Hope you bought a reverse proxy with that net-enabled lighting system...

Started by deanwebb, May 12, 2015, 09:11:33 AM

Previous topic - Next topic

deanwebb

https://threatpost.com/home-automation-protocol-z-way-vulnerable-to-remote-attacks/112720

From the article:

After looking into the issue further Westergren learned via a RaZberry FAQ that Z-Way comes without authentication by default and that the service encourages users to protect their devices via alternative means, like "ngnix and other reverse proxy servers."

"It was interesting to find that the vendor was aware of the issue, yet relinquished themselves of dealing with it," Westergren wrote, "...while a user's LAN is supposed to be somewhat safe, this doesn't mean remote attacks are impossible."
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.