da_667 on Nostr: If I had a nickel for every time an IoT device just said "fuck it, we'll use some ...
Published at
2024-03-26 03:02:29Event JSON
{
"id": "78c02d475286f25911e9ef44341897ded546e9620c49f084562501f7ed796a37",
"pubkey": "663bad2dad8d2d1de0c04748de4813f82064ce0c07f6384d210fa0f0967d3d11",
"created_at": 1711418549,
"kind": 1,
"tags": [
[
"proxy",
"https://infosec.exchange/users/da_667/statuses/112159526027658695",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://infosec.exchange/users/da_667/statuses/112159526027658695",
"pink.momostr"
]
],
"content": "If I had a nickel for every time an IoT device just said \"fuck it, we'll use some weird javascript method to handle device auth on the client side\" and that immediately bit them in the ass...\n\nI'd have two nickels, which isn't a lot, but weird that I've seen it twice in as many years.\n\nhttps://ssd-disclosure.com/ssd-advisory-uniview-ipc2322lb-auth-bypass-and-cli-escape/",
"sig": "53c2867cfdd8b4550da865b456b903b99a6ef4a64e819d13326274c95b8dd5fd5d9775526dedfe2d84e688f3b3b900d3ccb9499ac0a935220a4d0c358124dbfa"
}