back to article Samsung on fridge cert error: Someone tried to view 'unsavoury content' in middle of John Lewis

Readers anxious for an update on the health of the wobbly Samsung smart fridge currently squatting in UK retailer John Lewis's Oxford Street store will be interested to learn that a culprit has been fingered. Samsung told us on Friday that the alarming security message on the screen was actually down to "the activation of …

  1. Anonymous Coward
    Anonymous Coward

    Amateur "hacker" ?

    Things have moved on from the days of

    10 PRINT "BOLLOCKS"

    20 GOTO 10

    or the more sophisticated:

    ON ERROR GOTO 10

    10 PRINT "BOLLOCKS"

    20 GOTO 10

    but these days, if I were so minded to have some instore fun, I'd first hit a VPN over HTTP server that I run from a cloudy box, and *then* point it at the amusing content.

    1. Anonymous Coward
      Anonymous Coward

      10 PRINT "BOLLOCKS" 20 GOTO 10

      Numerous Saturday afternoons were spent writing this and similar antics into autoexec.bat files on the rows of Win95 machines on display in my local store, ah to be young and carefree...

      1. Anonymous Coward
        Anonymous Coward

        Re: 10 PRINT "BOLLOCKS" 20 GOTO 10

        Ah, autoexec.bat. Those were my school days. My school IT department was staffed by an "IT Technician" of the type with questionable personal hygiene, communicated in grunts, typed on the keyboard (slowly) using two fingers whilst intently staring at the keys, and knew little more than how to turn the thing on. How he got the job, I don't know as, the IT department was basically kept running by a few of the students. He was not well liked.

        One day he left his computer logged in, so I swiftly edited his autoexec.bat to add in some ASCII escape sequences to remap keys on the keyboard randomly so that pressing "a" might input "Q" or "I" (aye) might become "l" (elle) before returning to my seat to watch him try figure out how to type simple commands.

        -Anon (obvs).

        1. OssianScotland Silver badge
          Headmaster

          How he got the job, I don't know

          Normally an ex AV technician who was shuffled sideways into IT (obviously - in a local authority at least - they could not employ someone competent when there was someone in another post who needed gainful work)

          How do I know? - see icon

        2. llaryllama

          Re: 10 PRINT "BOLLOCKS" 20 GOTO 10

          I surely can't be the only touch typist who "reconfigured" many a school keyboard by swapping all the key tops??

      2. Anonymous Coward
        Anonymous Coward

        Re: 10 PRINT "BOLLOCKS" 20 GOTO 10

        Same here, but in MS DOS 5.something or so. A while a go. Or setting up screensaver passwords for the Win 3.11 machines. They caught on, and at some point they started using screensaver passwords themselves, and deactivating these only on request. A shame really ;-)

        We usually wrote some simple BASIC programs that would display geometric figures (ok, mostly cirlces), and play with colours (I think, maybe... DOS 6 onwards?).

        1. Luiz Abdala Bronze badge
          Trollface

          Re: 10 PRINT "BOLLOCKS" 20 GOTO 10

          Passworded screensavers...

          Some real punters figured out how to change the timeout of those to 1 single second.

          Evil trolling (don't do it to people to people you respect, such as your SO or at a job you like), but still hilarious.

      3. fidodogbreath Silver badge

        Re: 10 PRINT "BOLLOCKS" 20 GOTO 10

        Back when DOS boxes were on display, mine was copy con nul.

        (I don't think of myself as "old," but the previous sentence indicates that perhaps I should.)

    2. Anonymous Coward
      Anonymous Coward

      Re: Amateur "hacker" ?

      We used things such as poke to make it lots more fun. The ensuing panic was more than worth it.

    3. BebopWeBop Silver badge
      Joke

      Re: Amateur "hacker" ?

      Plenty of BOLLOCKS in grumbleflicks I suspect.....

    4. Anonymous Coward Silver badge
      Flame

      Re: Amateur "hacker" ?

