fail – Page 3 – WindowsTechs.com

Half Baked IoT Stove Could Be Used As A Remote Controlled Arson Device

Posted on April 20, 2017 by Jack Laidlaw

[Pen Test Partners] have found some really scary vulnerabilities in AGA range cookers. They are connected by SMS by which a mobile app sends an unauthenticated SMS to the AGA to give it commands for instance preheat the oven, You can also just tell your AGA to turn everything on at once.

The problem is with the web interface; it allows an attacker to check if a user’s cell phone is already registered, allowing for a slow but effective enumeration attack. Once the attacker finds a registered device, all they need to do is send an SMS, as messages are …read more

Continue reading Half Baked IoT Stove Could Be Used As A Remote Controlled Arson Device→

IOT Startup Bricks Customers Garage Door Intentionally

Posted on April 5, 2017 by Jack Laidlaw

Internet of Things startup Garadget remotely bricked an unhappy customer’s WiFi garage door for giving a bad Amazon review and being rude to company reps. Garadget device owner [Robert Martin] found out the hard way how quickly the device can turn a door into a wall. After leaving a negative Amazon review, and starting a thread on Garadget’s support forum complaining the device didn’t work with his iPhone, Martin was banned from the forum until December 27, 2019 for his choice of words and was told his comments and bad Amazon review had convinced Garadget staff to ban his device …read more

Continue reading IOT Startup Bricks Customers Garage Door Intentionally→

Gigabytes the Dust with UEFI Vulnerabilities

Posted on April 4, 2017 by Jack Laidlaw

At this year’s BlackHat Asia security conference, researchers from Cylance disclosed two potentially fatal flaws in the UEFI firmware of Gigabyte BRIX small computers which allow a would-be attacker unfettered low-level access to the computer.

Gigabyte has been working on a fix since the start of 2017. Gigabyte are preparing to release firmware updates as a matter of urgency to only one of the affected models — GB-BSi7H-6500 (firmware vF6), while leaving the — GB-BXi7-5775 (firmware vF2) unpatched as it has reached it’s end of life. We understand that support can’t last forever, but if you sell products with such …read more

Continue reading Gigabytes the Dust with UEFI Vulnerabilities→

Fail of the Week: NASA Edition

Posted on January 11, 2017 by Anool Mahidharia

There’s a reason we often use the phrase “It ain’t Rocket Science”. Because real rocket science IS difficult. It is dangerous and complicated, and a lot of things can and do go wrong, often with disastrous consequences. It is imperative that the lessons learned from past failures must be documented and disseminated to prevent future mishaps. This is much easier said than done. There’s a large number of agencies and laboratories working on multiple projects over long periods of time. Which is why NASA has set up NASA Lessons Learned — a central, online database of issues documented by contributors …read more

Continue reading Fail of the Week: NASA Edition→

OWL Insecure Internet of Energy Monitors

Posted on January 2, 2017 by Elliot Williams

[Chet] bought an electricity monitor from OWL, specifically because it was open and easy to hack on at him within the confines of his home network. Yay! Unfortunately, it also appears to be easy to hack outside of his home network, due to what appears to be extraordinarily sloppy security practices.

The short version of the security vulnerability is that the OWL energy monitors seem to be sending out their data to servers at OWL, and this data is then accessible over plain HTTP (not HTTPS) and with the following API: http://beta.owlintuition.com/api/electricity/history_overview.php?user=&nowl=&clientdate=. Not so bad, right? They are requiring …read more

Continue reading OWL Insecure Internet of Energy Monitors→

Fail Of The Week: How I Killed The HiPot Tester

Posted on December 29, 2016 by Jenny List

Have you ever wired up a piece of test equipment to a circuit or piece of equipment on your bench, only to have the dreaded magic smoke emerge when you apply power? [Steaky] did, and unfortunately for him the smoke was coming not from his circuit being tested but from a £2300 Clare H101 HiPot tester. His write-up details his search for the culprit, then looks at how the manufacturer might have protected the instrument.

[Steaky]’s employer uses the HiPot tester to check that adjacent circuits are adequately isolated from each other. A high voltage is put between the two …read more

Continue reading Fail Of The Week: How I Killed The HiPot Tester→

I Think I Failed. Yes, I Failed.

Posted on December 21, 2016 by Charles Alexanian

Down the rabbit hole you go.

In my particular case I am testing a new output matching transformer design for an audio preamplifier and using one of my go to driver circuit designs. Very stable, and very reliable. Wack it together and off you go to test and measurement land without a care in the world. This particular transformer is designed to be driven with a class A amplifier operating at 48 volts in a pro audio setting where you turn the knobs with your pinky in the air sort of thing. Extra points if you can find some sort …read more

Continue reading I Think I Failed. Yes, I Failed.→

Life on Contract: How to Fail at Contracting Regardless of Skill

Posted on November 29, 2016 by Donald Papp

I believe higher quality learning happens from sharing failure than from sharing stories of success. If you have set your mind to living on contract, I present this cheat sheet of some of the most simple and effective ways to muck it all up that have surprisingly little or nothing to do with your technical skill, knowledge, or even deliverables.

The previous installment of Life on Contract discussed how one might find clients as an engineering contractor or consultant while also taking a bit of time to pull apart the idea of whether life on contract is appropriate as opposed …read more

Continue reading Life on Contract: How to Fail at Contracting Regardless of Skill→

UK IT Specialist Unable to Boil Water, Make Tea

Posted on October 20, 2016 by Elliot Williams

In our latest episode of “IoT-Schadenfreude Theater” we bring you the story of [Mark], a British man who can’t boil water. Or more specifically, a man who can’t integrate MQTT with Amazon Echo, or IFTTT with HomeKit.

Yes, yes. We all love to laugh at a technology in its infancy. It’s like when robots fall down: it’s a cheap shot and things will surely get better, right? Indeed, the Guardian has had its fun with this particular WiFi kettle before — they’re British and nothing is more important than a remote-controlled cuppa.

Every time we hear about one walled-garden protocol …read more

Continue reading UK IT Specialist Unable to Boil Water, Make Tea→

Simple mistake exposes businessman’s secret Dark Web drug store

Posted on October 18, 2016 by Mark Stockley

It doesn’t matter how sophisticated your software is, users will always find a way to fail you. Continue reading Simple mistake exposes businessman’s secret Dark Web drug store→