THE latest and surely the greatest .......

California · Oct 31, 2021

ponytug said:
And yes, as @Frankenkubota points out all the "Internet of Things" gizmos (Alexa, Ring, security cameras, etc.) are a security nightmare. If you have them, I really think they should be on their own segregated VLAN that is different from your "normal" home network, and preferably also separate from any guest network(s) that you have. The IoT gizmos are too inexpensive for much in the way of security to begin with and there is no recurring revenue to support patching and fixing them going forward.

Personally, I think that if you have IoT gizmos, you probably need to upgrade to a more fully featured router and WiFi access points.

I've wondered if putting them on the Guest channel with a different password is enough to discourage an opportunistic hacker. I'm a half mile off the county road so drive-by hacking into the wifi is unlikely. But what are the chances of coming in from the cloud, through the IoT software, and into the desktop or the OS?

Somewhere I read a post by a Smart Plug owner who discovered it was uploading vast quantities of data to the Mother Ship for no apparent reason. He quit using it.

Added: Here's a current instance of remote devices being centrally controlled to store malware, ie used for storage and possibly a DoS attack, rather than for the purpose of stealing from the infected host device.

FBI Raids Chinese Point-of-Sale Giant PAX Technology – Krebs on Security

krebsonsecurity.com

... the FBI began investigating PAX after a major U.S. payment processor started asking questions about unusual network packets originating from the company’s payment terminals.

According to that source, the payment processor found that the PAX terminals were being used both as a malware “dropper” — a repository for malicious files — and as “command-and-control” locations for staging attacks and collecting information.

ponytug · Oct 31, 2021

Ideally, a guest network is set up so that no device can see or communicate with any other device on the guest network, or (especially!) the main network, but on some routers, it may not be as isolated. So, check. The other trouble is that on a guest network, IoT may not be able to talk to each other, and some devices do communicate locally. In the latter case, they need a separate VLAN.

All the best,

Peter

Torvy · Oct 31, 2021

Right now I have 2 separate ISPs.

JethroB · Oct 31, 2021

bigtiller said:
I have been using the Braun Oral-B tooth brush for a few years on my dentist recommendation. I wish they would make one with a longer lasting battery.

I agree. I’m on my second $40 one. After about a year the charging demands go up dramatically. Initially a charge would last a week or 14 or so uses. 18 months in and it’s 4-5 uses. I’m tempted to try a lithium model but $80? ouch.

The things we discuss on here……

ljjhouser · Oct 31, 2021

Regarding using long and unique passwords, that is a must now. And using One Time Passwords with second authenation. That is why I use LastPass password manager. But there are several good managers to use. I like LastPass and I use Yubico Key to login to LastPass. It is also very easy to use.

Frankenkubota · Nov 1, 2021

ponytug said:
Long lasting how? We have had our latest ones for over five years, the ones before that lasted ten-ish years. We do have one person for travel reasons.

And yes, as @Frankenkubota points out all the "Internet of Things" gizmos (Alexa, Ring, security cameras, etc.) are a security nightmare. If you have them, I really think they should be on their own segregated VLAN that is different from your "normal" home network, and preferably also separate from any guest network(s) that you have. The IoT gizmos are too inexpensive for much in the way of security to begin with and there is no recurring revenue to support patching and fixing them going forward.

Personally, I think that if you have IoT gizmos, you probably need to upgrade to a more fully featured router and WiFi access points. At the very least, it is cheap insurance. As they say about hiking in the woods with grizzly bears- "You don't have to outrun the bear, you just have to outrun at least one other person." You are just trying to make your home/finances/bank hard enough to access that you won't be the low hanging fruit in some attack. And long, unique, passwords, please!

Stay safe out there.

All the best,

Peter

2 comments...

i saw a guy on tv saying we should change from passwords to "pass phrases", something you and only you know.

watching doc on salmon, it said brown bears and grizzly bears are the same animal, brown bears just smaller. maybe it was black bears.

ponytug · Nov 1, 2021

Frankenkubota said:
2 comments...

i saw a guy on tv saying we should change from passwords to "pass phrases", something you and only you know.

watching doc on salmon, it said brown bears and grizzly bears are the same animal, brown bears just smaller. maybe it was black bears.

Yes, pass phrases are even better, because they are longer, but don't use something common like lyrics or famous lines. Longer means brute force won't get your password soon. Even a tiny raspberry pi can crank out passwords pretty quickly if someone gets a password database. A disappointingly large number of people use trivial passwords even today. I saw an analysis of hacked passwords, and 40% of one identifiable subgroup used their spouse's name as a password.

Yes brown bears are the species and grizzlies, and Kodak's are subspecies. Either way, not something I want to mess with. A friend was canoeing in the hug artic, and one morning awoke to find that a bear had come by to investigate their distant cooksite. He had a photo of the bear print, sunk 1-2" into the ground, and the center of the print, a faint outline of a tennis shoe print where he had stepped. It was a vivid image of how much the bear outweighed him. As someone who spent a lot of time diving in ocean waters, the shark version is what tends to come to my mind. Either way, don't be last!