      I had great joy simulating the fire alarm sound in BASIC.

      Loads of other students obediently left the room when it played... some of them even wondered why the alarm was only going off in the computer room.

      1. Simon Harris Silver badge

        Re: Amateur "hacker" ?

        On one occasion my computer did catch fire (actually it was only smoke coming out of the back of the tower unit rather than flames).

        However, it only made a 50Hz buzzing noise for the few seconds before I managed to pull the mains cable rather than accurately emulating the fire alarm.

        That was some years before the emergency services number changed to 0118 999 881 999 119 725 3.

    5. JulieM Silver badge

      Re: Amateur "hacker" ?

      Pah. Amateurs!

      Back when 8-bit computers were on the shelves of Boots, W.H.Smith, John Menzies, Dixons and others and the BBC Micro was the boss of them all, I had a friend who would arm himself with a pack of ten 5.25 floppy disks; all neatly labelled "WATFORD ELECTRONICS COMPATIBILITY CHECKER" (Watford Electronics being the supplier of an alternative disk system not requiring one of the last few 8271 ICs left in existence, thus not 100% compatible with software that bypassed the operating system to save a few cycles), but actually bearing a short program which simply did a disk-to-disk copy, displaying progress and prompting for disk swaps (you could fit 100k on a disk, and had about 24kb of usable RAM to play with .....) as though it was doing multiple rounds of testing. He would then ask to "borrow a game and check it for compatibility with his Watford Electronics disk system". At the end of the process, once the "checker" disk had thoroughly obliterated itself with a copy of whatever game or utility he wanted to "check", it would announce a failure; and the shop assistants never seemed to notice that he returned the checker disk to the back of the box, then removed it from the front of the box to check another disk.

      1. The Oncoming Scorn Silver badge
        Pint

        Re: Amateur "hacker" ?

        Time to re-air this story from my past....

        The launch of the Amstrad 1512 at a trade show, chap* I knew waltzed up to the sales droid, asked if it was IBM Compatible & was verbally told that anything a IBM PC would run, it would do so on the Amstrad 1512.

        Sales droid gets bored in search of fresh meat to bother, matey slips a disc in & runs it.....Machine crashes horribly, in fact fatally & quickly removed from the display.

        Sales droids return in a panic....."What did you do?"

        Matey: "Hmmm you're IBM compatible isn't compatible with a IBM Diagnostic disc"

        *Part of my recall was that it might have been a certain "Steve shiny_yellow_coloured_metal", who did occasionally frequent our stand(s) as he had written some terminal emulation software bundled with our modems for one or two different 8 bit Micros'.

        1. Simon Harris Silver badge
          Flame

          Re: Amateur "hacker" ?

          "in fact fatally"

          The 'diagnostics' didn't hit the CRT line-scan frequency registers did they?

          I remember you could kill an IBM monochrome monitor if you did that (admission... I accidentally did it once writing some graphics software!). Apparently you could do the same thing with Commodore PETs.

      2. irrelevant

        Re: Amateur "hacker" ?

        Ah, BBC Micros..

        I forget the exact details, and can't check right now, but something like

        !&900=0

        $&902="Rude message here."+CHR$0

        !&288=&900

        Would save a nice message for the next time Break was pressed, and the only way out was to power cycle the thing.

        1. Anonymous Coward
          Anonymous Coward

          Re: Amateur "hacker" ?

          When I built my Motorola 6800 Evaluation Board in 1976 it had a whole 1KB of SRAM - and needed a Teletype as a console. At that point microprocessors were not commonly seen even in UK IT circles.

          One of my colleagues was keen to test the programming of this novelty in assembler. It was then taken to the mainframe terminal room and connected to one of the user terminals. Much amusement as other colleagues tried to login to the mainframe on that terminal. It produced all the correct responses - then said their login had failed.

  2. katrinab Silver badge
    Flame

    I wonder what sort of "content" that would be?

