Whipped Cream Difficulties

The questions ask themselves:

Trustwave SpiderLabs Security Advisory TWSL2013-020:
Hard-Coded Bluetooth PIN Vulnerability in LIXIL Satis Toilet

Did that say “toilet”?

The Satis is a “smart” toilet. It is controlled using LIXIL’s “My Satis” Android application, which communicates with the toilet using Bluetooth.

Yes. Yes, it did. A toilet with an Android application. And a hardcoded Bluetooth PIN of “0000”.

An attacker could simply download the “My Satis” application and use it to cause the toilet to repeatedly flush, raising the water usage and therefore utility cost to its owner.
Attackers could cause the unit to unexpectedly open/close the lid, activate bidet or air-dry functions, causing discomfort or distress to user.

I have no joke here, I just like saying “discomfort or distress to user”.

On a more serious note, Borepatch has a post up about one of the Black Hat presentations. The math is a little over my head, but the short version is that there’s been a lot of progress made recently in the mathematics that underpin some of the fundamental cryptography used to secure the Internet. According to the presenters:

There is a small but real chance that both RSA and non ECC DH will soon become unusable.

The link above will take you to a PDF of the presentation from Black Hat. Worth noting: Thomas Ptacek is one of the people behind this.

I’m trying to find copies of the presentations I’m interested in; as I dig stuff up and have time, I’ll post links, but I’m not having a lot of luck right now.