp html banner** -->
<div id=3D"ygrp-vital" style=3D"background-color:
#f2f2f2; font-fam=
ily: Verdana; font-size: 10px; margin-bottom: 10px; padding:
10px;">

<span id=3D"vithd" style=3D"font-weight: bold; color:
#333; text-tr=
ansform: uppercase; "><a href=3D"https://groups.yahoo.com/neo/groups/ukha_d=
/info;_ylc=3DX3oDMTJlNjdhdGQ1BF9TAzk3MzU5NzE0BGdycElkAzExMDk2MzkEZ3Jwc3BJZA=
MxNzA1MDQxOTkyBHNlYwN2dGwEc2xrA3ZnaHAEc3RpbWUDMTM5ODE2NjU0Mg--"
style=3D"te=
xt-decoration: none;">Visit Your Group</a></span>

<ul style=3D"list-style-type: none; margin: 0; padding: 0; display:
in=
line;">
</ul>
</div>


<div id=3D"ft" style=3D"font-family: Arial; font-size:
11px; margin-top: 5p=
x; padding: 0 2px 0 0; clear: both;">
<a href=3D"https://groups.yahoo.com/neo;_ylc=3DX3oDMTJkb3BlbXV2BF9TAzk3ND=
c2NTkwBGdycElkAzExMDk2MzkEZ3Jwc3BJZAMxNzA1MDQxOTkyBHNlYwNmdHIEc2xrA2dmcARzd=
GltZQMxMzk4MTY2NTQy" style=3D"float: left;"><img
src=3D"http://l.yimg.com/r=
u/static/images/yg/img/email/new_logo/logo-groups-137x15.png"
height=3D"15"=
width=3D"<? ol var!Pref.EmailFooterLogo.FullFeatured.Width
?>" alt=3D"Yaho=
o! Groups" style=3D"border: 0;"/></a>
<div style=3D"color: #747575; float: right;"> &bull;
<a href=3D"https://i=
nfo.yahoo.com/privacy/us/yahoo/groups/details.html"
style=3D"text-decoratio=
n: none;">Privacy</a> &bull; <a href=3D"mailto:ukha_d-unsubscribe@yahoogrou=
ps.com?subject=3DUnsubscribe" style=3D"text-decoration:
none;">Unsubscribe<=
/a> &bull; <a href=3D"https://info.yahoo.com/legal/us/yahoo/utos/terms/";
st=
yle=3D"text-decoration: none;">Terms of Use</a>
</div>
</div>

<!-- **end egp html banner** -->

</div> <!-- ygrp-msg -->

=20=20=20


<br>

<!-- **end egp html banner** -->


<div style=3D"color: white; clear:
both;"/>__,_._,___</div>
</body>

</html>

--20cf3079b90835897204f7a002d2--

UKHA_D Main Index | UKHA_D Thread Index | UKHA_D Home | Archives Home

Comments to the Webmaster are always welcomed, please use this contact form . Note that as this site is a mailing list archive, the Webmaster has no control over the contents of the messages. Comments about message content should be directed to the relevant mailing list.