Kodak Wireless Picture Frames Open To Public 185
Jaxoreth writes "The Kodak Easyshare Wireless Digital Picture Frame displays images via a per-frame RSS feed hosted by FrameChannel. Each frame's URL is identical except for a parameter matching its particular MAC address, enabling public browsing of users' feeds. And worse, if you reach the feed of a not-yet-activated frame, it gives you the code to activate it, allowing you to preload it with whatever content you choose."
Re:Not difficult to track down actual users (Score:1, Informative)
Ordinary people don't freak out about seeing "this device is insecure". They just shrug and move on. Ordinary people do freak out about seeing goatse, though. If you wanted to hurt Kodak financially (as a disincentive to using such poor security practices), preloading with goatse would be 100x more effective than preloading with some polite message. It would also be far more likely to get press coverage.
Re:Mac address anatomy (Score:2, Informative)
The actual image storage filesystem.. (Score:1, Informative)
http://fs.framechannel.com/
returns an xml document with :
fs.framechannel.com
1000 .jpg
true
2008-11-12T18:43:37.000Z
"25b2916b5c49db617f52fa5ea48efee7"
4
STANDARD
0000193a728fd00b6cff91b8840bbf8d.jpg
2009-10-22T04:02:13.000Z
"3ec327314496f0d6d92467f399bfdba8"
http://fs.framechannel.com/0000193a728fd00b6cff91b8840bbf8d.jpg
gives you the image ..
This appears to be for all the "personal" content displayed in the frame..
Re:Doesn't surprise me (Score:3, Informative)
Why can't I buy a frame that simply displays a .RSS on the internet? [snip etc etc etc ]
You want a Chumby [chumby.com]. Mine does all that, and you can SSH into it.
Re:Mac address anatomy (Score:3, Informative)
I just hope that the inevitable grudge firings fall on the guy who said "C'mon, unique keys will add manufacturing complexity, we'll just use MACs" rather than whatever poor bastard just did the implementation.