Full Disclosure mailing list archives
Re: Hackery Channel 01-09-01-LOLZ: Cat Spoofing against Flow Control
From: Charles Morris <charlesmorris () gmail com>
Date: Fri, 30 Jan 2009 11:57:40 -0500
On Thu, Jan 29, 2009 at 6:04 PM, hack ery <hackery.channel () gmail com> wrote:
Security Risk: High Exploitable: Local Vulnerability: Arbitrary Flow Control Control, Cat Spoofing Discovered by: The Hackery Channel Tested: No The Flow Control project is an access control project for a cat. It consists of a cat door, an electromagnetic latch, a access control device, and image recognition software that allows Flow to enter the house, and only when she is not carrying prey. When Flow is within proximity of the door, she passes through a light that casts a shadow on an area monitored by a camera. If the silouhette, appears to be Flow without prey, access is granted. Cat Spoofing: An attacker could potentially gain access by posing as a kitty by placing a cut out of the kitty next to the light. Mitigation: None. Work around: Guard dog Vendor Notified: No Vendor Site: http://www.quantumpicture.com/Flo_Control/flo_control.htm _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
The solution of course would be to clone the system and take a
vertical image, creating a decent 3-D map of the Cat attempt. What
about two-factor authentication? I'm thinking a mass spectrometer
reading in combination with the facial recognition. That could detect
a Cat spoofing and/or brute-force attack with a bust or cardboard
cut-outs. With any biometric authentication it's going to be expensive
and have all kinds of bugs and quirks... just teach him a password..
sheesh.
--
Charles Morris
cmorris () cs odu edu,
cmorris () occs odu edu
Network Security Administrator,
Software Developer
Office of Computing and Communications Services,
CS Systems Group Old Dominion University
http://www.cs.odu.edu/~cmorris
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Hackery Channel 01-09-01-LOLZ: Cat Spoofing against Flow Control hack ery (Jan 29)
- Message not available
- Re: Hackery Channel 01-09-01-LOLZ: Cat Spoofing against Flow Control Nancy Kramer (Jan 29)
- Re: Hackery Channel 01-09-01-LOLZ: Cat Spoofing against Flow Control Jeremy Brown (Jan 30)
- Re: Hackery Channel 01-09-01-LOLZ: Cat Spoofing against Flow Control Nancy Kramer (Jan 29)
- Message not available
- Re: Hackery Channel 01-09-01-LOLZ: Cat Spoofing against Flow Control Charles Morris (Jan 30)
- Re: Hackery Channel 01-09-01-LOLZ: Cat Spoofing against Flow Control Jordan Bray (Jan 30)
- Re: Hackery Channel 01-09-01-LOLZ: Cat Spoofing against Flow Control Michael Holstein (Jan 30)
- Re: Hackery Channel 01-09-01-LOLZ: Cat Spoofing against Flow Control Jordan Bray (Jan 30)
- Re: Hackery Channel 01-09-01-LOLZ: Cat Spoofing against Flow Control Valdis . Kletnieks (Jan 30)