I could have sworn I locked the house when I went to work this morning ...
Honeywell has issued an urgent firmware update for its three-year-old Tuxedo Touch home automation controller to patch vulnerabilities that could, among other things, let an attacker unlock users' deadlocks. This CERT advisory explains that without the firmware upgrade, all users are vulnerable to authentication bypass and cross-site request forgery. Following the standard how-to-make-things-insecure playbook, the security behemoth decided that customers' lives would be sadly incomplete if it di...