Archive for March 1, 2017

Mayer Gives Up Bonus Due To Hacks

Posted in Commentary with tags on March 1, 2017 by itnerd


You might recall Yahoo revealed that they were hacked in December which was the latest in a string of attacks. That has a cost and today it was revealed that Yahoo CEO Marissa Mayer is giving yahoo employees her annual bonus to make up for the massive hacks:

As those who follow Yahoo know, in late 2014, we were the victim of a state-sponsored attack and reported it to law enforcement as well as to the 26 users that we understood were impacted. When I learned in September 2016 that a large number of our user database files had been stolen, I worked with the team to disclose the incident to users, regulators, and government agencies. However, I am the CEO of the company and since this incident happened during my tenure, I have agreed to forgo my annual bonus and my annual equity grant this year and have expressed my desire that my bonus be redistributed to our company’s hardworking employees, who contributed so much to Yahoo’s success in 2016.

Great optics. But it’s really meaningless as she’s failed so spectacularly in her role as CEO. I seriously doubt that this was her idea. Hopefully whomever is going to be responsible for this mess at Verizon does a better job than her.


CloudPets Woes Worsen With News Of A Bluetooth Exploit

Posted in Commentary with tags on March 1, 2017 by itnerd


If having their database leaked and ransomed isn’t enough, CloudPets has a new problem to worry about. Their toys can be pwned remotely from a webpage via the Bluetooth Web API which is not exactly secure says Context Information Security who put out a report on the matter.

Here’s how the exploit works. Create a webpage to connect to CloudPets toy via Bluetooth. The browser opening the page has to be within Bluetooth range of the CloudPets toy for it to work. You must also allow the browser to pair with the toy. Then start recording from the toys built-in microphone. You can also play sounds through it. A proof of concept webpage is online, and code is on GitHub which means evil doers will have real exploit pages online shortly.

Here’s a video of the pwnage in action:

Clearly CloudPets doesn’t care about the security of their users. If you have one of these toys, put it in the rubbish bin right now. It’s clearly insecure and you should not have it anywhere near your kids.