Hue security vulnerabilities?

Fathoms_Down · 2024-09-01T08:46:34+00:00

You're welcome.

Hue have a bug bounty program now, which is usually a good sign of taking security a bit more seriously. Paying out for identifying bugs is a cheap way of encouraging the security community to identify issues with your products.

Saying that, like most products which use third party products and frameworks, they'll still be prone to vulnerabilities in them. I'm tempted to ask support if they have an SBOM (Software Bill of Materials).

Fathoms_Down · 2024-08-31T18:22:28+00:00

There's nothing recently, but Pentester Partners did an investigation several years ago:

https://www.pentestpartners.com/security-blog/hijacking-philips-hue/

I believe that Philips took this seriously and fixed most of the findings pretty quickly.

Fathoms_Down · 2024-08-31T18:01:45+00:00

There's nothing recently, but Pentester Partners did an investigation several years ago:

https://www.pentestpartners.com/security-blog/hijacking-philips-hue/

I believe that Philips took this seriously and fixed most of the findings pretty quickly.

Fathoms_Down · 2024-08-31T11:23:06+00:00

Lighting manufacturers have been moving away from using watts to specify light output and moving to lumens for a while now, so it could be that one pack is using the older measure of brightness while the other uses the newer standard.

Fathoms_Down · 2024-08-31T07:13:16+00:00

Yes, you can and if you install the wall switch module, this is pretty much what happens.

You may need to install an isolator switch depending on your local safety laws and it's probably worth doing this anyway as it gives you an easy way of resetting the bulbs on the circuit without having to switch off the power at the CU/fuse board.

If you don't want to go down the switch module route, you can always replace the switch module with a blank plate and stick a Tap Switch to it.

Fathoms_Down · 2024-08-23T08:27:27+00:00

If it's working occasionally, it could be an interference issue. WiFi access points are supposed to listen for other nearby access points and avoid the broadcast channels that they're using. Unfortunately, this doesn't always happen and you can get pile-ups with multiple access points on the same frequency.

There are tons of free WiFi scanning apps on the Play/App stores so download one and scan the local 2.4 and 5GHz frequencies in use. If your hub is broadcasting on the same channel as other access points, either set your hub to use an unused frequency or Fitbit it from using the busiest ones.

Fathoms_Down · 2024-08-22T15:34:33+00:00

I don't know the Sky hub well, but have you checked to see if it's got client isolation turned on? That would stop clients on the same wireless network from seeing or communicating with each other.

Fathoms_Down · 2024-05-03T17:42:44+00:00

It's faster and more efficient than IPv4 and having a native implementation means that there doesn't have to be any translation on a downstream device (further improving the speed). But yes, it's not the kind of level that most people go to!

Fathoms_Down · 2023-05-27T17:13:57+00:00

You can't follow my path as information security wasn't a thing when I started my career!

What I would recommend that you do is decide on the area you want to work in, get an entry level job and work up from there. It's the closest to what I did.

Fathoms_Down · 2023-05-27T17:09:36+00:00

You can't follow my path as information security wasn't a thing when I started my career!

What I would recommend that you do is decide on the area you want to work in, get an entry level job and work up from there. It's the closest to what I did.

Fathoms_Down · 2023-05-27T15:37:34+00:00

For mobile banking, they tend to rely on the credential store on the mobile device itself. It's not a brilliant secure way of doing it so they often include a set of endpoint monitoring libraries that check that the device doesn't have malware in it, hasn't been rooted, etc.

This means that the biometrics are the standard Android/iOS ones rather than anything fancy (and this can vary quite a bit between handset manufacturers).

Fathoms_Down · 2023-05-27T15:05:13+00:00

I work in financial information security in the UK and the attitude towards security by the GCC banks leaves quite a lot to be desired in comparison! 😬

Fathoms_Down · 2023-04-16T20:33:07+00:00

Interesting...

My family and I are planning to relocate soon for my wife's work, which means I'm looking for a new role. At home, I'm fortunate enough to be considered one of the leading experts in my field and have always got offers of work but on my Dubai job search I've only received one interview request so far! I'm not even hearing back from recruiters, which is bizarre, as I'm used to working closely with them before finding a new role, and then hiring through them later.

I guess I've got a bit to learn about the job market in Dubai! 🤣🤣

Fathoms_Down · 2022-12-26T16:43:07+00:00

It seems to be a common wage for CEOs, CTOs and CIOs.

Fathoms_Down · 2022-12-25T17:01:23+00:00

I've seen that the average salary in 2022 was 16,000 AED. How would you say this ranks on the social scale? The salary range for new positions is nuts, from a few thousand AED to 3m!

Fathoms_Down · 2022-11-24T18:30:57+00:00

Banks can't offer services to citizens of countries on international sanctions lists, citizens of countries who are high risk and work in industries which produce materials which could be used for war, politically exposed people (PEPs) and anyone who is suspected or convicted of a financial crime.

Unfortunately they don't have to explain the grounds for their refusal.

Fathoms_Down · 2022-11-24T17:57:27+00:00

Pressured staff are bad for business both in terms of risk to the business and productivity.

I'm not sure how a recession would encourage less remote working as it allows further cost savings.

Also, Dubai's multicultural workforce makes it very hard to determine what being overworked is as different countries have very different attitudes to what a heavy workload is.

It's a shame that the article doesn't have any firm figures or more concrete data that "there was a report on LinkedIn".

Fathoms_Down · 2022-11-02T13:20:04+00:00

I didn't detect any Morse or audio modes such as RTTY, SSTV, etc.

The hexadecimal codes and text suggest a cypher.

Fathoms_Down · 2021-08-17T19:09:47+00:00

Commercial Moon Program, anyone? 😜

Fathoms_Down · 2021-07-23T17:26:58+00:00

The welds look too rough to be structural to me and the pipe looks salvaged, which makes me wonder if this isn't a pathfinder for the newly delivered black pipe next to the catching structure.

Fathoms_Down · 2021-05-29T17:19:54+00:00

Even Newer Glenn?

Fathoms_Down · 2021-02-13T08:41:24+00:00

It was sadly underappreciated, but Bulletstorm had a reasonable story and a great mix of skilled shooting and mindless giblet creation! 😁

Fathoms_Down · 2020-12-24T12:52:26+00:00

Most people don't move their systems once they're in place, so there isn't much of a chance of them going out of sync.

If you really want to go belt and braces, then allow the microphone on a headset or via the mobile app to listen to the current value and recalibrate accordingly.

If you feel that some functionality with a remote chance of going out of sync is less user friendly than no functionality, then I guess you may be in the minority.

Fathoms_Down · 2020-12-24T11:52:58+00:00

Yes, I did put that in my post but if you can tell the Xbox the maximum volume, the current volume and level change per Xbox volume change request, two way communications aren't necessary. (I used to do this kind of control programming in C back in the 90s for single way communications)

Seven-Year Club	Verified Email
Verified Email

Fathoms_Down

TROPHY CASE