If the vulnerability can't be revealed for "ethical" reasons, that implies it's ongoing... so what would a reset do? Wouldn't the newly reset credentials be just as vulnerable until fixed?
Dick Morrell urgently advising Amazon users to sign out of all devices, reset their passwords, and delete 2FA tokens due to an unspecified security issue. The issue appears to be related to Amazon Echo devices, which have been accused of scanning users' Wi-Fi networks and sending detailed profiles of network equipment back to Amazon. The code for this functionality is allegedly contributed by the US National Security Agency, raising concerns about privacy and unauthorized surveillance. Users are encouraged to take immediate action to protect their accounts and devices, as the full extent of this security problem is still unclear.
It's totally right there! Right in the privacy policy no one read, on page 53, in size 2 font, in the cellar, in the display department, in the bottom of a locked filing cabinet stuck in a disused lavatory with a sign on the door saying ‘Beware of the Leopard.'
Who is Dick Morrell? This Twitter thread seems discombobulated, although I admit I am quite tired at the moment. Does this only apply to people who use Echo? Is it all Amazon users? Why does deleting 2FA help? Is Amazon storing passwords in clear text?
