How seriously do I take my coffee? Consider this espresso machine is in a bathroom.
PhoneBoy π€π¨πΌβπ»π
- 84 Followers
- 28 Following
- 135 Posts
#Cybersecurity Evangelist π» Podcaster π Coffee achiever βοΈ Seer of things you people wouldnβt believe. π³ Purveyor of personal opinions π
Even though I downgraded my Internet speed for the same price I'm paying now, it's silly to pay for more than a Gigabit connectin when the connection to the modem is Gigabit Ethernet. Also, very silly to have a cap on how much data I can use, especially given the fact I'm uploading and downloading a whole lot more video now.
Where do you spend your time and attention? Is it on things that create or continue conflict and fear, or is it on things that bring you joy and happiness? Where you focus determines where you're going.
Have a longer-form version of this on YouTube: https://youtu.be/stiZ-eVaGjs
Wherein I talk about past, present, and future you and how awareness of this can increase your level of presence in your own life.
On Past, Present, and Future You/Me
My other half made a cooking video about the Carne Asada Bowls we had on Saturday...quite tasty and informative. Also clean.
And, also, subscribe to her channel.
Carne Asada Bowls
I've resurrected my old podcast "PhoneBoy Speaks" as a regular video series with a focus on health of all kinds (mental, physical, spiritual). Share, subscribe, like, do all that social stuff y'all do.
BobDaHacker π³οΈββ§οΈπ± New Blog Post: Petlibro Smart Pet Feeder Vulnerabilities (Partially Fixed, $500)
Found critical vulns in Petlibro - one of the biggest smart pet feeder companies:
- Auth bypass via broken OAuth - just need Google ID (public info via Google APIs) to login as anyone
- Access any pet's data, devices, serial numbers, MAC addresses
- Hijack any device - change feeding schedules, access cameras
- Access private audio recordings (mealtime messages to pets)
- Add yourself as shared owner to any device
The worst part? They "fixed" the auth bypass by making a new endpoint... but left the old vulnerable one active for "legacy compatibility." Two months later, still working.
Also tried to get me to sign an NDA AFTER paying the bounty. That's not how contracts work.
Full writeup: https://bobdahacker.com/blog/petlibro
#InfoSec #BugBounty #ResponsibleDisclosure #IoT #Petlibro #Security #Privacy #CyberSecurity #SmartHome #OAuth
Petlibro: Your Pet Feeder Is Feeding Data To Anyone Who Asks
How I found critical vulnerabilities in Petlibro smart pet feeders allowing complete account takeover via broken OAuth, access to anyone's pet data, device hijacking, and private audio recordings - and how they're still leaving the auth bypass active for 'legacy compatibility' two months later.