| Post 61 made on Saturday July 19, 2008 at 10:42 | ...it's new! |
sbwright Regular Member |
| |
| On Friday July 18, 2008 at 22:51, Kevin Magee said... |
| Maybe this is my solution, two networks. Opinions? |
It's about all we can do till Philips see's the light, the # of views on this thread should tell them how important it is.
We use a double router setup as described in the attached link. The remotes and accessories go on the semi-secure lan. We also have a pc that runs squeezecenter on the semi-secure side, would love to be able to shutdown this additional piece of equipment.
http://www.grc.com/nat/nat.htm
This message was edited by sbwright on Saturday July 19, 2008 at 10:48. |
Brian
Pronto TSU9600, RFX9600, (RFX9400 - retired), SlimPronto | [ Reply | Quote & Reply |
| Post 62 made on Saturday July 19, 2008 at 10:56 | ...it's new! |
Barry Gordon Founding Member |
| |
There are many differing opinions on security as I said in some previous posts. The only absolute security (among rational people) is when it costs more to break in versus what can be gotten is worth. Then again who says that all hackers are rational.
I have weighed, for me, the various risks vs. gains of WEP vs. WPA and I am a computer scientist with a large knowledge of networking, hardware and software, and did work for the NSA on cryptography so I guess I know something about security also. In my situation I have decided that WEP is okay. On the other hand I take great pains to completely shroud my internet connection and control that very tightly. Every situation is different. Each individual must make their own assessment of their situation and act accordingly.
Put the pressure on Philips. They do not appear to monitor this forum or do so very quietly. Ranting and raving here is interesting, somewhat informative at times, sometimes humorous, but in the end game probably not doing much good. Lots and lots of letters to Philips, returning units and demanding a return of price (probably a waste of time) would probably work better.
As the home gets more and more of a wireless orientation there will be better security models required and supplied. All of the major Home Theater vendors (and eventually other appliances) will be switching away from RS232 to TCP/IP and some to wireless connectivity. I know Crestron is going that way with wireless only to its hand held units and wired TCP/IP to components. I know of at least a dozen component manufacturers that are planning to replace their RS232 ports with Ethernet jacks. Easier for firmware downloads and advanced control/integration. I know of one that will be supplying a USB interface on their next product making their device look like a mass storage unit (the same way a lot of digital cameras work.) and then move to Ethernet.
As an alternate thought, and just a thought, to approaching the security issue I offer the following:
I would approach the problem differently. What is it that is a concern from a security issue? It is probably a small amount of data that is best placed on a removable media and only mounted when doing very certain specific things. Maybe it is finance data, personal information, etc. At the time the material were mounted one could power down the WEP WAP, or just take the chance that during that time there was very little exposure. A 250G removable hard drive is not that expensive. I would probably go with an SDHC card reader. SD cards form the main memory systems of many cameras. There are SD readers that have a USB connection and some which can be installed in a 3.5 inch bay and use 16Gig SDHC cards. I know the 8 Gig cards cost about $50 I am not sure how volatile they are but then again so is a hard drive. The nice thing is that they are small and very portable. Readers are fairly inexpensive and many PC's now have readers built in. I am planning to change one bay on my main system to have SD capability.
This thread is getting highly repetitive and very opinionated. At least we are currently keeping it civil. |
| [ Reply | Quote & Reply |
| Post 63 made on Saturday July 19, 2008 at 12:00 | ...it's new! |
sbwright Regular Member |
| |
For the most part Barry I agree with what you wrote and it is likely that Philips will continue down the path they want regardless what is posted here.
The probability is likely low, the severity is however very high. Of course what’s at risk depends on what you are doing on the pc attached to the wep (secured?) lan.
We live in a city; there are probably at least 50 neighbors’ within our wap range. I would not trust the pc on our wep network for doing anything other than playing music and RC, it must be considered compromised. I could never use/trust this PC to do any online banking, online purchasing or contain any personal information, with removable storage device or not.
This machine runs 24*7 and is available to be continuously pounded by anyone in the neighborhood. It could easily contain a trojan, keystroker or other planted malware. It most likely does not but the consequence it to great to chance. Call me paranoid, but I have heard of enough people with stolen identities and credit cards.