    Edinburgh Rape Crisis Centre perhaps?

    Adult-only content apparently.

    What word would you use to describe people who think that child rape victims should not be allowed to seek help. Would the word be blocked by one of these filters?

    This filter was, as you might expect, approved by Mumsnet. Though why you would have a far-right hate site approving your web filters, I've no idea.

    1. Wellyboot Silver badge

      Re: I wonder what sort of "content" that would be?

      Maybe price comparison sites?

      1. Venerable and Fragrant Wind of Change
        Coat

        Re: I wonder what sort of "content" that would be?

        Never knowingly undisplayed?

    2. Anonymous Coward
      Anonymous Coward

      Re: I wonder what sort of "content" that would be?

      You also cannot use the display phones to phone the samaritans... because they are display phones.

      I think you are reaching rather far with your accusations. Do you have some sort of bias? Or any facts at all?

      1. katrinab Silver badge
        Flame

        Re: I wonder what sort of "content" that would be?

        I am biased against paedophiles, mumsnet subscribers, nazis and other similar undesirables, yes.

        1. Anonymous Coward
          Anonymous Coward

          Re: I wonder what sort of "content" that would be?

          Hey! As a representative of the firm of Panzer, Blitzen, Donner, und Blut, representing the Ernst Rohm Association of Gay Nazi Pedophiles, we really must protest about our clients being mentioned in the same sentence as that thing of complete evil, Mumsnet. Pray cease and desist doing that, with immediate effect, on pain of a lawsuit.

          Thank you.

          Has Gruber, for Frau Blut, Senior Partner

          1. katrinab Silver badge
            Megaphone

            Re: I wonder what sort of "content" that would be?

            You are aware that your client has some mumsnet subscribers in its ranks?

        2. This post has been deleted by its author

  3. Dan 55 Silver badge
    Facepalm

    Samwrong

    "It is unlikely for this issue to occur when used at home on domestic Wi-Fi as security controls are standardised by the router and ISP, and security certificates are likely to be authorised automatically"

    Unless you install a new root cert on the client device, you should get a warning.

    1. LDS Silver badge

      Re: Samwrong

      Frankly, I don't even understand what that sentence means. Certificates are an end-to-end matter, so neither your router, and especially your ISP, should touch them - or authorize invalid ones authomatically.

      Unless your ISP is slurping your SSL data and has installed a root CA on your machines....

      1. John Riddoch

        Re: Samwrong

        Depends what it's doing. If I send a request to https://dodgysite.com/ which is blocked by the router, it will send some kind of response back which, because it doesn't have the right cert, will generate an ssl error.

        There are also proxies which can do inspection by using dodgy root certs on the client browsers so they can decrypt to capture malware, data leak prevention etc.

        1. JohnFen Silver badge

          Re: Samwrong

          " If I send a request to https://dodgysite.com/ which is blocked by the router, it will send some kind of response back "

          What?

          If your router is blocking access to a site, why is it sending any kind of response back? Every router I've seen just drops the packets going to/from the destination. No response is generated (or needed) by the router.

          1. Dan 55 Silver badge

            Re: Samwrong

            Corporate net nannies usually say "dodgysite.com has been blocked because it falls into the following categories: file sharing" or something similar and as they send it using the net nanny MITM certificate, the browser will complain unless it has also has the corporate root certificate also installed.

            1. JohnFen Silver badge

              Re: Samwrong

              Ahh, I understand. I was thrown off by the use of the term "router" and was thinking of it as a router thing. But that's really a proxy thing.

              My bad, for being too narrow in my interpretations!

          2. Lorribot

            Re: Samwrong

            Some corporate web proxies, such as ZScaler, will act as a man in the middle in order to scan traffic for nasties, so will provide their own cert for comms between client and them, if the device does not have the correct intermediate cert you will see an error like this. I suspect a company like John Lewis would be using a similar type of proxy service, but are not able to put the required certs on all devices.

