upvote

points

by mystraline8 hours ago |
comments
upvoteby a4isms8 hours ago|
next
[-]
Doesn't disclosing this to the world at the same time as you disclose it to the company immediately send hundreds of black hats to their terminals to see how much chaos they can create before the company implements a fix?

Perhaps the author is not a coward, but is giving the company time to respond and commit to a fix for the benefit of other owners who could suffer harm.

reply
upvoteby rkagerer7 hours ago|
parent|
next
[-]
but is giving the company time to respond and commit to a fix for the benefit of other owners who could suffer harm.

If that's the case then they should have deferred this whole blog post.

reply
upvoteby 7 hours ago|
parent|
prev|
next
[-]
deleted
reply
upvoteby mystraline8 hours ago|
parent|
prev|
[-]
It took me 30 seconds with ChatGPT by saying:

Identify the kickstarter product talked around in this blog post: (link)

To think some blackhat hasn't already did that is frankly laughable. What I did was like the lowest of low-bars these days.

reply
upvoteby Barbing7 hours ago|
parent|
next
[-]
Put the product name in the title & maybe it sends thousands instead of hundreds of blackhats…

We often treat doxxing the same way, prohibiting posting of easily discovered information.

reply
upvoteby mystraline7 hours ago|
parent|
[-]
So your plan is to let the blackhats in the know attack user devices, rather than send out a large warning to "Quit using immediately"?

If we applied this similar analogy to a e.coli infection of foods, your recommendation amounts to "If we say the company name, the company would be shamed and lose money and people might abuse the food".

People need to know this device is NOT SAFE on your network, paired to your phone, or anything. And that requires direct and public notification.

reply
upvoteby pphysch7 hours ago|
parent|
prev|
[-]
And ChatGPT hallucinated a misleading answer that you are confidently regurgitating.
reply
upvoteby croisillon7 hours ago|
parent|
[-]
their original message said "my guess", not ChatGPT's, talk about responsible disclosure...
reply
upvoteby minimalthinker7 hours ago|
prev|
next
[-]
I did consider naming, but they were very responsive to the disclosure and I was not entirely familiar with potential legal implications of doing so. (For what it's worth, it is not Luuna)
reply
upvoteby stavros6 hours ago|
parent|
[-]
Please name 50 other companies it's not.

It's good that they were responsive in the disclosure, but it's still a mark of sloppiness that this was done in the first place, and I'd like to know so I can avoid them.

reply
upvoteby itishappy7 hours ago|
prev|
next
[-]
I don't see estim mentioned on that website, but I do see a comparison chart with 4 other competitors with similar capabilities to the one you linked.

What makes you think this is the one?

reply
upvoteby 8 hours ago|
prev|
next
[-]
deleted
reply
upvoteby 8 hours ago|
prev|
next
[-]
deleted
reply
upvoteby everdrive8 hours ago|
prev|
next
[-]
Even if naming and shaming doesn't work, I sure want to know so I can always avoid them for myself and my family. Thanks for the call-out and the educated guess.
reply
upvoteby 6 hours ago|
prev|
next
[-]
deleted
reply
upvoteby j457 hours ago|
prev|
next
[-]
EEG devices can cost a lot to own personally as well.

The other side of owning equipment like this is it still could be useful for some for personal and private use.

reply
upvoteby minimalthinker6 hours ago|
parent|
[-]
EEG is very useful for accurate sleep tracking.
reply
upvoteby hxbdg8 hours ago|
prev|
[-]
Presumably they’ll be named and shamed after they’ve been given a chance to fix things.
reply