On 02/07/18 06:56, Bob Goodwin wrote: I suppose the question would be.....   You bought the gear from Armcrest?  What specifically are you worried about?   And, if you bought your gear from Armcrest wouldn't they be the ones to answer your concerns?  Nothing you've said would seem to involve Fedora. -- A motto of mine is: When in doubt, try it out

On 02/07/18 18:31, Bob Goodwin wrote: I guess I'm not clear on how things are supposed to work.  It sounded to me as if the camera was uploading videos into their cloud and if someone wanted to view it they would access the cloud and not the camera directly. Right, your system is F27 but I didn't see where your system was interacting with the camera.  And, if things worked as I thought they would in that videos are getting uploaded to the cloud and someone external to your LAN was also just connecting to the cloud then there would seem little chance of a problem. The problem could be if one accessed the camera itself from outside of your LAN.   It just seemed to me that wasn't going to be the case.  I think even in the case where a camera is made available to control from outside of your network the only compromised component would be the camera and the microphone if it has one.  So, potentially, someone could spy on you.  I've not heard of an attack where someone gains control of an IP camera and then launches an attack on other devices like your F27 system. -- A motto of mine is: When in doubt, try it out

Allegedly, on or about 7 February 2018, Ed Greshko sent: Some cameras merely use a central server as a way of finding your camera by a name (ala dynamic DNS, mine initially lets you find it by serial number, if I recall correctly) and for traversing NAT. One option to using these kind of cameras more safely, might be if your router has a demilitarised zone (DMZ). The router will forward specific traffic to it, and not allow it (your camera) to interact with your LAN. This does require that your cameras are connected directly to the router, not sharing a switch with your LAN. -- [tim@localhost ~]$ uname -rsvp Linux 4.14.14-200.fc26.x86_64 #1 SMP Fri Jan 19 13:27:06 UTC 2018 x86_64 Boilerplate: All mail to my mailbox is automatically deleted. There is no point trying to privately email me, I only get to see the messages posted to the mailing list. Damn, I didn't mean to press *that* button!

On 02/08/18 04:59, Tim wrote: Come to think of it, you are probably totally right on this when it comes to live viewing.  I happen to have a "slingbox" in AZ at a friend's place.  It periodically sends its "location" to a central server and the app on either the browse, android, or ios device uses that to directly contact the slingbox.  (I've not used the slingbox in a while so forgot about how it works). Unless it is possible to inject malware into the device I can't see it mounting an attack on other devices on the LAN. -- A motto of mine is: When in doubt, try it out

On 02/07/18 06:56, Bob Goodwin wrote: Oh, and aren't you using a satellite internet connection?   In the past you've indicated if you exceed your data quota it is expensive.  Are you concerned about the uploads of video may impact your wallet?  :-) -- A motto of mine is: When in doubt, try it out

On 02/07/18 05:27, Tim wrote: + No, what I would like to know is if I am safe in using their cloud? -- Bob Goodwin - Zuni, Virginia, USA http://www.qrz.com/db/W2BOD box10 FEDORA-27/64bit LINUX XFCE Fastmail POP3

Allegedly, on or about 6 February 2018, Bob Goodwin sent: Oh, and check the security of the cameras, themselves. There's a huge number of IP cams with insecure software that, not only exposes the camera to exploits, but your LAN to exploits through the camera. I bought a cheap $30 one, on a whim, just to see how the robot mechanism worked. It's one that should never be allowed anywhere near internet access. It logs into a central server so you can connect to your camera. That exposes you to rogues who poll the server. And the camera is easily exploitable with a broken HTTP access request, which returns the passwords set into the camera. From there, they can write into the camera, and may be able to exploit your LAN (especially if you're silly enough to use the same passwords). http://seclists.org/fulldisclosure/2017/Mar/23 https://pierrekim.github.io/blog/2017-03-08-camera-goahead-0day.html The problem is created by a stupid implementation of a simplistic webserver in the cameras. -- [tim@localhost ~]$ uname -rsvp Linux 4.14.14-200.fc26.x86_64 #1 SMP Fri Jan 19 13:27:06 UTC 2018 x86_64 Boilerplate: All mail to my mailbox is automatically deleted. There is no point trying to privately email me, I only get to see the messages posted to the mailing list. It seems the modern trend with Linux programmers is to change existing software so that it's more annoying to use (e.g. making reboots required, when they never used to be), then denying that *that* is a nuisance, then saying it's necessary (ignoring that several years of prior versions didn't have that stupid requirement), then complaining about being criticised for making things worse. Don't try giving me an Emperor's New Clothes routine, it won't wash.

Allegedly, on or about 7 February 2018, Bob Goodwin sent: Likewise... Most of us are in that boat. Though, in my case, I could see how insecure my camera was for myself. If you connected as an unauthenticated visitor, it was possible to load the configuration page and see the passwords displayed in the page. And it wasn't possible to block anon access, either. So, about the only use for these cameras would be non-private (such as aimed at wildlife in the great outdoors), with no passwords set at all (it was pointless). Of course, if you set up a camera like that because you wanted to watch animals in the wild, chances are that someone else may have rotated the camera in the wrong direction after they found it. -- [tim@localhost ~]$ uname -rsvp Linux 4.14.14-200.fc26.x86_64 #1 SMP Fri Jan 19 13:27:06 UTC 2018 x86_64 Boilerplate: All mail to my mailbox is automatically deleted. There is no point trying to privately email me, I only get to see the messages posted to the mailing list. Linux cures Windows pains.

On 02/07/2018 10:26 AM, Rick Stevens wrote: I should have added that your firewall on your router is NOT a replacement for having firewalls on your individual computers. I have home automation along with a number of cameras. I don't use the cloud to handle my cameras (Foscams) although I could. I use ZoneMinder on one of my systems and it controls the cameras. I have firewalls on all of my systems as well as the router's firewall. Thus, even if the router is compromised, my systems are still safe due to their own firewalls. Belts and suspenders, you know. ---------------------------------------------------------------------- - Rick Stevens, Systems Engineer, AllDigital ricks(a)alldigital.com - - AIM/Skype: therps2 ICQ: 22643734 Yahoo: origrps2 - - - - Blessed be the peacekeepers, for they shall be shot at from - - both sides. - - -- A.M. Greeley - ----------------------------------------------------------------------

On 02/07/2018 11:22 AM, Bob Goodwin wrote: Ah, yes, I forget that some people do have limited internet access. My apologies. You might consider doing what I do regarding using ZoneMinder (ZM). If your ZM machine is visible to the internet (e.g. your router permits incoming connections without using the restricted cone NAT or you can do port-forwarding), then viewing the webcams would be on-demand (you'd only use bandwidth if you or your family hit your ZM server from outside) since the cameras would be reporting to your ZM server and not the cloud. You also get the benefits of alarms, recording the cameras' streams, etc. etc. Ah, the games one must play. :-) ---------------------------------------------------------------------- - Rick Stevens, Systems Engineer, AllDigital ricks(a)alldigital.com - - AIM/Skype: therps2 ICQ: 22643734 Yahoo: origrps2 - - - - To understand recursion, you must first understand recursion. - ----------------------------------------------------------------------