Sign in / up

back to article IoT camera crew Titathink tells Reg it'll patch GET bug in a week

Titathink has become the second vendor to respond to the modified firmware that exposed a variety of surveillance cameras to a malicious URL attack. As we wrote last week, a security pro called Slipstream looked long and hard at the cameras' firmware, and found a URL that carried a parameter called “basic” would be copied to a …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Anonymous Coward
    Anonymous Coward

    The email you received

    The email you received: was it in reasonably clear unambiguous English?

    Or was it more like titathink's current two comments on recent cam-related articles?

    1 0 Reply
  2. Anonymous Coward
    Anonymous Coward

    And I believed you made up the Titathink name...

    .... but you didn't. Did they believe their firmware was unsinkable, err, unhackerable?

    2 0 Reply
  3. PassiveSmoking

    Titathink?

    I thought that was one of El Reg's joke names. Who would unironically name their company that?

    0 0 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: Titathink?

      I thought that was one of El Reg's joke names. Who would unironically name their company that?

      It's IMHO still beaten (sorry) by what happened to Powergen in Italy :). That said, the name is not of English origin so it may contain traces of culture, foreign language - or nuts.

      0 0 Reply
  4. Anonymous Coward
    Anonymous Coward

    Oh, wonderful.

    Just out of interest, how will they get the firmware to the cameras already affected? There will be a lot of those already bolted in place by Joe End User, never to be touched again unless they fail to work.

    0 0 Reply
  5. Colin Millar

    Grumpy old men 1 - Web experience managers 0

    In the last couple of weeks we have had directory traversal, open management ports without defined address ranges and multiple credential guessing attacks. What's next - a resurgence of SQL injection? Come on people - this is basic stuff.

    Dear web experience manager - Next time that employee with a liking for doughnuts and coffee, no fashion sense and a claim to 10 languages none of which he can use to communicate with human beings says "are you sure? Can you just confirm that in en email" remember - that glint in his eye is his anticipation of watching you wet your pants in panic as your latest bit of shiny web experience crashes and burns due to the sheer weight of uninformed decision making.

    2 0 Reply
    1. PassiveSmoking
      Reply Icon

      Re: Grumpy old men 1 - Web experience managers 0

      What do you mean a resurgence? SQL injection never went away. Just look at questions people on Stack Overflow are asking related to database querying from an external program/script. At least 90% of the people asking on that topic are building their queries by concatenating user input into query strings. It's like prepared statements don't even exist for most developers.

      2 0 Reply
      1. Gene Cash Silver badge
        Reply Icon

        Re: Grumpy old men 1 - Web experience managers 0

        What's even more fun was when I was researching non-web TLS/SSL to secure my garage door app.

        There were tons of the usual SSL questions on Stack Overflow, but most of them were answered with "here's how to make your SSL code accept ANY certificate" which pretty much turns SSL into an exercise in burning CPU cycles.

        And the response was "thanks mate!" and NO ONE ever said it was for testing, nor were there any warnings to not use that in production, and the security implications were never discussed.

        0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like