back to article UCam247 tells El Reg most of its cams aren't vulnerable to GET vuln

IoT security camera vendor UCam247 has contacted The Register to say most devices in the wild aren't vulnerable to the “single URL pwnage” vulnerability. Yesterday, we reported that more than 30 cameras from seven vendors had shipped with a modified GoAhead Web server. Among other things, the modification introduced a simple- …

  1. Ole Juul

    Thumbs up for Paresh Morjaria

    I wonder why the others didn't answer.

    1. Anonymous Coward
      Anonymous Coward

      Re: Thumbs up for Paresh Morjaria

      Paresh Morjaria? I know that name (and it turns out it's the same chap):

      https://uk.linkedin.com/in/paresh-morjaria-a17b5710

      Set up small but innovative AND technically competent AND customer focused UK ISP, Metronet. Hi Alex, Hi James, hi the rest of you, and thank you all. You are missed.

      Metronet was subsequently borged into Plusnet and Paresh went on to set up a pioneering cloud storage and cloud desktop company (DesktopOnDemand) before the cloud was even a thing. You won't have heard of them though, because the cloud wasn't a thing at the time.

      Lost track after that, but good to hear he's still around, and, importantly, still apparently doing quality stuff, and doing it properly.

      [From a long-time Metronet customer, in case it's not obvious]

    2. titathink

      Re: Thumbs up for Paresh Morjaria

      This is Kevin from Titathink. Sorry for the reponse delays and any inconvenience. After the author published the post, we've been keeping this case in a supreme level, our programmers was beginning to troubleshoot this issue on entire codes. In order to solve the issue and upgrade addtional function carefully and provide an accurate repair time, we need an evaluation of time to test the bug to cause the response delay. We'll release a new version of firmware soon and inform Titathink users to upgrade their cameras as far as possible.

      Thanks Richard Chirgwin to point out our mistakes and inform us!

      Kevin, Titathink.

  2. Mephistro
    Thumb Up

    Good...

    With that letter he has gained lots more respect and confidence from the public than those companies whose strategy in similar cases consists in:

    a) Deny everything.

    b) Sue whoever found the bug.

    c) If that fails, blame the user.

    d) Grumpily recognize the issue.

    e) Take a year to fix the bug.

    f) State that "Lessons have been learned".

    g) Wash, rinse, repeat.

    1. Arctic fox
      Thumb Up

      @Mephistro Re: Good...

      Indeed. I was open mouthed when I read this letter. Polite, informative and as far as one can see, showing a proactive and constructive approach to such challenges. Clearly he has not read Ignore, Obfuscate, Threaten and Litigate 101!

      1. John Robson Silver badge

        Re: @Mephistro Good...

        I like that expansion of IoT: Ignore, obfuscate, Threaten (litigation)

        1. Arctic fox
          Thumb Up

          @John Robson Re "I like that expansion of IoT"

          I wish that I could claim that it was intentional. I simply wrote my comment without noticing that felicitous acronym. Must have been a stream of (un)consciousness thing. :) Nice comment BTW - see icon.

        2. Anonymous South African Coward Silver badge

          Re: @Mephistro Good...

          Most Excellent. Maybe El Reg should make it their new description for all things IoT?

  3. allthecoolshortnamesweretaken

    Nice to see that there still are a few companies out there that know how to do business properly.

    Let's hope that this example will encourage others.

  4. Alistair
    Windows

    Someone in upper manglement will notice.

    Sadly, Paresh will need new employment shortly after that.

    <nope, not grumpy, not tired, no not at all>

  5. seanb-uk

    Finding the firmware

    This is a great response. I'd be happier with their products after seeing a response like that.

    I hope it's easy to track down the firmware though. I know for some camera models it's a nightmare of broken links, poor documentation, confusion over whether you can go straight to the latest release or have to apply each iteration in sequence and the risk of bricking your device.

    If UCam247 do a better job than the others in that respect as well, I'll be even more impressed.

  6. Adam 1

    clearly fake

    > IoT security camera vendor ...

    and

    > A new firmware is due to be released within the next couple of weeks

    Clearly a real IoT product would never release updated firmware to fix things

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021