Disney-branded internet filter had Mickey Mouse security A Disney-branded home internet filtering device might keep bad content out, but it was an open door to bad actors until earlier this month. That's what Cisco Talos's William Largent found when he took a look at "Circle with Disney", a Circle Media parental control device on which the entertainment giant slapped its brand. …
I was (probably) reliably informed yesterday that such things as research, i.e reading a suitable book on the subject and the likes of testing are 'rather too expensive'. The widespread view is that is better to get the device built and out there. Then let someone else do the research and testing then tell you what you should do to correct the weak device you produced. After that you can then correct the errors you made, but only if you feel like being so 'kind'.
At least in this case the maker/sponsor did most of the right thing.
Most of those vulns were relatively recent probably well after the device design project was finished and closed down.
On going testing was probably never considered or rejected as an unnecessary expense. Ususal device MO, build release to the wild and then do your best to forget.
The company involved has actually acted better than 90% of other by talking to the discoverer and fixing the vulns before a controlled disclosure. TBH they should get some praise for being responsible and dealing with their initial failings not just going into full denial.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
