Skip navigation
Subscribe to EDN
« A File Association Faux Pas | Main | HDD Prices: A New Low (Which Is A Good Thing!) »
Brian Dipert
Brian Dipert

Homeland Security: A Windows Pathology And HomeSeer Apology

November 27, 2007

This blog post references my hands-on feature article ‘Homeland Security: Monitoring And Manipulating Remote Residences‘ in EDN’s November 22, 2007 edition. It’s one of a series of web addendums to the print writeup.

In my writeup, I strongly suggested (although, in my defense, I didn’t definitively conclude) that the system lockup I experienced with my Fujitsu Lifebook-P2110 laptop was the result of an unsuccessful hack of the web server built into HomeSeer Technologies’ HS2 home control software:

I wouldn’t recommend exposing the HomeSeer software’s Web-server interface to the WAN through a firewall hole, however, especially over the default HTTP port 80. Two days after I took these very steps, the laptop stopped responding to WAN-access attempts. When I returned on-site nearly two weeks later, I found the system locked up with a blank screen. Power cycling the PC brought it back to life with no apparent ill effects, so I suspect that someone unsuccessfully attempted to hack it. Nevertheless, use a nonstandard TCP port or, better yet, dispense with the direct Web-server interface and instead access the HomeSeer-equipped computer over an encrypted and password-protected VNC or VPN connection, as I’m now doing.

Although I stand by my recommendation to reconfigure HS2 in order to employ a non-standard TCP port (versus the port 80 default), it seems that unwanted system intrusion via HS2 wasn’t the source of the problem I encountered, after all. Even though I’ve closed the firewall hole that previously provided WAN access to HS2, as well as more generally not run HS2 but instead relied on Universal Devices’ ISY-26, the system has randomly locked up twice more in the past two months. I still have open firewall holes for RealVNC and Remote Desktop Connection; hack attempts via either of those ports could potentially explain the system freezes. Or maybe a more fundamental buggy peripheral driver or service is to blame.

As I type these words, the system’s been running nonstop, flawlessly handling dynamic DNS updates, for over two weeks…but for how much longer I have no clue. Regardless, I owe HomeSeer a correction for an implication that, after further experimentation, was misdirected.

Posted by Brian Dipert on November 27, 2007 | Comments (2)

November 29, 2007
In response to: Homeland Security: A Windows Pathology And HomeSeer Apology
Brian Dipert commented:

Dear Rick, sweet! No, I wasn't aware of that. Now if I can just keep the laptop running on a consistent basis....;-) There's a lot of power in HS2, I suspect, that's hidden behind a somewhat non-intuitive user interface and cryptic documentation.


November 29, 2007
In response to: Homeland Security: A Windows Pathology And HomeSeer Apology
Rick Tinker commented:

Brian, Are you aware that HomeSeer HS2 supports an encrypted web server as well? You can have the unencrypted web server in your home, and set up the encrypted one for external use. You can configure each one to use different non-standard ports, and you can create your own security certificate for the encryption.

POST A COMMENT
Display Name
captcha

Before submitting this form, please type the characters displayed above. Note the letters are case sensitive:

Advertisement
Advertisement
Advertisement
About EDN   |   Site Map   |   Contact Us   |   Subscription   |   RSS
© 2012 UBM Electronics. All rights reserved.
Use of this Web site is subject to its Terms of Use | Privacy Policy

Please visit these other UBM Canon sites

UBM Canon | Design News | Test & Measurement World | Packaging Digest | EDN | Qmed | Pharmalive | Appliance Magazine | Plastics Today | Powder Bulk Solids | Canon Trade Shows