back to article Disney-branded internet filter had Mickey Mouse security

A Disney-branded home internet filtering device might keep bad content out, but it was an open door to bad actors until earlier this month. That's what Cisco Talos's William Largent found when he took a look at "Circle with Disney", a Circle Media parental control device on which the entertainment giant slapped its brand. …

  1. Long John Brass Silver badge
    Pirate

    stainless steel rat

    Now that society is all ferrocrete and stainless steel there are fewer gaps in the joints. It takes a very smart rat indeed to find these openings. Only a stainless steel rat can be at home in this environment...

    1. Anonymous Coward
      Anonymous Coward

      Re: stainless steel rat

      Upvote for the obscure SF reference.

    2. Oengus Silver badge

      Re: stainless steel rat

      Great series. I remember reading them many years ago and enjoying them. Harry Harrison had a lot of fun with that character. I even used a number of characters as pseudonyms on different websites..

  2. frank ly Silver badge

    Mickey Mouse security

    Don't you get a lawyer's letter for that, because they don't want 'Mickey Mouse' to become a generic term? (Oops, too late.)

    1. katrinab Silver badge

      Re: Mickey Mouse security

      They are describing a product licensed by the trademark owner, which is a permitted use of the trademark.

  3. Anonymous Coward
    Anonymous Coward

    Maybe I'm getting cynical but that's a lot of vulns, perhaps too many and all fixed without complaint.

    Surely you would at least do some basic testing on such a device before going to market?

    1. Anonymous Coward
      Anonymous Coward

      Take a look at Linux / MS / Oracle / Apple.

      See how many they have.

    2. Richard Jones 1
      WTF?

      Testing Is Too Expensive @AC

      I was (probably) reliably informed yesterday that such things as research, i.e reading a suitable book on the subject and the likes of testing are 'rather too expensive'. The widespread view is that is better to get the device built and out there. Then let someone else do the research and testing then tell you what you should do to correct the weak device you produced. After that you can then correct the errors you made, but only if you feel like being so 'kind'.

      At least in this case the maker/sponsor did most of the right thing.

      1. John Smith 19 Gold badge
        Unhappy

        "is that is better to get the device built and out there. "

        Ah, "The Microsoft Way" has indeed changed the world (of software testing).

        We all owe such a debt to them.

    3. 0laf Silver badge
      Angel

      Most of those vulns were relatively recent probably well after the device design project was finished and closed down.

      On going testing was probably never considered or rejected as an unnecessary expense. Ususal device MO, build release to the wild and then do your best to forget.

      The company involved has actually acted better than 90% of other by talking to the discoverer and fixing the vulns before a controlled disclosure. TBH they should get some praise for being responsible and dealing with their initial failings not just going into full denial.

    4. Cuddles Silver badge

      "Surely you would at least do some basic testing on such a device before going to market?"

      Given that one of the problems was a deliberately implemented back door, testing might not help all that much. Testing is to find problems you don't know about, not things you've done on purpose.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019