Slashdot Mirror

← Back to Stories (view on slashdot.org)

Kodak Wireless Picture Frames Open To Public

Posted by kdawson on from the look-ma-a-picture-of-a-goat dept.

Jaxoreth writes "The Kodak Easyshare Wireless Digital Picture Frame displays images via a per-frame RSS feed hosted by FrameChannel. Each frame's URL is identical except for a parameter matching its particular MAC address, enabling public browsing of users' feeds. And worse, if you reach the feed of a not-yet-activated frame, it gives you the code to activate it, allowing you to preload it with whatever content you choose."

5 of 185 comments (clear)

  1. Re:Not difficult to track down actual users by Anonymous Coward · · Score: 1, Informative

    Ordinary people don't freak out about seeing "this device is insecure". They just shrug and move on. Ordinary people do freak out about seeing goatse, though. If you wanted to hurt Kodak financially (as a disincentive to using such poor security practices), preloading with goatse would be 100x more effective than preloading with some polite message. It would also be far more likely to get press coverage.

  2. Re:Mac address anatomy by darthnoodles · · Score: 2, Informative

    All unregistered frames now go to an error image. It states that they can't provide a registration number at this time. Looks like they caught on.

  3. The actual image storage filesystem.. by Anonymous Coward · · Score: 1, Informative

    http://fs.framechannel.com/

    returns an xml document with :

    fs.framechannel.com

    1000
    true .jpg
    2008-11-12T18:43:37.000Z
    "25b2916b5c49db617f52fa5ea48efee7"
    4
    STANDARD

    0000193a728fd00b6cff91b8840bbf8d.jpg
    2009-10-22T04:02:13.000Z
    "3ec327314496f0d6d92467f399bfdba8"

    http://fs.framechannel.com/0000193a728fd00b6cff91b8840bbf8d.jpg

    gives you the image ..

    This appears to be for all the "personal" content displayed in the frame..

  4. Re:Doesn't surprise me by Just+Some+Guy · · Score: 2, Informative

    Why can't I buy a frame that simply displays a .RSS on the internet? [snip etc etc etc ]

    You want a Chumby. Mine does all that, and you can SSH into it.

    --
    Dewey, what part of this looks like authorities should be involved?
  5. Re:Mac address anatomy by fuzzyfuzzyfungus · · Score: 2, Informative

    All addresses are now returning an identical "fmdefaultfeed", so it looks like they got a dirty hack in place. Probably a fair few bullets sweated, though.

    I just hope that the inevitable grudge firings fall on the guy who said "C'mon, unique keys will add manufacturing complexity, we'll just use MACs" rather than whatever poor bastard just did the implementation.