I also have security systems on the house and automobiles, hmmm maybe I am paranoid. |
Brian
Pronto TSU9600, RFX9600, (RFX9400 - retired), SlimPronto | [ Reply | Quote & Reply |
| Post 64 made on Saturday July 19, 2008 at 12:06 | ...it's new! |
fredman Junior Member |
| |
| The security of the private data is one point. This problem could be solved as Barry suggested. But here in Germany it is the main problem, that someone could do criminal things with your internet connection. Your provider gives your name to the police and you get a lot of trouble and more. The police will search your home, take your computers and so on. So you cann´t use WEP for your internet connection network. I have now two networks, one for the internet, one for the Pronto. But it is pitty, that I cann´t use any function of the Pronto which need an internet connection. |
| [ Reply | Quote & Reply |
| Post 65 made on Sunday July 20, 2008 at 00:44 | ...it's new! |
Lyndel McGee Loyal Member |
| |
For those following this post. You may find this other one interesting...
http://www.remotecentral.com/cgi-bi...ntopro/thread.cgi?1668 |
Lyndel McGee
Philips Pronto Addict/Beta Tester
View EscientPronto 1.0.2 Docs - http://www.mediafire.com/do...hp?yyfzfzzok5z | [ Reply | Quote & Reply |
| Post 66 made on Sunday July 20, 2008 at 04:03 | ...it's new! |
Harryup Junior Member |
| |
I set up a second WIFI access point and used the Mac address from the remote and locked connection from any other Mac address.
regards
Harry |
| [ Reply | Quote & Reply |
| Post 67 made on Sunday July 20, 2008 at 08:26 | ...it's new! |
nyjklein Long Time Member |
| |
MAC spoofing on a WEP network is even more trivial than WEP cracking. The MAC addresses are sent in the clear even if the network is encrypted.
Jeff |
| [ Reply | Quote & Reply |
| Post 68 made on Sunday August 24, 2008 at 18:39 | ...it's new! |
Kevin Magee Regular Member |
| |
| On Tuesday July 15, 2008 at 11:23, Chris Horn said... |
| Since I try to be as open as I can, I'd just like to post that I was contacted by the Pronto Team and have gotten a preliminary release of the whitepaper to comment on. |
Any idea when it will be publicly released? I have been checking. |
| [ Reply | Quote & Reply |
| Post 69 made on Sunday August 24, 2008 at 20:08 | ...it's new! |
Chris Horn Founding Member |
| |
Nope, haven't heard of them since.
The way you've been going with two SSIDs and firewalling between subnets surely is the one to go. There isn't any magic in the whitepaper and there isn't any in networking. |
If you don't want to get better you stop being good. | [ Reply | Quote & Reply |
| Post 70 made on Sunday August 24, 2008 at 21:18 | ...it's new! |
Chris Horn Founding Member |
| |
...and just for curiosity I downloaded and installed PEP v2.
First thing I did was create a new config with a TSU9800 as target.
Went to system properties and opened the network tab.
Guess what, there is NO WPA encryption for the TSU9800 as well.
They must be crazy! |
If you don't want to get better you stop being good. | [ Reply | Quote & Reply |
| Post 71 made on Tuesday August 26, 2008 at 23:03 | ...it's new! |
RemoteGuru Junior Member |
| |
| On Tuesday January 22, 2008 at 22:36, Peter Dewildt said... |
There were reasons for not putting in WPA. I don't know whether these have been resolved.
From a post in May, 2007
"The WPA specification is not fully standardized at this time. There was support in the first Beta but it was pulled just before release. I suspect it was pulled because of differences of implementation between various routers and the difficulties presented by not having a standard spec."
From a post in July, 2007
"The problems that Philips identified with WPA were - authentification can take a long time and it was undesirable to have users wait 30 seconds or more to get commands transmitted to the extender. - the extra data transmitted with WPA was causing the battery to drain quicker" |
Hey Peter,
Certainly not arguing with you on this issue just pointing a few things out. There are other manufacturers of hand-held remotes who allow WPA in a few different flavors and do not seem to have the issues Philips has raised. (Hint---Nevo) Please pass this on to the Pronto Team.
Dave D |
| [ Reply | Quote & Reply |
| Post 72 made on Wednesday August 27, 2008 at 16:53 | ...it's new! |
Chris Horn Founding Member |
| |
Philips DOES know about this.
It was demanded heavily at dealer meetings.
My biggest problem with Philips is that they did the same design error with the TSU9800 again, knowing that it's wrong.
It shows PHILIPS' attitude towards this 'issue' and that's frightening me! |
If you don't want to get better you stop being good. | [ Reply | Quote & Reply |
| Post 73 made on Wednesday August 27, 2008 at 17:03 | ...it's new! |
gopronto Regular Member |
| |
May be this is why philips are holding off.....
"WPA is not an official IEEE standard, but is based on and is expected to be compatible with the upcoming 802.11i security standard, sometimes referred to as WPA2. WPA is designed to be a software upgrade. The 802.11i standard will likely require a hardware upgrade. However, wireless vendors and security professionals expect today's WPA and WPA-PSK to be useful for a very long time." |
Pronto lead the way and the rest follow.... | [ Reply | Quote & Reply |
| Post 74 made on Wednesday August 27, 2008 at 17:08 | ...it's new! |
Chris Horn Founding Member |
| |
Nope.
