[Dshield] From security-basics: Hacking Coffee Makers
Paul Schmehl
pschmehl_lists at tx.rr.com
Thu Jun 19 05:28:03 GMT 2008
--On June 19, 2008 12:33:35 AM -0400 Jon Kibler <Jon.Kibler at aset.com>
wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> All,
>
> A couple of updates:
> Al-Qaeda targets net-connected coffee machine
> http://www.theregister.co.uk/2008/06/18/coffee_machine_menace/print.html
>
>
> A technical analysis of the problem:
> A more detailed description of the Jura F90 vulnerability
> http://www.securityfocus.com/archive/1/493433
>
> An Internet enabled 'frig (that original poster pointed out)
> http://www.whirlpool.com/content.jsp?sectionId=1205
>
> The real question is: What are all these appliance makers thinking? Are
> they totally clueless about security?
>
Are you being serious? Or sarcastic?
I wrote [1], back in 2002, a brief analysis of the devastating UPnP buffer
overflow that eEye announced shortly after the release of the (according
to Microsoft) "buffer overflow free" Windows XP. It was obvious then that
the advent of networked appliances in the home would open up vast avenues
of exploit-rich pathways to intrude into people's lives as well as launch
anonymous attacks that would be traced back to innocent victims.
When it comes to security, nothing changes until someone's ox is seriously
gored.
[1] <http://www.securityfocus.com/infocus/1548>
Paul Schmehl
If it isn't already obvious,
my opinions are my own and not
those of my employer.
More information about the list
mailing list