      2. stungebag

        Re: Samwrong

        Web filters such as those used in schools (and shops?) use MITM tactics; they unencrypt https, ensure the content isn't verboten then reencrypt it, using their own cert. The clients need the corresponding cert installed via, for instance, group policy.

      3. eldakka Silver badge

        Re: Samwrong

        In corporate networks, internet access is frequently via an TLS MITM proxy server, unless going to an small set of approved sites, like major financial institutions (i.e. your internet banking logon), etc., which are usually whitelisted from being intercepted.

        Usually the organisation will insert the certificate into the PC's cert-store (assuming a windows shop) as an authorised CA cert so you don't get cert errors even though there is a MITM attack going on. E.g., since I am reading this at work now, when I look at the certificate chain of the site, it shows a certificate chain of (names changed to protect the guilty):

        Proxy Root CA -> Proxy Subordinate authority -> Proxy Intercept CA -> theregister.co.uk

        With the three self-signed 'Proxy' CA certs having been inserted into the windows PC's certificate store as trusted CAs (which can be viewed using certmgr.msc) by the corporate operating environment.

        Public access points often implement the same sort of technology - though they can't insert their CA into your devices certificate store, hence certificate errors - to protect themselves from, for example, someone going to a porn site on a public terminal.

  4. Blockchain commentard Silver badge

    The bigger question is why the feck would you want a screen on your fridge?

    1. chuBb.
      Facepalm

      Far out in the uncharted backwaters of the unfashionable end of the western spiral arm of the Galaxy

      Yeah, only reason i can think of is people losing counter space for the kitchen tv to fit so the ugly over sized lump fits in their house. That or its for the sort of person who likes tech but doesnt work with tech, expect they also insist on wifi for consoles that reside 2foot away from the router and would be better served by a cable.

      Recently re-read hitchhikers guide and couldnt help think that mr adams had it spot on with:

      "Far out in the uncharted backwaters of the unfashionable end of the western spiral arm of the Galaxy lies a small unregarded yellow sun. Orbiting this at a distance of roughly ninety-two million miles is an utterly insignificant little blue green planet whose ape-descended life forms are so amazingly primitive that they still think digital watches are a pretty neat idea."

      Sums up my thoughts on consumer tech in a nut shell; smart watches, snoop speakers and wifi enabled light bulbs (thats the one that does my head in the most, surely you couldnt ask for a more perfect application for powerline ethernet....)

      1. Dusty
        Unhappy

        Wi-Fi for all!

        "they also insist on wifi for consoles that reside 2 foot away from the router and would be better served by a cable."

        Oh, don't go there! :((

        One of my big whinges is the way that the "Standard" hubs provided by internet providers only provide very limited physical connectivity.

        Added to that, they are all rather small and lightweight "Table top" devices which means that if you do plug cables into it, they tend to slide off onto the floor unless the weight of the cables is supported elsewhere (Cable tied to table leg etc).

        What I want is a Wi-Fi router with a good half dozen (or more) ether net connections that can be mounted on the wall (Say) so that it is secure.

        I know that there are alternative options, but despite using this site I am not an IT professional and, In my case I use BTinternet and the BT TV service and from what I have read on the subject. Using non-BT routers is a bit of a faff if you want all the services to work correctly. Also, unless one wants to go full fat cabinet mounted units. ALL the available after market routers/ethernet hubs available seem only to be the table top type.

        Grrrr. :((

        1. Kubla Cant Silver badge

          Re: Wi-Fi for all!

          Try an Ethernet switch. Lots of ports for not much money.

        2. katrinab Silver badge

          Re: Wi-Fi for all!

          My router has exactly one cable leading from it, to the ethernet switch. Though in my case, it is quite a long cable, goes through a hole in the wall, under/behind all the kitchen units, and out through another hole in another wall, then to the network switch in a more convenient location.

          1. Mark #255

            Re: Wi-Fi for all!

