Sie befinden sich aktuell in den Archiven des Blogs Sleeping Sheep Hackers… für Januar, 2010.
5.1.2010 von tugrik.
Just in case you don’t read slashdot… as revealed on http://seattlewireless.net/~casey/?p=13 , the Kodak EasyShare Wireless Digital Picture Frames contain a lovely security issue.
As well as displaying pictures from an SD card, you can point the device at any RSS feed and have it display the contents. You just set up a FrameChannel account using the secret code that comes with the frame, and configure the feeds accordingly. However in the Advanced Settings of this interface there’s a URL that shows a feed of everything being displayed on your frame. This is a very predictable URL, based on the device’s MAC address, So you can see what other Frame owners are downloading to their device…
…and if you look through the comments at that URL, you’ll see that a lot of “informal assessment” of the service has taken place; it’s possible to reset to activation code for frames, determine the RSS feeds used by devices that have yet to be sold… and there’s some code in the comments to do that for you too.
As “Mike” aptly put it: “So Kodak has essentially built a system for letting complete strangers (a) browse your family photos, and (b) beam shock porn directly into your living-room?”
See also http://yro.slashdot.org/story/10/01/05/0413228/Kodak-Wireless-Picture-Frames-Open-To-Public
( on a side-note I was considering another posting, refuting the comments on http://www.altaware.com/articles/pentest.html, which I stumbled across recently. In the end I decided that was best left as an exercise for the reader, as the only retort I have that won’t take me an evening to write is “you’re not very familiar with pentesting are you?” )
Geschrieben in hacking, general | Drucken | 1 Kommentar »