Thumbs up for Paresh Morjaria
I wonder why the others didn't answer.
IoT security camera vendor UCam247 has contacted The Register to say most devices in the wild aren't vulnerable to the “single URL pwnage” vulnerability. Yesterday, we reported that more than 30 cameras from seven vendors had shipped with a modified GoAhead Web server. Among other things, the modification introduced a simple- …
Paresh Morjaria? I know that name (and it turns out it's the same chap):
https://uk.linkedin.com/in/paresh-morjaria-a17b5710
Set up small but innovative AND technically competent AND customer focused UK ISP, Metronet. Hi Alex, Hi James, hi the rest of you, and thank you all. You are missed.
Metronet was subsequently borged into Plusnet and Paresh went on to set up a pioneering cloud storage and cloud desktop company (DesktopOnDemand) before the cloud was even a thing. You won't have heard of them though, because the cloud wasn't a thing at the time.
Lost track after that, but good to hear he's still around, and, importantly, still apparently doing quality stuff, and doing it properly.
[From a long-time Metronet customer, in case it's not obvious]
This is Kevin from Titathink. Sorry for the reponse delays and any inconvenience. After the author published the post, we've been keeping this case in a supreme level, our programmers was beginning to troubleshoot this issue on entire codes. In order to solve the issue and upgrade addtional function carefully and provide an accurate repair time, we need an evaluation of time to test the bug to cause the response delay. We'll release a new version of firmware soon and inform Titathink users to upgrade their cameras as far as possible.
Thanks Richard Chirgwin to point out our mistakes and inform us!
Kevin, Titathink.
With that letter he has gained lots more respect and confidence from the public than those companies whose strategy in similar cases consists in:
a) Deny everything.
b) Sue whoever found the bug.
c) If that fails, blame the user.
d) Grumpily recognize the issue.
e) Take a year to fix the bug.
f) State that "Lessons have been learned".
g) Wash, rinse, repeat.
This is a great response. I'd be happier with their products after seeing a response like that.
I hope it's easy to track down the firmware though. I know for some camera models it's a nightmare of broken links, poor documentation, confusion over whether you can go straight to the latest release or have to apply each iteration in sequence and the risk of bricking your device.
If UCam247 do a better job than the others in that respect as well, I'll be even more impressed.