From: http://en.wikipedia.org/wiki/Wi-Fi_Protected_Access
The advanced protocol, certified through Wi-Fi Alliance's WPA2 program, implements the mandatory elements of 802.11i. In particular, it introduces a new AES-based algorithm, CCMP, that is considered fully secure. From March 13, 2006, WPA2 certification is mandatory for all new devices wishing to be certified by the Wi-Fi Alliance as "Wi-Fi CERTIFIED."
...
Most newer Wi-Fi CERTIFIED devices support the security protocols discussed above, out-of-the-box, as compliance with this protocol has been required for a Wi-Fi certification since September 2003.
---
This is five years since!
This message was edited by Chris Horn on Wednesday August 27, 2008 at 17:21. |
If you don't want to get better you stop being good. | [ Reply | Quote & Reply |
| Post 75 made on Thursday October 30, 2008 at 15:41 | ...it's new! |
Bosteve Long Time Member |
| |
Somebody at Philips really needs to be slapped upside the head about this issue. I simply can't believe that they've dragged their feet this long. I've been planning to buy a TSU remote for over 6 months, but I absolutely will not plunk down any money until Philips changes its products to support real WiFi security.
Of course, while I'm waiting, another remote control vendor might come along with a product that suits my needs... |
| [ Reply | Quote & Reply |
| Post 76 made on Friday December 12, 2008 at 17:50 | ...it's new! |
Bosteve Long Time Member |
| |
Sorry for beating this dead horse, but I couldn't resist.
I was browsing the web earlier today and came across a product forum (not for remote controls), where users were complaining about the lack of WPA support and being limited to useless WEP security. Then I saw that the thread was from late 2005! Here we are, four years later, and Philips is still shipping WiFi products with only WEP security. What a joke! |
| [ Reply | Quote & Reply |
| Post 77 made on Saturday December 13, 2008 at 13:49 | ...it's new! |
Kevin Magee Regular Member |
| |
| I have a new cell phone, a PDA. It scans for wireless networks. Once when I forgot to turn this feature off, it pick-up no less than 50 networks on my way home from work. About 25% were had no security. I bet that in an hour of driving around, I could find 100 unsecured networks within a few miles radius of my home. In the U.S. thieves must not be stealing too much information in this manner. If they are then they don't have to worry about even WEP security in my area to steal quite a bit. Not saying that I have changed my mind. I would still like to see wpa2 support but it may not be as big of a problem as I first thought, in the U.S anyway.
This message was edited by Kevin Magee on Sunday December 14, 2008 at 09:20. |
| [ Reply | Quote & Reply |
| Post 78 made on Saturday December 13, 2008 at 14:27 | ...it's new! |
SimonO Long Time Member |
| |
| On Saturday December 13, 2008 at 13:49, Kevin Magee said... |
| I have a new cell phone, a PDA. It scans for wireless networks. Once when I forgot to turn this feature off, it pick-up no less than 50 networks on my way home from work. About 25% were had no security. I bet that in an hour of driving around, I could find 100 unsecured networks within a few miles radius of my home. In the U.S. thieves must not be stealing too much information in this manner. If they are then they don't have to worry about even WEP security in my area to steal quite a bit. Not saying that I have changed my mind. I would still like to see wap2 support but it may not be as big of a problem as I first thought, in the U.S anyway. |
I'm hopeful that we will see WPA2 support before Q3 2009. |
SO AV™ Level 3 Certified | [ Reply | Quote & Reply |
| Post 79 made on Thursday December 18, 2008 at 07:20 | ...it's new! |
BluPhenix Junior Member |
| |
I'm adding a bit to this thread.
Maybe WEP is ok for some home users, but i have a different situation. We are trying to use the Pronto's not in home automations but in multimedia classroom automations. That is we would like to use the pronto's to control the classrooms of faculties, companies etc. The good thing about the pronto's usage of the WiFi network is that they can be used everywhere in a building that is covered by wifi. Faculties usually have large wifi networks, and we could use those networks for the pronto network without adding a specific wifi network for the pronto's. In this way a remote can be used everywhere within the faculty. Even more the faculty can have a stock of remotes and the attending professor just needs to pick one of them. But, large Wifi networks as this are usually quite fond of security and i haven't seen any such networks without the WPA or WPA2 protection.
So please Philips, rethink this part of your pronto products, give us the opportunity to select if we want better security or longer battery life or whatever. |
| [ Reply | Quote & Reply |
| Post 80 made on Thursday December 18, 2008 at 12:20 | ...it's new! |
blang2006 Regular Member |
| |
| From my knowledge Philips is anouncing WPA (WPA2?) with next firmware update. But they did not say, when the next firmware update is comming. Also WPA2 is not specially mentiend. I´m waiting and praying for the programmer and his good work, finalized soon. |
| [ Reply | Quote & Reply |
