[paulddraper]

> Admittedly, it did have some authentication for accessing the video streams, but I didn't trust that thing as far as I could throw it

So...you wanted to have authentication and it has authentication...I must be missing something.

[stephen_g]

It may not have been over HTTP, so possible to be sniffed. Or, even if it did have HTTPS, it might not generate keys in a secure way (or might use the same certificate as other devices). And you don't know if there are hidden backdoor accounts that might be found eventually...

So, yeah, it makes sense to block it - personally I block IOT devices from the Internet entirely (and don't let them initiate requests to my local network even) and use a VPN (IPSEC/IKEv2). That wouldn't work for devices that connect to cloud services, so I'd have to set up new firewall rules if I got one of them.

[eric_h]

Late response, but yes - there was no https support whatsoever on this thing. Authentication was some custom shit and intended to be passed over the internet in clear text.

[gaius]

So...you wanted to have authentication and it has authentication...I must be missing something

You missed that you could SSH into it with a default password that is easy to find on a web search.

[paulddraper]

So... don't use that default password?