Monday, November 24, 2014

Check your video folks!

Twice in one week... a Russian website that offers a view into as many as 73,000 webcam/video systems out there with default passwords set, and now this one discovered by Rapid7 offering another 150,000.

I used to average about 72 investigations every quarter. At least one had to do with default passwords set on video security systems. One, earned me a free trip (business of course) to Brazil to find out who'd been logging into the IP Cameras in the US. Turned out to be a sales engineer using default passwords.

Here's the deal folks... video systems have servers at the heart of the security system... those servers are computer systems designed to capture video, but nonetheless, they are simply computers. Other systems use servers too --badging for example. If you swipe, carry an RFID, or punch in a code that records accesses, guess what? The data is stored on a server.

So do yourself a favor. Make sure the security systems (physical security systems) have the default password changed. Default passwords are often times overlooked, and it's one of the simplest things you can do to keep yourself secure.