Tag Archive for: Lego

Bugs in Lego Resale Site Allowed Hackers to Hijack Accounts

/in


Security analysts have found bugs in Lego’s second-hand online marketplace that left its users at risk of account hijacking and data leakage.

In a blog post(Opens in a new window), Salt Labs said that the issues, now resolved, affected Lego-owned BrickLink.com, the world’s largest official marketplace for Lego bricks.

The security researchers said that two API security issues could have enabled an attacker to take over BrickLink accounts, and access and steal personally identifiable information stored on the site. The vulnerabilities could have also allowed attackers to gain access to internal production data and compromise internal servers, Bleeping Computer reports(Opens in a new window).

The BrickLink bugs were spotted when Salt Lab analysts were experimenting with user input fields on the marketplace site. 

The first flaw noted by the researchers included a cross-site scripting (XSS) deficiency in the “Find Username” dialog box of the coupon search section which allowed for the “injection and execution” of code that could target a target’s machine.

The flaw, if exploited correctly, means attackers could have access to personal details such as a targeted user’s email address, shipping address, order, and message history, Salt Lab said.

Researchers also exploited a flaw on the “Upload to Wanted List” page where a faulty endpoint parsing mechanism allowed them to launch an attack that could read internal production data. 

Recommended by Our Editors

The analysts said that they were unable to confirm or deny whether any of the vulnerabilities were exploited.

PCMag contacted Lego for comment on the BrickLink bugs but did not immediately receive a response.

The security analysts encourage any concerned Lego fan to directly contact the brand if they are concerned about the reported vulnerabilities. 

In October, Lego decided to discontinue its Mindstorms range of programmable robots, after 24 years of production. It means the end of Lego’s $359.99 Mindstorms Robot Inventor Kit, which lets Lego-fans build five different robot models out of 949 Lego bricks.

Like What You’re Reading?

Sign up for SecurityWatch newsletter for our top privacy and security stories…

Source…

Hacker Uses LEGO Mario to Play Super Mario Bros

/in

A self-proclaimed “hardware hacker” has managed to code the LEGO Super Mario figurine to control the original Super Mario Bros.
mac hacker – read more

Hacker turns little Lego man Mario into Super Mario Bros. controller

/in

There are lots of ways to play Super Mario games if you’re feeling creative. You could use a regular controller, sure, but why not a Guitar Hero guitar, Donkey Kong’s famous bongo peripherals, or even …
mac hacker – read more

Raspberry Pi add-on will help you build Lego Mindstorm robots

/in

Using the Raspberry Pi to create robots is nothing new. But a new product called BrickPi seeks to make building Pi-based robots easier than ever with an add-on board and case that connect the Pi to Lego Mindstorm robot kits.

BrickPi is a Kickstarter project that has blown past its goal of $ 1,889 with more than $ 21,000 raised. The BrickPi add-on board “slides over your Raspberry Pi and connects, controls, and powers Mindstorm motors and sensors, and provides power to the Raspberry Pi.” The add-on board’s firmware is written in Arduino and the code is available online.

The second component of BrickPi is a case with holes that Lego pieces can snap into. Kickstarter contributions of $ 35 will get you the BrickPi itself, while $ 45 or more gets you the BrickPi and the case. Dexter Industries, the company making BrickPi, says deliveries will begin in August 2013.

Read 8 remaining paragraphs | Comments


Ars Technica » Technology Lab