            When our Youview box developed terminal issues, BT sent out an engineer to fix it (with a new one, it turned out).

            They were most perplexed to find that the cable leading from the router was grey, but the cable into the Youview box was black. ("Did you splice the cables?" "No, that's a patch cable to the Cat 5 socket down there, which runs to a bank in the understairs cupboard next to the switch. Behind the TV are two more Cat 5 sockets, for the HTPC and the Youview box"...)

            Comprehension dawned, but they still had to test with their own cable running directly between the two.

          2. irrelevant

            Re: Wi-Fi for all!

            And mine, actually an old openreach box that talks ppoe, cable goes to a socket that heads upwards three floors to the rack in the attic where I have a firewall box and two 24 port s switches that then feed the rest of the house. Even then, most rooms ended up with their own smaller switches. All managed switches, with vlans to keep the IoT things (sorry!) away from the games console away from the PCs, etc..

        3. Hans Neeson-Bumpsadese Silver badge

          Re: Wi-Fi for all!

          Using non-BT routers is a bit of a faff if you want all the services to work correctly.

          I ditched the HomeHub supplied by BT fairly sharpish and replaced it with something from Netgear. Much better wifi, and includes 4 ethernet ports, one of which runs to a 5-way ethernet switch upstairs. Touch wood, I've not encountered any compatibility problems or increased faffage.

        4. FIA

          Re: Wi-Fi for all!

          Using non-BT routers is a bit of a faff if you want all the services to work correctly.

          Once you get it setup it should be fine. My parents are on BT on a TPLink router (bought a few years ago as the homehub at the time could barely maintain wi-fi for a day without a reboot). Worked when they moved to Plusnet, and then again when they moved back to BT.

          They have the BT tv too (although I don't think they do anything 'advanced' with it).

          Also, the hub is now serving me as a cheapo wi-fi access point (and late night disco light until I remember to tape over the flashing purple light of 'no internet connection').

        5. disgustedoftunbridgewells Silver badge

          Re: Wi-Fi for all!

          You can get an 8 port Ethernet switch for like £20. That's what I have screwed into the back of my TV cabinet so that all the various boxes can be connected to the one port router.

          ( google 8 [or whatever] port gigabit switch )

          1. katrinab Silver badge

            Re: Wi-Fi for all!

            Even in PC World, you can get one for £18.

            1. Roland6 Silver badge

              Re: Wi-Fi for all!

              >Even in PC World, you can get one for £18.

              Be careful, the reason why these switches are cheap is due to their low performance, specifically their backplane (port-to-port) bandwidth and low Packet Filtering/Forwarding Rates; in general when the vendor doesn't give a packet throughput rate in the technical specifications you can be sure it is on the low side.

              Also don't be misled by the number of ports; I've seen one vendor who's 5, 8 & 16 port switches use the same chipset - good enough for a 5-port switch on a typical office desk, but not for a 16-port switch connected to the office application servers...

        6. chuBb.

          Re: Wi-Fi for all!

          No faffing needed other than to dig out your welcome letter to find your real user name and password to access the services

          Have gone through a sucession of routers (network geek, i like to fart about with overspecced/overcomplicated home networks) instead of the wonk bt sends out as a home hub, no issues what so ever with BT IPTV channels using my own networking kit.

          Pretty much any vdsl supporting home router will do the trick with infinity, typically these are about £120, but generally cure all unreliable wifi and connectivity problems, and are obviously portable between isp's

          My own setup is a bit more over kill, as i run reconditioned/salvaged from scrap pile PoE switches, firewall(s), access points and separate lan for the kids stuff which gets heavily proxied to spoil there fun ;) (worst case scenario is that i raise them into being competant hackers and they work out how to bypass it...)

      2. hittitezombie

        powerline ethernet is evil

        Powerline ethernet creates massive noise in HF frequencies. As an RF user in amateur radio frequencies, HISSSSSSS!!!

