Hackin9

Connected Smart Cars Are Easily Trackable, Warns Infosec Bod
glassBYTEs
Articles featuring a "glassBYTEs Original Story" logo have been written by glassBYTEs.com staff and gone through our normal procedures. In addition, glassBYTEs.com links to newspapers featuring articles about glass and publishes press releases as a ...

 

The dreaded Hello Barbie. (credit: Mattel)

A recent review of the Internet-connected Hello Barbie doll from toymaker Mattel uncovered several red flags. Not only did the toy use a weak authentication mechanism that made it possible for attackers to monitor communications the doll sent to servers, but those servers were also vulnerable to POODLE, an attack disclosed 14 months ago that breaks HTTPS encryption.

The vulnerabilities, laid out in a report published Friday by security firm Bluebox Labs, are the latest black eye for so-called "Internet of Things" devices. The term is applied to appliances and other everyday devices that are connected to the Internet, supposedly to give them a wider range of capabilities. The Hello Barbie doll is able to hold real-time conversations by uploading the words a child says to a server. Instant processing on the server then allows the doll to provide an appropriate response.

Bluebox researchers uncovered a variety of weaknesses in the iOS and Android app developed by Mattel partner ToyTalk. The apps are used to connect the doll to a nearby Wi-Fi networks. The researchers also reported vulnerabilities in the remote server used to communicate with the doll.

Read 3 remaining paragraphs | Comments

 
[SECURITY] [DSA 3413-1] openssl security update
 

The Register

Infosec bods rate app languages; find Java 'king', put PHP in bin
The Register
Java applications have been found to have many fewer common vulnerabilities than those coded using web scripting language. Less than a quarter of Java apps sport sporting SQL injection vulnerabilities, compared to more than three quarters of those ...

and more »
 
[SECURITY] [DSA 3412-1] redis security update
 
[security bulletin] HPSBGN03525 rev.1: HP Performance Center Virtual Table Server, Remote Code Execution
 
Internet Storm Center Infocon Status