Self-Hosted

37: Security Growing Pains

Listen Later

We discuss recent Home Assistant security news, and how we think the project could improve.

Plus a bunch of follow up, emails, and more!

Note: This episode was recorded before the recent second Home Assistant vulnerability

Sponsored By:

  • A Cloud Guru: Looking to make a high-paying career move into the cloud? Get going: acloudguru.com
  • CloudFree.shop: CloudFree Smart Plug – Runs Tasmota for $9. Use code SELFHOSTED and support the show. Promo Code: SELFHOSTED
  • Linode: Receive a $100 60-day credit towards your new account. Promo Code: linode.com/ssh

Support Self-Hosted

Links:

  • Security Bulletin 1- Home Assistant — It has come to our attention that certain custom integrations have security issues and could potentially leak sensitive information.
  • Security Disclosure 2: vulnerabilities in custom integrations HACS, Font Awesome and others - Home Assistant — . The conclusion is that some custom integrations are still vulnerable to a directory traversal attack while not being authenticated with Home Assistant. It allows an attacker to access any file without having to log in. This access includes any credentials that you might have stored to allow Home Assistant to access other services.
  • Generic Thermostat - Home Assistant — The generic_thermostat climate platform is a thermostat implemented in Home Assistant. It uses a sensor and a switch connected to a heater or air conditioning under the hood.
  • ATC_MiThermometer — Custom firmware for the Xiaomi Thermometer LYWSD03MMC and Telink Flasher via USB to Serial converter.
  • ESPHome — ESPHome is a system to control your ESP8266/ESP32 by simple yet powerful configuration files and control them remotely through Home Automation systems.
  • Xiaomi Mijia BLE Temperature and Humidity Sensor - Home Assistant — The mitemp_bt sensor platform allows one to monitor room temperature and humidity. The Xiaomi Mijia BLE Temperature and Humidity sensor with LCD is a small Bluetooth Low Energy device that monitors the room temperature and humidity.
  • Xiaomi Mijia Bluetooth Thermometer — New Xiaomi Mijia Bluetooth Thermometer 2 Wireless Smart Electric Digital Hygrometer Thermometer
  • Google-drive-backup: Automatically create and sync Hass.io snapshots into Google Drive — A complete and easy way to back up your Home Assistant snapshots to Google Drive.
  • Troubleshooting your configuration - Home Assistant
    • ...more
    View all episodesView all episodes
    Download on the App Store
    Self-HostedBy Jupiter Broadcasting
    • 4.8
    • 4.8
    • 4.8
    • 4.8
    • 4.8

    4.8

    142 ratings

    More shows like Self-Hosted

    View all
    Security Now (Audio) by TWiT

    Security Now (Audio)

    1,998 Listeners

    The Changelog: Software Development, Open Source by Changelog Media

    The Changelog: Software Development, Open Source

    288 Listeners

    Mac Power Users by Relay

    Mac Power Users

    1,286 Listeners

    Coder Radio by The Mad Botter

    Coder Radio

    152 Listeners

    LINUX Unplugged by Jupiter Broadcasting

    LINUX Unplugged

    267 Listeners

    Hacked by Hacked

    Hacked

    183 Listeners

    Late Night Linux by The Late Night Linux Family

    Late Night Linux

    164 Listeners

    Home Assistant Podcast by HK Media

    Home Assistant Podcast

    71 Listeners

    Darknet Diaries by Jack Rhysider

    Darknet Diaries

    7,961 Listeners

    Linux Dev Time by The Late Night Linux Family

    Linux Dev Time

    22 Listeners

    The Real Python Podcast by Real Python

    The Real Python Podcast

    140 Listeners

    2.5 Admins by The Late Night Linux Family

    2.5 Admins

    98 Listeners

    The Homelab Show by The Homelab Show

    The Homelab Show

    39 Listeners

    Linux After Dark by The Late Night Linux Family

    Linux After Dark

    29 Listeners

    Linux Matters by Linux Matters

    Linux Matters

    21 Listeners