Ambling securely

Random things about security and other odd things

Networking over power cables

I recently had the opportunity to play with some products from Devolo, a German company. The goodies enable users to use their electricity cabling as network connections and it also supports wireless networking.

The first time I tried the whole network over power thing was a few years ago and it wasn’t too impressive. Between unreliable connections that dropped at random and data transfer rates that fluctuated between poor and abysmal, when the devices actually connected, you can say I wasn’t impressed.

Devolo is different. While the box promises a 200 Mbps to 300 Mbps connection, depending on whether you’re using the wired or wireless option, I got a 187 Mbps connection (wired) as standard – which is rather nice. I could stream video from one laptop to another using the electrical circuits and as soon as I plugged the ADSL router into the power unit, I was online.

The company suggests you plug the Devolo units directly into the power outlet, however I used an extension for one unit and it worked. The results would probably have been much better if I followed instructions and avoided an extension.

What bugged me about the Devolo products was that it was just too easy to use. All I did was connect the router to the power unit and then plug another unit into the power outlet in another room, connect an Ethernet cable from my laptop to the unit. As soon as I launched the Devolo dashboard the connection was made and that was it.

I was immediately online and, with the correct credentials, I was able to connect to another computer that was connected via Wifi. There’s also a nifty USB unit that allows you to attach a printer or external hard drive to the Devolo network. It’s all just too easy.

Analogue is so next century

I’m busy putting together our annual CCTV handbook and we once again have more than a few people proclaiming the demise of analogue CCTV and the ultimate victory of IP surveillance over all. This year I did a bit of sniffing around, however, and have found some qualified and successful integrators and consultants that are more inclined to support analogue installations.

To be clear, these people acknowledge the benefits of IP, but prefer to offer clients what they actually need rather than the latest technology. In the real world, this often means analogue.

One consultant told me a story of an installation he recently managed in which the client wanted IP – because it’s the way of the future (or something like that).

First, the client experienced latency problems (rather a surprise since this was over a new fibre network) with the associated picture break-up and “black dot of death” pixels. According to the consultant, “it seems that the IP servers in the cameras could not handle the high bandwidth and a moving camera. Conditional refresh does not work then.”

No worries though. The problem was eventually sorted out. Then the NVR (network video recorder), running on Windows, ran a Windows update which promptly clashed with the firmware on the cameras. So now there were no pictures at all.

To paraphrase the consultant, in the IP world the security professional is not only a security professional, he is also an IT professional, perhaps more of an IT professional.

Another integrator told me he always recommends IP to clients because of the recurring revenue he gets from being called in regularly to tweak or fix something. With analogue he is sometimes called back to expand or upgrade the installation, but there’s very little else to do. “IP is high maintenance, which it good for the integrator’s bottom line.”

There’s a way to go before IP installations become as hassle free as analogue.

Researchers Can Easily "Prove" False Findings

Things are getting desperate when HBR's The Daily Stat editors think it's news that researchers can get any results they want, or should that be, that they're paid to get no matter what the data says. Did they never read the Linux is more expensive than Windoze research sponsored by Microsoft? How about the smoking isn't deadly research from the tobacco companies? Where have they been hiding?
Of course they base the findings on research ...  http://pss.sagepub.com/content/22/11/1359.
Maybe I'm just cynical. Probably the trauma from the alien abduction.

 

Cameras in the bathroom

As the surveillance society grows, we are all being conditioned to accept 24-hour monitoring from Big Brother in the name of security. Maybe that works in England, but this is Africa so the concept is laughable, but anyway ... moving on.

 

I’ve just been in contact with someone who reports that a nursery school has installed CCTV cameras throughout the school, including in the bathrooms and changing room. Not only was this done without permission from the parents, but the video feeds are piped live to a security company.

 

How stupid can you get. I’m betting the feeds are not encrypted or secured in any way. And I’ll also bet the security company has no way of knowing what happens to those feeds.

 

A paedophile’s dream. 

Open your home to the world

BBC carried an interesting article recently about flaws in Trendnet's SecurView IP cameras. According to the article, “Feeds from thousands of Trendnet home security cameras have been breached, allowing any web user to access live footage without needing a password.

This means that those people using Trendnet to keep an eye on their house or what their staff or kids are up to during the day, could see their supposedly private feeds open to the online world.

While I am usually the last person to recommend people register any products they buy with the company – I don't want endless marketing from hyperactive PRs – in this case it would have been a good idea as those customers who had registered their cameras were informed via e-mail of the problem. I guess the rest of them who didn't register would have to read about the problem online somewhere.

The full BBC article is at http://www.bbc.co.uk/news/technology-16919664.

The Trendnet website has a list of the cameras for which it has patches. You can find them at http://www.trendnet.com/langen/press/view.asp?id=1958 or http://www.trendnet.com/langen/downloads.

Worth a look if you use these IP cameras. Maybe also keep an eye on the website to see what other news it releases.

Secure banking? Standard Bank’s “Prestige Autoresponse”

You would think a bank had at least a smidgen of intelligence when it comes to security, especially when dealing with high-income earners. But apparently not.

A colleague of mine, who qualifies for “Prestige Banking” at Standard Bank, recently sent an e-mail query to his personal banker. No problem there.

He received an immediate response, although it was an autoresponse promising a consultant would contact him within 24 hours. That works fine as well, I guess.

However, following the promise was the following paragraph: In future, please ensure that either your card or account number and your ID number appears on your request. This will ensure a speedy reply.

Really? Not only e-mail your card or account number over an unprotected medium, but also include your Identity Number. How bizarre.

Why not simply publish all your clients’ details on the Standard Bank website if you are so keen on supporting fraud and theft?

Thankfully the person on the receiving end of this moronic mail had more sense than to comply. But what about those who are not as security aware? They may actually assume their bank knows best when it comes to security and put their identity at risk.

Damn stupid of Standard Bank.