00:03 <JacobWeisz[m]> Yeah, if someone gets into your on-premise camera system, good chance they can get into a lot of other sensitive stuff too, you're already hosed.

00:04 <simpson> Important food for thought for those of us designing cap-safe homelabs.

00:05 <simpson> Be like the video-game designs: Access to your security cameras is not a winning condition, just another capability. (But don't actually encourage hackers with Mario-style lessons or Zelda-style rewards~)

00:07 <JacobWeisz[m]> Speaking of pivoting... https://twitter.com/nyancrimew/status/1369437256193343496?s=21

04:17 <kentonv> oh hey you guys were talking about the camera thing

04:18 <kentonv> JacobWeisz[m], they got a root shell on a security camera. That's it. We don't grant our security cameras access to prod.

04:21 <kentonv> (but obviously I do agree that cameras probably shouldn't be IoT...)

04:24 <kentonv> also the facial recognition thing was apparently just false. We do not use facial recognition. I was actually kind of disappointed by that. I think private office security cameras are a great use case for facial recognition -- to identify people who shouldn't be there and flag them to security. People walk right in to tech company offices all the time, "tailgate" someone with a badge, and then swipe a laptop.

04:25 <JacobWeisz[m]> I figured only internal IT folks would know how much risk that poses in a given environment. I would hope/assume Cloudflare segments its network reasonably.

04:26 <JacobWeisz[m]> And yeah, I don't think entry/exit to secure buildings is a place where you scream privacy violation. Everyone knows they're being logged when they swipe a badge in.

04:27 <kentonv> Well, I think these cameras are not just at the entry/exit. I mean, I don't personally know details of the system but I've seen cameras in all the work areas.

04:28 <JacobWeisz[m]> I think people can imagine horror stories about micromanagers and clocking bathroom visits, but I can't imagine Cloudflare being that sort of work environment.

04:28 <kentonv> but the whole point is definitely to track intruders, not employees

04:28 <kentonv> heh, yeah, certainly not

04:32 <JacobWeisz[m]> This is a good advertisement for your capability security model stuff nonetheless. :D

04:33 <kentonv> it's also a good advertisement for..... Cloudflare's Zero Trust security products. :)

04:34 <kentonv> ("Zero Trust" is some sort of marketing term that apparently means "you don't get anything just by being on the corp network, you have to authenticate to services")

04:34 <JacobWeisz[m]> True. Anything adequately assuming your internal network is untrustworthy should handle a stray camera being accessible relatively handily.

04:36 <JacobWeisz[m]> The potential scary condition would be if the camera platform had any credentials stored for any sort of integrations. Since we can assume the attacker could probably access any data stored with that platform via the admin account.

04:37 <JacobWeisz[m]> At least in the Windows world, most things which integrate with AD have at least a user account with minimal credentials, occasionally you find some that needs much higher permissions. Sometimes it's Microsoft Exchange. :o

04:39 <JacobWeisz[m]> (My on-prem is always better narrative might've taken a small beating this past week...)