With the GDPR taking effect some time ago, a lot of companies are still in deep water trying to both comply with the statutory provisions as well as harmonize internal processes. The stakes are high, and individuals seem to be more aware of the value and privacy of their own data, than ever before.
The German government-issued identity card (nPA) allows German citizens to not only prove their identity in person, but also against online services (by using the embedded RFID chip). SEC Consult conducted a short security test on a software component commonly used to implement this authentication mechanism.
In this blog post René Freingruber (@ReneFreingruber) from the SEC Consult Vulnerability Lab shares different filesystem tricks which were collected over the last years from various blog posts or found by himself.
The security status of sex toys is not only relevant technology wise, but much more so regarding data protection and privacy. In the case of the "Vibratissimo Panty Buster", the database containing explicit images, chat logs, sexual orientation, email addresses, passwords in clear text etc. was basically readable for everyone on the Internet...