Popular:
Virtualization DNS security formal verification reachability analysis compiler errors macro conflict web extension development framework Bitmap Graphics API inconsistencies All Tags

Eight Sleep's Security Nightmare: Backdoors and Exposed AWS Keys

2025-02-21
Eight Sleep's Security Nightmare: Backdoors and Exposed AWS Keys

The author discovered critical security flaws in their Eight Sleep smart bed: exposed AWS keys and a backdoor allowing Eight Sleep engineers remote SSH access. This means engineers can access the bed's Linux system, obtain sleep data, and potentially control other devices on the home network. The author switched to a cheap aquarium chiller, achieving similar temperature control without the security risks. This raises concerns about IoT device security and the ethical implications of companies collecting user data.

Read more
(trufflesecurity.com)
Tech

Millions of Accounts Vulnerable Due to Google OAuth Flaw

2025-01-14
Millions of Accounts Vulnerable Due to Google OAuth Flaw

A new study reveals a critical vulnerability in Google's "Sign in with Google" authentication flow, potentially exposing millions of Americans' data. Attackers can purchase domains from defunct startups, recreate former employees' email accounts, and gain access to various SaaS services linked to those accounts, including HR systems and chat platforms containing sensitive information. The researcher reported the issue to Google, which initially marked it as "won't fix." Only after the researcher's Shmoocon talk was accepted did Google reopen the issue and pay a bounty. While Google is working on a fix, millions of accounts remain vulnerable.

Read more
(trufflesecurity.com)
Tech