All the best,

Peter

ericm979 · Nov 1, 2021

The devices just use the wifi password to authenticate to the radio on your router. It shouldn't go anywhere else unless they specifically wrote the code that way which would be weird. And the wifi password is not useful to an attacker on the internet unless you used the same password as the admin password for the router, and the admin port is open to the outside. The latter is not normally how wifi routers are set by default and the ISP will probably block that anyhow.

Being on the guest network will keep a compromised device from being used to attack the rest of your network. But it won't prevent the devices from being used in a bot net (ISP will detect that and block your access) or the devices gathering data on you or the data being poorly secured in "the cloud" or the devices being disabled when the manufacturer wants to make you buy a new one.

Pretty much any password short of a long random one can be broken. Many password "brute force" programs also try passphrases. I use long randomly generated passwords and keep them in a password manager. There are good ones that encrypt the passwords locally so you don't have to worry about that server being hacked.

I once spent a summer studying gizzly bears in Yellowstone. I came back to CA to do tree climbing in the fall and one weekend I went backpacking to Hetch Hetchy in Yosemite. I camped and strung up my food like I'd been doing all summer. A black bear came by right after I got in my tent and stole my food. I'd gotten used to just hoisting the food bag in a tree and tying it off. Grizzlies couldn't figure it out and can't climb. But black bears are smarter about people and can climb. Worse, it turned out that where I was camping was where the park service dumps bad bears who are getting into cars and trash dumps in the Yosemite valley. I heard the bear coming and just laid there listening to him steal my food.

As I was packing up in the morning a guy came down from where he'd camped and asked if I'd seen his camera! The bear had taken that too.

Frankenkubota · Nov 2, 2021

ericm979 said:
The devices just use the wifi password to authenticate to the radio on your router. It shouldn't go anywhere else unless they specifically wrote the code that way which would be weird. And the wifi password is not useful to an attacker on the internet unless you used the same password as the admin password for the router, and the admin port is open to the outside. The latter is not normally how wifi routers are set by default and the ISP will probably block that anyhow.

Being on the guest network will keep a compromised device from being used to attack the rest of your network. But it won't prevent the devices from being used in a bot net (ISP will detect that and block your access) or the devices gathering data on you or the data being poorly secured in "the cloud" or the devices being disabled when the manufacturer wants to make you buy a new one.

Pretty much any password short of a long random one can be broken. Many password "brute force" programs also try passphrases. I use long randomly generated passwords and keep them in a password manager. There are good ones that encrypt the passwords locally so you don't have to worry about that server being hacked.

I once spent a summer studying gizzly bears in Yellowstone. I came back to CA to do tree climbing in the fall and one weekend I went backpacking to Hetch Hetchy in Yosemite. I camped and strung up my food like I'd been doing all summer. A black bear came by right after I got in my tent and stole my food. I'd gotten used to just hoisting the food bag in a tree and tying it off. Grizzlies couldn't figure it out and can't climb. But black bears are smarter about people and can climb. Worse, it turned out that where I was camping was where the park service dumps bad bears who are getting into cars and trash dumps in the Yosemite valley. I heard the bear coming and just laid there listening to him steal my food.

As I was packing up in the morning a guy came down from where he'd camped and asked if I'd seen his camera! The bear had taken that too.

i ran into momma bear and 2 babies at yosemite. i've got a few photos but they are buried in a dead computer.

I thought they flooded Hetch Hetchy? Water for the bay area?

California · Nov 2, 2021

ericm979 said:
The devices just use the wifi password to authenticate to the radio on your router. It shouldn't go anywhere else unless they specifically wrote the code that way which would be weird.

Being on the guest network will keep a compromised device from being used to attack the rest of your network. But it won't prevent the devices from being used in a bot net

Thanks for detailing that. Rip Van Winkle here. I was the PC guru for our office long long ago (pre wifi. Sneakernet to go print something off anyone's laptop!) and kept up with security etc then but I've ignored the field since I retired. Now just a concerned user. Clinging to familiar Windows 7 for as long as it works.

Yosemite bears? After sunset they mingle with the campers in the Yosemite Valley campgrounds. We saw silly girls a few sites over leave out a sandwich, then take flash photos when the bear came by. One year we got a site right on the river and with a gorgeous view of Half Dome. Broken glass everywhere. Neighbor said bears broke into the car previously parked there. We hid all food under tarps in the trunk of the car and no bear problem. We did see one slink by on the other side of our fire pit. Injuries from bears there are exceedingly rare which is surprising when something like 10,000 people can be in Yosemite Valley in peak season.

My photo from our campsite. Incredibly, Half Dome is a vertical mile tall.

THE latest and surely the greatest .......

California

Super Star Member

FBI Raids Chinese Point-of-Sale Giant PAX Technology – Krebs on Security

ponytug

Super Member

Torvy

Super Member

JethroB

Veteran Member

ljjhouser

Veteran Member

Frankenkubota

Elite Member

ponytug

Super Member

ericm979

Super Member

Frankenkubota

Elite Member

California

Super Star Member

Footer Links 1

Footer Links 2