Arecont and SIA Failing Cybersecurity Efforts

Published Jul 22, 2016 13:01 PM

Do as we say, not as we do.

The effective motto of the Security Industry Association and their cyber board member Arecont Vision. Today, the two companies issued an interview where they talked cybersecurity [link no longer available].

Ironically, though both companies fail following their own guide.

The *****

*** ****** ************** *****. ** ** ****** ***************, ********* reasonable *************** ****:

******* ** *****.

******* ******* *********.

SIA *******

***'* *** *******, ****://***.****************.***/ **** *** ******* ** *****. 

**** **********, ***'* ***** **** **** not *** ***** ***** **** ***'* users ** **** ** ******* ***** passwords ******:

[******: *** *** *** ***** ***** login **** ** *** *****]

*******,*** ****** **** * *** *** *** **** ****** ******:

Arecont *******

******* ***** ** ******** ******.

***, ******* ******* ** *** ******* HTTPS ** ***. ***** ***** ****? Not ** ***. *** **** ** option. (*******: **** ****** ******* ******* *** ** Google)

***, *******'* ***** ****, **** ***, does *** ******* *****:

[******: ******* ****** *** *** **** HTTPS ****-****, ********* *** ***** ****.]

*****,******* **** ****** **** * *** *** *** **** ******.

****** *** ******** **** *********, ******* defaults ** ** ******** ** ***. Or ** ******* ********* *****:

******* ****** ******* ** *** **** with ************** *******

"Thought **********"

******, *** *** ******* **** ************ themselves ** ***** '******* *******'. *** would ***** '**********' *** ** ******** if **** ******** ***** ***** ********** themselves? Does *** *** ******** ******* ****** than ****?

*** *** **** ***, ** **** conscience, **** ******* ** *** ************* board **** ******* ***** ** ******** fundamental ****** ** ***** *** *****. Do ***** ****?

Comments (7)
Avatar
Jon Dillabaugh
Jul 24, 2016
Pro Focus LLC

U1: I tell you what! All these shady Chinese crap companies.....

U2: They aren't Chinese bruh

U1: WHAT?

U2: They are American?

U1: (blank stare)

(5)
U
Undisclosed #1
Jul 26, 2016
IPVMU Certified

Did that make you feel better? ;)

RB
Ryan Butler
Jul 25, 2016

Maybe this is an opportunity for an independent organization to create a rating system on the security of all web enabled cameras, NVR's, DVR's, access control, alarm systems, home automation......deep breath, commercial controls, wireless access point, switches and routers. Some sort of Penetration Test Rating that at the time of Manufacturing a random independent penetration test was conducted. Of course with all the zero-day exploits coming out all the time the rating could go up and down for model #'s.

The organizational model that comes to mind is the IP Code rating on outdoor rated technology. For example granted that IP66 is good enough for most outdoor installations, but if your national security or 100's of lives are at stake then you may want to use IP69. At least you know you did the best you could given whats available to you.

This would create a lot more clarity in the market especially sales people that are up against the out of the box camera system that can be streamed to a smartphone (Very impressive I know). Just ask these people "Does it concern you that there are self learning autonomous servers running 24/7 scanning for your public facing network weaknesses and exploiting them for no reason besides that's what they are programmed to do?" then they will ask for proof and well this is where a White Hat rating system would be a great to reference to cite.

JH
John Honovich
Aug 09, 2016
IPVM

Update: SIA has fixed their login page issue, Arecont still has not.

JH
John Honovich
Oct 12, 2016
IPVM

Update: Arecont Vision has now gone HTTPS site-wide, including the login page.

(1)
UM
Undisclosed Manufacturer #2
Oct 12, 2016

IPVM making industry manufacturers websites more secure, one HTTPS site at a time!

(1)
Avatar
Luis Carmona
Oct 12, 2016
Geutebruck USA • IPVMU Certified

IPVM, the fly on the butt of the Old Dog known as the security industry.

(1)