Steganography

[Eric The Viking]

Talking about hiding things in unexpected computerish places, I came across this (below) earlier. I run open source firmware extensions on my Canon 6D camera, and they are excellent, so not everything is malign, but the apparent ease with which this was done is scary, and the hubris of Canon in putting such a security risk out there in there in the first place is concerning:

https://www.contextis.com/resources/blo ... ncryption/

Tetris has already been 'ported' to the 6D, incidentally.

 

[DrPhill]

There is plenty of this sort of thing. (eg: http://www.theregister.co.uk/2015/09/03/baby_monitors_insecure_internet_things/)

IOT = 'Internet of trash' (or 'internet of tat')

I cannot imagine any knowledgeable person installing any of this. Far too much risk, virtually no gain.

 

[Sherman1973]

my head hurts with this one. interesting though!

 

[Keithie]

I remember reading some years ago about a service using webcams pointed at lava lamps to generate and sell random numbers.

That's interesting, I wonder if they would constitute true random number sequences... I thought that, in practice, true random number sequence generation wasnt possible ... but things move on!

 

[Keithie]

There is plenty of this sort of thing. (eg: http://www.theregister.co.uk/2015/09/03/baby_monitors_insecure_internet_things/)

IOT = 'Internet of trash' (or 'internet of tat')

I cannot imagine any knowledgeable person installing any of this. Far too much risk, virtually no gain.

meh ... one of my friends used to work for a specialist Turkish tech/media company and he reckons that everything online is hackable.. no need to worry about any specifc iot stuff ...its all vulnerable.

 

[DrPhill]

meh ... one of my friends used to work for a specialist Turkish tech/media company and he reckons that everything online is hackable.. no need to worry about any specifc iot stuff ...its all vulnerable.

I suspect that there are different levels of hackable/vulnerable. When push comes to shove a 'rubber hose attack' will generally work. So a lot of it is done to cost/benefit, or risk/benefit analysis by the hackers.

Just like a house.... if you leave your doors and windows open with valuables on display then someone is going to give it a try. If your doors are shut and locked (and you dont have insecure windows) then the thieves will need a good reason to risk their time/liberty picking your locks or opening your windows.

Similarly if you use the router from your isp without changing the username/password from Admin/admin then you are begging for a cyber visit. If you use a more secure router inside your isp one, and change the username/ password on the isp router, then you have two layers of defence. Run linux inside your defences and if the scrotes get through they will likely not know how to damage you anyway.

But plug in that oh-so-clever internet connected web-cam and, well, all bets are off whatever else you you might have done.......

 

[dcmguy]

Wow...this is a good thread for brainy people! I had to look up what steganography even meant! I think if I wanted to send a hidden message the limit of my ability would be to use a highlighter to pick out words in a previous message!! As for computer stuff I guess I'll just have to trust my isp...I've got a bt smarthub and at least I changed the passwords...so not totally useless! Is it tricky to put another router after a router if you're only using wifi?

 

[DrPhill]

Is it tricky to put another router after a router if you're only using wifi

Yes. And no. It depends on what you know and what you have. Bear in mind that I am not an expert, so if you want really secure talk to someone really knows.

Your ISP (in this case BT) sent you a box that does two jobs - converting the phone signal to a data signal ( think modem) and then makes it accessible via wifi or ethernet cable (router). I think BT home hubs are quite good, but the el-cheapo devices from the likes of LeakLeak etc are (reputedly) easy to crack from the web side.

So the home-hub plugs into the phone line and provides two outputs - wifi and an ethernet port. If you have another router (or wifi accesss point) that can plug into ethernet then you just do this. You then have two wifi signals (one from each box) with different names and passwords. You can then turn off the BT home hub wifi and just use the extra router/wifi.

I do this because my extra wifi has much better access control and a reputation for being harder to hack. Add the fact that the scrotes are probably not set up to attack the second layer (likely a scripted attack?) and they will probably look for easier targets.

You have changed the passwords - that is good. Dont forget the admin password too.......