[SecurityRatty] tag: pwn

Dude Dont Hack My Coffee

Wed, 18 Jun 2008 01:19:11 +0000

As someone trying to get off the coffee train I find the recent reports of vulnerabilities in network connected coffee machines somewhat amusing. It seems some guy tht has $2,900 to spend on a coffee maker(!!) also has the skillz to find a buffer overflow in it.

This type of thing is only going to increase as people slap more stuff onto the network with little to no care about security. These things generally all have web UIs which makes the vulns that much more interesting. It is somewhat easy to detect the spread of a mass SQLi attack on public facing web sites but what happens when we get this attack on internally facing systems? They are much harder to track and even detect. What if my coffee maker now does drive by malware attacks? What if my wireless router does? Our jobs are only geting harder people.

Link

HP Printer Hack Old News
I chuckled when I saw this Change the message on HP printers cause I thought it was pretty funny. Th...
Mac Hacked in 2 Minutes, Apple is a lame patcher
At the CanSec West conference Charlie Miller wins the PWN 2 OWN contest. I think these contest are k...
These are the crazy people in your security neighborhood - Part 2 Private Pyle
When you have been around the IT/Security space as long as I have you run into to a lot of whacky pe...
Review: The Web Application Hacker’s Handbook
These are the crazy people in your security neighborhood - Part 4, Packet Pete

Post from: Grumpy Security Guy

Dude Don’t Hack My Coffee

Security Briefing: May 29th

Thu, 29 May 2008 10:19:54 +0000

Wheeeeee… I’d like to take this moment to again bitch and moan about how much work this is — I don’t know how Dave finds the time and I’m not a morning person and I feel really bad and I’ve been busy and I don’t have enough coffee and… yeah. I got nothin. Have a Rockin’ Thursday! Thanks to all of our new subscribers that joined us yesterday. Welcome!

Click here to subscribe to Liquidmatrix Security Digest!

And now, the news…

MacOS X 10.5.3 - Big Updates, Update Now! or else the bad guys will pwn your iCal.
Defacement or Failure in Containment? Play some Russian Roulette with me! don’t believe what you see… sometimes.
Securiosis tells us when Whole Disk Encryption isn’t enough
Canadian government ACTAs to shoot itself in the foot… again. How do you say “Chilling Effect” when you’re up to your ass in melting ice-caps and pissed off polar bears?
Let a million Hackerchildren bloom - OLPC style baby
Ask /. all about security theatre HA… I didn’t get Frist Psot!!!!11!!!!
Totally wicked xkcd all about security holes xkcd is the userfriendly for the post-dot-bomb world

Tags: News, Daily Links, Security Blog, Information Security, Security News

Apple patches $10,000 bug

Thu, 17 Apr 2008 04:26:55 +0000

Apple has issued a patch for the flaw in its Safari Web browser that earned a security researcher $10,000 during last month's CanSecWest PWN 2 OWN hacking contest.

Three hackers found 'Pwn To Own' bug

Sat, 12 Apr 2008 20:00:00 +0000

The Flash vulnerability used to hijack a Windows Vista laptop during last month's "PWN To OWN" hacker challenge was independently uncovered by two other researchers, one who noted it nearly five months ago, the company that paid the contest prize money said Thursday.

Three different hackers found 'Pwn To Own' bug

Thu, 10 Apr 2008 09:00:00 +0000

A Flash vulnerability used to hijack a Windows Vista laptop at last month's "PWN To OWN" hacker challenge was independently found by two other researchers, one who first noted it almost five months ago.

Adobe patches 'Pwn to Own' bug in Flash Player

Wed, 09 Apr 2008 09:00:00 +0000

Adobe's update to Flash Player patched seven vulnerabilities, including several that could be used by attackers to hijack machines running the flawed software.

Adobe claims it knew of 'Pwn to Own' bug

Thu, 03 Apr 2008 09:00:00 +0000

Adobe says it knew of a Flash bug before it was used to crack a Windows Vista laptop last week in the "Pwn to Own" hacker challenge.

PWN 2 PAWN: Why the Vista hacker turned to eBay

Wed, 02 Apr 2008 09:00:00 +0000

It wasn't the money that led PWN 2 OWN Vista hacker Shane Macaulay to post his new laptop to eBay, and it wasn't bad spelling that got the listing canceled.

PWN 2 PAWN: Why the Vista hacker turned to eBay

Tue, 01 Apr 2008 20:00:00 +0000

When Shane Macaulay tried to sell the Fujitsu U810 laptop he won in a hacking contest last week, it seemed almost like an April Fool's joke.

Linux ignored, not immune, says hacker contest sponsor

Tue, 01 Apr 2008 09:00:00 +0000

Don't read anything into the fact that of the three laptops set up for last week's "PWN to OWN" hack challenge, the only one left standing was running Linux. There wasn't enough interest in Ubuntu, compared with the Windows and Mac operating systems, a contest organizer said.