from the out-in-the-open dept.
UnderAttack writes The SANS Internet Storm Center is writing that Netatmo weather stations will send the users WPA password in the clear back to Netatmo. Netatmo states that this is some forgotten debug code that was left in the device. Overall, the device doesn't bother with encryption, but sends all data, not just the password, in the clear. From the article: "After reporting the bug to Netatmo, the company responded, acknowledging that it does indeed dump all that data from the weather station’s memory unencrypted and that it would stop doing that the coming weeks."
This is the theory that Jack built.
This is the flaw that lay in the theory that Jack built.
This is the palpable verbal haze that hid the flaw that lay in...