G W Posted May 31, 2015 Posted May 31, 2015 The fact is anything is possible when it comes to something being hacked. Whether it's Apple, some bank, the Intelligence community, or the military; all have been hacked at some point. "The fact is anything is possible when it comes to something being hacked." I can use the exact words yet have the exact opposite meaning as you. I am stating that is possible to have a system that cannot be hacked. My meaning is positive and your meaning is negative.
apostolakisl Posted May 31, 2015 Posted May 31, 2015 "The fact is anything is possible when it comes to something being hacked." I can use the exact words yet have the exact opposite meaning as you. I am stating that is possible to have a system that cannot be hacked. My meaning is positive and your meaning is negative. Positive or negative, you are wrong. But, you continue to believe what you like.
MikeD Posted June 1, 2015 Posted June 1, 2015 I can use the exact words yet have the exact opposite meaning as you. I am stating that is possible to have a system that cannot be hacked. My meaning is positive and your meaning is negative. I have been reading in amusement for a while. An analogy to this (Positive) way of thinking would be that it is possible to always walk across a busy city street without being hit by an oncoming vehicle. Stating that you could always accomplish this feat without injury is similar to believing a wireless system (Z-Wave) is 100% secure and imune to being hacked. I have a Z-Wave lock on my front door but I am in no way convinced that Z-Wave can never be hacked. However, everyone is entitled to their opinion and beliefs.~Mike
G W Posted June 1, 2015 Posted June 1, 2015 Positive or negative, you are wrong. But, you continue to believe what you like.Again, I can make the same statement.
G W Posted June 1, 2015 Posted June 1, 2015 I have been reading in amusement for a while. An analogy to this (Positive) way of thinking would be that it is possible to always walk across a busy city street without being hit by an oncoming vehicle. Stating that you could always accomplish this feat without injury is similar to believing a wireless system (Z-Wave) is 100% secure and imune to being hacked. I have a Z-Wave lock on my front door but I am in no way convinced that Z-Wave can never be hacked. However, everyone is entitled to their opinion and beliefs. ~Mike I get your point but somewhat disagree with you analogy. As for Z-Wave I agree. Given the proper tools and time I'm sure a Z-Wave door locked can be opened. It's much like Schrödinger's cat. Until the state is proven it is and isn't. Like you, I never rely one point of security. I use a plunger to ensure the deadbolt is indeed engaged in the proper position. I use mechanical and magnetic switches to insure the door is properly closed. By-the-way, I read AND write with amusement.
lilyoyo1 Posted June 1, 2015 Posted June 1, 2015 The statement is not negative or positive. It is simply a statement about things in our connected world. Anything connected to the web can be hacked. That is just a fact of life. Some systems require more time, resources, and skill than others but in the end, anything can be hacked. If someone were trying to be negative, they would rail again using connected systems and how they are the bane of our world . No one is doing that. We all recognize the risk that comes with using our systems and we accept that knowing that the likely hood of it happening is very low. I assume most of us take common sense measures to protect ourselves. Some go further than others.
apostolakisl Posted June 1, 2015 Posted June 1, 2015 Again, I can make the same statement. You really should just stop.
apostolakisl Posted June 1, 2015 Posted June 1, 2015 The statement is not negative or positive. It is simply a statement about things in our connected world. Anything connected to the web can be hacked. That is just a fact of life. Some systems require more time, resources, and skill than others but in the end, anything can be hacked. If someone were trying to be negative, they would rail again using connected systems and how they are the bane of our world . No one is doing that. We all recognize the risk that comes with using our systems and we accept that knowing that the likely hood of it happening is very low. I assume most of us take common sense measures to protect ourselves. Some go further than others. All true, but I would take it even further. If it is part of the universe, it can be hacked. And so far, mankind hasn't created anything that isn't connected to the universe. A famous illustration is stuxnet. Iran's systems were offline, yet they were hacked. There is always a way. I promise you, the security of today will be absolutely a joke to hackers 10 years from now.
G W Posted June 1, 2015 Posted June 1, 2015 The statement is not negative or positive. It is simply a statement about things in our connected world. Anything connected to the web can be hacked. That is just a fact of life. Some systems require more time, resources, and skill than others but in the end, anything can be hacked. If someone were trying to be negative, they would rail again using connected systems and how they are the bane of our world . No one is doing that. We all recognize the risk that comes with using our systems and we accept that knowing that the likely hood of it happening is very low. I assume most of us take common sense measures to protect ourselves. Some go further than others.Which statement is neither negative or positive? I think you are mixing several conversations.
larryllix Posted June 1, 2015 Posted June 1, 2015 In a recent TV series they do a show using a Memory key left in a public place. Most of the passerbys will pick it up, take it home or to their business office computer, and stick it in a USB port to see what is on it. Half the people still have their USB ports set to auto-run whatever is plugged into it. ooops... It doesn't have to be hacked through the Internet. This is like the old expression "A pessimist sees the glass as half full, and an optimist sees the glass as half empty"
io_guy Posted June 1, 2015 Posted June 1, 2015 Someone please lock/close this thread. It has nothing to do with the ISY and is just bringing the forum down.
Teken Posted June 1, 2015 Posted June 1, 2015 A famous illustration is stuxnet. Iran's systems were offline, yet they were hacked. There is always a way. Specifically, people need to realize in this instance there were many players in making this happen. This came from Siemens themselves, the Israeli's & American's. Coupled with the fact they managed to get the virus inserted into the closed system from a worker. What people don't realize is with out Siemens help and buy in none of this could have been accomplished. The PLC code used to control the spinning motors are nothing you find in any other industry and is proprietary to them alone. At the end of the day there were lots of people involved right or wrong. Its not surprising the same code was used against the very same people who created it! There isn't a nation in the world that has clean hands in any of this, pathetic.