        1. Roland6 Silver badge

          Re: powerline ethernet is evil

          >Powerline ethernet creates massive noise in HF frequencies.

          Not really seen this problem with Homeplug AV2 adaptors, but then I don't connect sensitive equipment to the mains without either using some form of filter/surge protector and/or ferrite sleeves.

      3. Anonymous Coward
        Anonymous Coward

        Re: Far out in the uncharted backwaters of the unfashionable end of the western spiral arm

        "[...] wifi enabled light bulbs (thats the one that does my head in the most, surely you couldnt ask for a more perfect application for powerline ethernet....)"

        Wifi should be using a legal band at a legal power. Mains wiring as a LAN radiates a lot of RF noise all over the radio spectrum.

        My table lamp uses a 433MHz control. One battery powered wireless switch by the door on the other side of the room - one by the lamp. Saves having to switch the main lights on and off just to navigate through the room in the dark. There's even a keyring dongle for mollifying the "did I switch the lamp off" doubts when you go to bed.

        I've just discovered how to use ESPEasy to flash Sonoff Basic 2.4GHz mains switches to cut out the need for a cloud. Ideal for my Halloween and Xmas decorations as you get a positive acknowledgement of the action. A simple rule also enables an on/off button on the unit itself.

    2. Sandtitz Silver badge

      "The bigger question is why the feck would you want a screen on your fridge?"

      To one-up your neighbours of course.

    3. katrinab Silver badge
      Flame

      The reason you want a screen on your fridge is because they can take a £500 fridge, a £200 landfill Android tablet, maybe a couple of 640x480 webcams for a few pennies each, and sell it for £3000 as a "smart fridge".

      Of course this is why business school tells you that "our business plan is to make money" is not a good business plan, but they don't listen to that.

      1. Simon Harris Silver badge
        Coat

        sell it for £3000 as a "smart fridge"

        And if you can pull it off, you'll become a fridge magnate.

        1. Huw D Silver badge

          *bows in the presence of greatness*

      2. Tom 35 Silver badge

        And you will have none of that people using the same fridge for 10 years.

    4. macjules Silver badge

      “It seemed to me,” said Wonko the Sane, “that any civilization that had so far lost its head as to need to include a screen on the fridge door in order to tell you what opening the door will do anyway is no longer a civilization in which I could live and stay sane.”

      (With apologies to Douglas Adams)

      1. veti Silver badge

        If the power consumption of the screen plus webcams is lower than the additional power used by the fridge because you opened the door - which doesn't seem far-fetched to me - then it comes out ahead in efficiency.

        1. Michael Wojcik Silver badge

          What seems likely to me is that most people will ignore the screen, because opening the door is habitual, quick, easy, and requires no conscious thought; and that most of the remaining people will look at the image on the screen, then open the door anyway, either to get something they saw, or confirm that what they're looking for isn't there, or clarify something they couldn't quite make out in the image.

    5. 080

      "The bigger question is why the feck would you want a screen on your fridge?"

      Well you could fit a camera inside the fridge to save you opening the door to see what you can have for grub

      1. JohnFen Silver badge

        That seems like an overly complicated and expensive solution for something that isn't really a problem.

        1. Michael Wojcik Silver badge

          Isn't that Samsung's corporate motto?

          1. macjules Silver badge

            No, the corporate motto is, “Our batteries are perfectly safe.”

      2. The Oncoming Scorn Silver badge
        Pint

        It would have to work with a IR sauce* for the camera to work or it could operate a relay to turn on the light.

        *Sorry - Not sorry

      3. jbrownman
        Gimp

        "The bigger question is why the feck would you want a screen on your fridge?"

        it seems to me the obvious would be to follow a recipe video,

        food + p0rn = Nigella with her Ohh's and generous helpings

      4. Anonymous Coward
        Anonymous Coward

        Or you could have a double-panel glass door on the fridge like it was a Coke/Pepsi vendor thing.

