Jump to content

Welcome to Smart Home Forum by FIBARO

Dear Guest,

 

as you can notice parts of Smart Home Forum by FIBARO is not available for you. You have to register in order to view all content and post in our community. Don't worry! Registration is a simple free process that requires minimal information for you to sign up. Become a part of of Smart Home Forum by FIBARO by creating an account.

 

As a member you can:

  •     Start new topics and reply to others
  •     Follow topics and users to get email updates
  •     Get your own profile page and make new friends
  •     Send personal messages
  •     ... and learn a lot about our system!

 

Regards,

Smart Home Forum by FIBARO Team


  • 0

HCL security flaw


Piotr Bojko

Question

6 answers to this question

Recommended Posts

  • 0

How i love clickbaits ...

 

There you got original source

Please login or register to see this link.

Cytat

The issues described in this article have been reported to the vendors – who have then released patches for most of them – in 2018.

 

i was almost forget about that :)

Link to comment
Share on other sites

  • 0

 

1 hour ago, A.Socha said:

How i love clickbaits …

 

they selling their "so called security reports" for 745USD, no wonder they posting such old crap to gain some visibility.

 

Btw, the only thing ESET ever did properly was to leak IDA Pro License, their own products are just disaster from security point of view (like all the other snake oil industry products). I know that ESET IoT are not ESET AV, but how can i trust a company, if they haven't managed to detect issus in own software? Example

 

Please login or register to see this link.

 

 

 

Edited by tinman
  • Like 1
Link to comment
Share on other sites

  • 0

I've given everyone in this topic a "like" because it think it worth discussing the possible security issues with any kind of modern tech but especially with IoT while also pointing out the relative risks and vendor responses.

 

Increase the awareness of the complexities involved in writing secure software (and designing secure hardware)...

 

The importance of keeping stuff up-to-date (nobody is using wifi WEP encryption these days - right?).

Link to comment
Share on other sites

  • 0

Let's bash some open source software too, because it is supposed to be rock solid because of all that "peer review" of the source code.

 

CVE-2018-21019 Home Assistant before 0.67.0 was vulnerable to an information disclosure that allowed an unauthenticated attacker to read the application's error log via components/api.py.  Publish Date : 2019-09-23 Last Update Date : 2019-09-23

 

 CVE-2017-16782 In Home Assistant before 0.57, it is possible to inject JavaScript code into a persistent notification via crafted Markdown text, aka XSS. 
Publish Date : 2017-11-10 Last Update Date : 2017-11-29

 

Domoticz: CVE-2019-15480 and  CVE-2019-10678

 

I am going to stop here, because we can go on like this forever and the debate is always polarising. My point is: making software secure is tough.

Link to comment
Share on other sites

  • 0

not sure if i can write how HC3 has been secured (on design / hardware level - which is what Fibaro was responsible for, potential security holes like in js / Linux are different story and need to be patched on regular base), but i'm actually impressed.

  • Like 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...