G W Posted June 1, 2015 Posted June 1, 2015 "A pessimist sees the glass as half full, and an optimist sees the glass as half empty"And the engineer sees that the glass is the wrong size.
Michel Kohanim Posted June 1, 2015 Posted June 1, 2015 Hello everyone, It seems that this thread has become a little personal and political the outcome of either one of which is nothing pleasant. With all due respect to everyone, if the trend continues I will have no choice but to lock the topic. Thanks in advance for your consideration. With kind regards, Michel
stusviews Posted June 1, 2015 Posted June 1, 2015 By-the-way. Punctuation marks are not herd animals. "Look at that bunch of cows." "Not bunch, herd of cows." "Of course I heard of cows. Theres a bunch of them over there."
G W Posted June 1, 2015 Posted June 1, 2015 "Look at that bunch of cows." "Not bunch, herd of cows." "Of course I heard of cows. Theres a bunch of them over there." Crap. I shouldn't have read that while drinking in bed.
MWareman Posted June 1, 2015 Posted June 1, 2015 In a recent TV series they do a show using a Memory key left in a public place. Most of the passerbys will pick it up, take it home or to their business office computer, and stick it in a USB port to see what is on it. Half the people still have their USB ports set to auto-run whatever is plugged into it. ooops... Saw an attack a few days ago that will own any Windows (XP->10) by plugging in a (crafted) USB key even when auto run is NOT enabled. You can also target the attack against Mac and Linux easily enough.
larryllix Posted June 1, 2015 Posted June 1, 2015 Saw an attack a few days ago that will own any Windows (XP->10) by plugging in a (crafted) USB key even when auto run is NOT enabled. You can also target the attack against Mac and Linux easily enough. Yeah it is very strange that Windows has gone into pester user mode by confirming if we want to run everything before it will run. For cripes sakes if Windows doesn't know we asked it to be run then who does? The viruses don't seem to ask. Maybe they didn't get the memo about playing politely and using proper api calls only? *sigh* I guess Windows need another layer of protection. "Are you sure you're sure you want to run this?"
apostolakisl Posted June 1, 2015 Posted June 1, 2015 Yeah it is very strange that Windows has gone into pester user mode by confirming if we want to run everything before it will run. For cripes sakes if Windows doesn't know we asked it to be run then who does? The viruses don't seem to ask. Maybe they didn't get the memo about playing politely and using proper api calls only? *sigh* I guess Windows need another layer of protection. "Are you sure you're sure you want to run this?" I generally agree, but remember there are a lot of semi-legit programs that they try to trick you into installing them and this Windows feature does at least confirm that indeed you intended on installing it. You know what I mean, the "free" downloads off of cnet or whatever that bundle in a bunch of crap. Back to ISY, I am unaware of any ISY hacks aside from simply trying to decipher the password. I had opened port 80 to my ISY a couple years ago to do some testing and forgot it open. A couple months later I discovered that hack attempts were diligently plugging away at it. It does not appear that they ever got in though. Of course ISY is a pretty small and minimally rewarding target to hack.
paulbates Posted June 1, 2015 Posted June 1, 2015 Back to ISY, I am unaware of any ISY hacks aside from simply trying to decipher the password. I had opened port 80 to my ISY a couple years ago to do some testing and forgot it open. A couple months later I discovered that hack attempts were diligently plugging away at it. It does not appear that they ever got in though. Of course ISY is a pretty small and minimally rewarding target to hack. There is a feature request opportunity here. Another package I used would proactively lock out multiple incorrect accesses from the same IP. It also created a log entry if a login attempt failed after X times in a row from the same IP. That was comforting and functional. I found like Apostolakis that on port 80, my prior system was found relatively quickly, but the intruder locked out and interest in my system lost. I shut off port 80 and moved to ssl on a non standard port. I never saw another illegitimate login attempt.
Michel Kohanim Posted June 1, 2015 Posted June 1, 2015 Hi paulbates, That's what we used to have and which caused major issues with things like Network Magic and UPnP traffic which basically bombard ISY without credentials. We had to remove it because there's no easy way of figuring out the source (Network Magic runs at the router, UPnP runs on the computer with the Admin Console, etc.). With kind regards, Michel
MWareman Posted June 1, 2015 Posted June 1, 2015 Yeah it is very strange that Windows has gone into pester user mode by confirming if we want to run everything before it will run. For cripes sakes if Windows doesn't know we asked it to be run then who does? The viruses don't seem to ask. Maybe they didn't get the memo about playing politely and using proper api calls only? *sigh* I guess Windows need another layer of protection. "Are you sure you're sure you want to run this?" Actually, it's an attack at the bios level. The usb stick has code that pretends to be a keyboard controller and attacks thru the keyboard bios interface - the demo I saw took out power management in the bios and rendered the machine an instant brick. in concept, you can attack the secure boot at this point. Time to hot glue the USB ports...
paulbates Posted June 1, 2015 Posted June 1, 2015 Hi paulbates, That's what we used to have and which caused major issues with things like Network Magic and UPnP traffic which basically bombard ISY without credentials. We had to remove it because there's no easy way of figuring out the source (Network Magic runs at the router, UPnP runs on the computer with the Admin Console, etc.). With kind regards, Michel Michel That makes sense, and a more difficult task for the ISY. Paul
DavidG Posted June 2, 2015 Author Posted June 2, 2015 Probably best left at the border by another device. Behind the firewall you would expect that kind of traffic, outside the firewall, not so much. Of course, I don't put my devices on the internet, but rather setup a VPN tunnel to gain remote access.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.