Four short links: 15 December 2015

Barbie Broken, JSON Database, Lightbulb DRM, and Graph Database

  1. Crypto is Hard says Hello BarbieWe discovered several issues with the Hello Barbie app including: it utilizes an authentication credential that can be re-used by attackers; it connects a mobile device to any unsecured Wi-Fi network if it has “Barbie” in the name; it shipped with unused code that serves no function but increases the overall attack surface. On the server side, we also discovered: client certificate authentication credentials can be used outside of the app by attackers to probe any of the Hello Barbie cloud servers; the ToyTalk server domain was on a cloud infrastructure susceptible to the POODLE attack. (via Ars Technica)
  2. Kinto — Mozilla’s open source lightweight JSON storage service with synchronisation and sharing abilities. It is meant to be easy to use and easy to self-host.
  3. Philips Blocks 3rd Party Lightbulbs — DRM for light fixtures. cf @internetofsh*t
  4. gaffer — GCHQ-released open source graph database. …a framework that makes it easy to store large-scale graphs in which the nodes and edges have statistics such as counts, histograms, and sketches. These statistics summarise the properties of the nodes and edges over time windows, and they can be dynamically updated over time. Gaffer is a graph database, rather than a graph processing system. It is optimised for retrieving data on nodes of interest. IHNJH,IJLTS “nodes of interest.”
See more editions of Four Short Links...
tags: , , , , , ,