Announcement

Collapse
No announcement yet.

"Java" Security

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • "Java" Security

    Vulnerabilities found in Jura F90 Coffee maker with the Jura Internet Connection Kit.

    Ok, Ok, the thread title is real groaner of a pun, I admit it, but the link does point out a real security issue in an actual embedded device. The implications of this isn't so much that someone changed the temperature of your espresso, but the problem with overlooking security in embedded devices. While we're all worried about things like whether the company's database servers has the latest patches, someone could be owning the coffee maker (or other embedded device) and using it for a springboard for elevating their privileges or other attack.
    Thorn
    "If you can't be a good example, then you'll just have to be a horrible warning." - Catherine Aird

  • #2
    Re: "Java" Security

    I can picture what things could come from this.

    Why would someone (unless it's shrdlu) want to spend that much money on a coffee/espresso maker?
    Last edited by lil_freak; June 20, 2008, 16:22. Reason: edited a misspelled word
    "It is difficult not to wonder whether that combination of elements which produces a machine for labor does not create also a soul of sorts, a dull resentful metallic will, which can rebel at times". Pearl S. Buck

    Comment


    • #3
      Re: "Java" Security

      I'm just waiting for the article about the RIAA coming to the office and impounding the coffee makers for downloading pirated music.

      But yes, I agree completely.
      " 'Yields falsehood when preceded by its quotation' yields falsehood when preceded by its quotation."
      - Willard Orman Van Quine

      Comment


      • #4
        Re: "Java" Security

        Originally posted by moleprince View Post
        I'm just waiting for the article about the RIAA coming to the office and impounding the coffee makers for downloading pirated music.

        But yes, I agree completely.
        Or the printers, or fax machines, or label maker. That would be freaking awesome though. "I'm sorry Mr. RIAA, we tracked down the streaming bittorrent of the latest Marylin Manson ABBA tribute album to the coffee maker."

        Comment


        • #5
          Re: "Java" Security

          I'd think the other concern with these things is that many of them do send out emails in case of trouble, which means they have some sort of SMTP engine in them. How easily could they be turned into spam relays?
          A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

          Comment


          • #6
            Re: "Java" Security

            Originally posted by lil_freak View Post
            I can picture what things could come from this.

            Why would someone (unless it's shrdlu) want to spend that much money on a coffee/espresso maker?
            Okay, this made me curious, so I looked it up. Poor guys, the first four hits are about the vulnerability. However:

            $1,798.00!!!! That's INSANE.

            http://www.amazon.com/Jura-Capresso-.../dp/B00008I8NT

            Good old Amazon will give you free shipping, and it's *on sale*, down from $2,250.00 (lucky for us).

            I would *never* buy such a thing. I don't like any coffee maker that does anything other than make coffee. Espresso? If I wanted such a thing, then I'd want a different machine for it. Man, I've bought *cars* for less money than that.

            Mmmmm.... Coffee (Moka Java this morning, thanks for asking).

            Comment


            • #7
              Re: "Java" Security

              Originally posted by barry99705 View Post
              Or the printers, or fax machines, or label maker. That would be freaking awesome though. "I'm sorry Mr. RIAA, we tracked down the streaming bittorrent of the latest Marylin Manson ABBA tribute album to the coffee maker."
              there was actually a University I read about recently who had been injecting fake IP's into the swards for torrents. Not actually downloading, just showing up as a peer. The IP's they injected traced back to printers and photocopiers. Basically making the point that the RIAA was just targeting IPs and not verifying that anything was downloaded.
              Never drink anything larger than your head!





              Comment


              • #8
                Re: "Java" Security

                Originally posted by renderman View Post
                there was actually a University I read about recently who had been injecting fake IP's into the swards for torrents. Not actually downloading, just showing up as a peer. The IP's they injected traced back to printers and photocopiers. Basically making the point that the RIAA was just targeting IPs and not verifying that anything was downloaded.
                That was the University of Washington, whose printers received hundreds of DMCA takedown notices.
                "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

                Comment


                • #9
                  Re: "Java" Security

                  Originally posted by theprez98 View Post
                  That was the University of Washington, whose printers received hundreds of DMCA takedown notices.
                  The ultimate in Irony would have been if the RIAA had sent the notices as printjobs directly to the printers. (Yes, I know, the RIAA didn't know they were finding printers)
                  A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

                  Comment


                  • #10
                    Re: "Java" Security

                    Who pays that much for an espresso machine and needs a computer to control it?
                    45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B0
                    45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B1
                    [ redacted ]

                    Comment


                    • #11
                      Re: "Java" Security

                      Originally posted by bascule View Post
                      Who pays that much for an espresso machine and needs a computer to control it?
                      The same kinds of nutcases that buy $500 cat5 cables to inter-connect audio equipment.
                      A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

                      Comment


                      • #12
                        Re: "Java" Security

                        Originally posted by streaker69 View Post
                        The same kinds of nutcases that buy $500 cat5 cables to inter-connect audio equipment.
                        Good one!!!

                        Comment

                        Working...
                        X