    6. GruntyMcPugh Silver badge

      .. or cameras inside it,.... putting things behind things in order of how frequently they are used is how most people organise their stuff, so the beer is at the front on the top shelf, and pickled gherkins are at the back. Given the important information about the gherkins is the fill level of the jar, not it's presence, how does a camera see that through the beer? (Punk IPA at the time of writing).

      Plus, that bag of frisee lettuce in the salad drawer covers the other contents pretty well.

  5. Sgt_Oddball Silver badge
    Coat

    So John Lewis..

    Admits to being a man-in-the-middle?

    I mean I know it's for middle class types but thats taking it a tad far?

    Mines the threadbare Reiss jacket...

    1. LDS Silver badge

      Re: So John Lewis..

      Well, they may have good reasons to avoid public-facing systems are used for illegal activities. They should warn customers, anyway.

      1. John Brown (no body) Silver badge

        Re: So John Lewis..

        "They should warn customers, anyway."

        Two likely possibilities.

        1) The fridge was attached to the in-store private network so customers are not affected anyway.

        2) The in-store public network probably requires a sign-up at an enforced "hijacked" browser home page where if you spend the three hours reading the T&Cs, the users are informed.

  6. Pascal Monett Silver badge

    So it's the store's WiFi control that blocked something

    I guess it's a good thing they did, or we would have read an article about how John Lewis has porn on its fridge displays.

    So well done then !

    1. Anonymous Coward
      Anonymous Coward

      @Pascal Monett - Re: So it's the store's WiFi control that blocked something

      ...and the number of in-store customers would have made for mind-blowing stats.

  7. Steve Davies 3 Silver badge

    Perhaps...?

    John Lewis migh like to consider selling their security setup to... shall we say more vunerable customers. ergo, the man who got scammed out of £4K by John from Microsoft support (or something similiar).

    After all, every little bit helps... oh wait that's Tesco's. Never mind.

    1. Anonymous Coward
      Anonymous Coward

      Re: Perhaps...?

      Anon because... some "warranties" cover that service too, for a similar price.

    2. Arthur the cat Silver badge

      Re: Perhaps...?

      After all, every little bit helps... oh wait that's Tesco's.

      Friend of mine works for Tesco. The in-house version is "very little helps".

  8. Anonymous Coward
    Anonymous Coward

    Does that mean it's going to crash when I take my meat out?

    1. Tatsky

      It might have an issue if you pop it in the wrong drawer

  9. 0laf Silver badge
    Pirate

    I thought it was normal to try and pop the passwords on the laptops etc in Currys. It's all fair game surely?

    1. Anonymous Coward
      Anonymous Coward

      I expect that's a criminal offence these days, punishable by life imprisonment in America or somewhere.

      1. Anonymous Coward
        Anonymous Coward

        You don't need to be imprisoned in America for it to be a punishment. Just the thought of going there would be enough

  10. Keith Oborn

    Glad to see John Lewis has tightened up-

    Some few years ago a colleague did the following to demonstrate that the (BT provided) WIFi at JLP Oxford St. was a tad wide open and allowed access to *anything* bu *anybody*:

    Stand in street outside. Connect to store network (no security, nothing, open access). Browse to porn site. Take screenshot. Email to Bt and JLP with supporting evidence. Await small explosion. It worked as a sales tactic, we got the business to sort this sort of thing out ;-)

  11. mark l 2 Silver badge

    It was always going to happen that if you leave internet connected devices hanging around unattended in a store, someone is going to try and bring up porn on it.

    Luckily for John Lewis they tried to view a site that was obviously on some block list, but maybe the next one might find a website that isn't blocked. So it begs why the fridge needs to be connected to the internet in the first place when its in a store?

    1. katrinab Silver badge
      Flame

      Because if they demonstrate it working just fine without internet connectivity, then people might wonder why they should pay £3000 for this IOS device rather than c£500 for a dumb fridge.

      [IOS = Internet of $expletive]

  12. Luiz Abdala Bronze badge
    IT Angle

    Fridge logic.

