Re: [Full-disclosure] Hackery Channel 01-09-01-LOLZ: Cat Spoofing against Flow Control
- From: Jordan Bray <jordanbray@xxxxxxxxx>
- Date: Fri, 30 Jan 2009 13:17:56 -0500
On Fri, Jan 30, 2009 at 11:57 AM, Charles Morris <charlesmorris@xxxxxxxxx>wrote:
On Thu, Jan 29, 2009 at 6:04 PM, hack ery <hackery.channel@xxxxxxxxx>
wrote:
Security Risk: Highdevice,
Exploitable: Local
Vulnerability: Arbitrary Flow Control Control, Cat Spoofing
Discovered by: The Hackery Channel
Tested: No
The Flow Control project is an access control project for a cat. It
consists of a cat door, an electromagnetic latch, a access control
and image recognition software that allows Flow to enter the house, andonly
when she is not carrying prey. When Flow is within proximity of thedoor,
she passes through a light that casts a shadow on an area monitored by a
camera. If the silouhette, appears to be Flow without prey, access is
granted.
Cat Spoofing: An attacker could potentially gain access by posing as a
kitty by placing a cut out of the kitty next to the light.
Mitigation: None.
Work around: Guard dog
Vendor Notified: No
Vendor Site: http://www.quantumpicture.com/Flo_Control/flo_control.htm
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
The solution of course would be to clone the system and take a
vertical image, creating a decent 3-D map of the Cat attempt. What
about two-factor authentication? I'm thinking a mass spectrometer
reading in combination with the facial recognition. That could detect
a Cat spoofing and/or brute-force attack with a bust or cardboard
cut-outs. With any biometric authentication it's going to be expensive
and have all kinds of bugs and quirks... just teach him a password..
sheesh.
Have any of you guys heard of RFID?
--
/me
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Follow-Ups:
- Re: [Full-disclosure] Hackery Channel 01-09-01-LOLZ: Cat Spoofing against Flow Control
- From: Michael Holstein
- Re: [Full-disclosure] Hackery Channel 01-09-01-LOLZ: Cat Spoofing against Flow Control
- References:
- Prev by Date: [Full-disclosure] Browser Fuzzer 2
- Next by Date: [Full-disclosure] Aint no such thing as cyberwar...
- Previous by thread: Re: [Full-disclosure] Hackery Channel 01-09-01-LOLZ: Cat Spoofing against Flow Control
- Next by thread: Re: [Full-disclosure] Hackery Channel 01-09-01-LOLZ: Cat Spoofing against Flow Control
- Index(es):
Relevant Pages
|