    Crossing the wires in my head, reminded me of this webpage:

    https://tvtropes.org/pmwiki/pmwiki.php/Main/FridgeLogic

    Samsung checking for internal consistency on its fridge web browser paid off, then?

    From fridge logic to logic in the fridge.

  13. Lazlo Woodbine

    Site blocking

    I found that John Lewis' instore WiFi has a habit of blocking competitors' websites when you're trying to do price comparisons, luckily last time I was in I could get a decent 4G signal and so managed to get £20 of the price of a pair of Sony earphones that were cheaper in Argos...

  14. disgruntled yank Silver badge

    Unsavory content

    My old, not-very-smart fridge had unsavory content thirty-odd years ago. Then I got married and learned about throwing out the moldy stuff.

    1. Pete4000uk

      Re: Unsavory content

      Bit of a waste?

    2. John Brown (no body) Silver badge
      Paris Hilton

      Re: Unsavory content

      A 3 grand fridge would have been more cost effective.

    3. Fruit and Nutcase Silver badge
      Paris Hilton

      Savoury Bites

      The Waitrose food hall elsewhere in the basement at JLP Oxford St has plenty of Savoury Bites that you can ogle and purchase to take home for pleasurable activities behind closed doors

  15. SVV Silver badge

    What they have said about it probably gives too much away anyway

    As there is probably already an unofficial "hack the fridge" contest underway right now as a result of this article, it won't take very long for someone to realise just how easy it is to set up a quick free cloudy VM based webserver, with free SSL cert and one image file accessible via IP address URL and then go into the store and display their photo on the fridge of a nice scenic view which is perfectly legal and totally appropriate for public display in a shop.

    1. Aristotles slow and dimwitted horse Silver badge

      Re: What they have said about it probably gives too much away anyway

      But also something relevant to the subject matter though... like two potatoes and a sausage?

  16. Paul Johnson 1
    Holmes

    Actually, its probably for any HTTPS site

    Company intranets that block NSFW websites (basically meaning all of them) do so using a HTTPS proxy. The browser connects to the proxy instead of the real web site and the proxy masquerades as the site. In order for this to work the browser needs to have a certificate for the proxy, basically telling it that the same certificate is owned by every single web site on the Internet. In-house PCs will have this certificate installed by the IT department, but obviously someone forgot to notify them about the fridge.

    So this message is not the result of someone trying to access porn, its probably just from the fridge trying to phone home and getting a certificate error.

    Which is actually a Good Thing: the fridge security is configured properly, at least for outgoing HTTPS access.

    1. JpChen

      Re: Actually, its probably for any HTTPS site

      Actually, these days it's more common for proxies to sniff the domain of the cert and block accordingly (Google peek and splice). This negates the need to man in the middle with intermediate certs.

      1. katrinab Silver badge

        Re: Actually, its probably for any HTTPS site

        Yes, but when it displays the message that you have been blocked for viewing inappropriate content, that triggers the certificate error and the warning that the content of the site may have been interfered with, because, well, it has been interfered with.

  17. First Light

    Wasn't there a Silicon Valley episode where the Pied Piper server backed itself up on hundreds of "smart" fridges?

    I wondered at the time if that might be possible.

  18. Rasslin ' in the mud
    Coat

    I prefer:

    The article says: "At least the fridge door should be wipe-downable." I think "wipe-offalble" (not a typo) would be more fitting.

    I'm leaving now.

  19. Jyve

    Phone use

    That's why you set your phone to be a hotspot, get the fridge connecting to that, and THEN going to anywhere you want.

  20. Jedit
    Coat

    At last, the device we need

    Now all the PUAs wondering why women don't respond to their tremendous sexual magnetism can find themselves stuck to the sexual fridge.

  21. RRJ
    Joke

    I wonder what sort of "content" that would be?

    Unsavoury content - Was last weeks lunch that's gone bad..

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019