backtop


Print 25 comment(s) - last by Aloonatic.. on Jun 23 at 8:52 AM


Jura Impressa F90 Coffee Maker
Wi-Fi thievery, snopping admins, hacked coffee machines, OS root tricks, oh my!

A Major Permissions Vulnerability Found in Macs
There's a constant debate over which is most secure: Windows, Mac OS X, or Linux.  While some have argued traditionally that Macs are much safer that Windows machines, that did not prove the case at a recent hackers' convention, where the Mac machine was first exploited.  Now a new vulnerability has been detailed for machines running OS X 10.4 (Tiger) and 10.5 (Leopard).  By using the following Applescript command:

       osascript -e 'tell app "ARDAgent" to do shell script "whoami"';

The command gives root to both normal users and admins, assuming that they did not use fast user switching.  Of course you have to gain access to the terminal, so a bit of social engineering might be in order, but this is still somewhat alarming.  After all, gaining root is the ultimate goal of most serious attacks.

The Thieves Among Us -- Those Who Steal WiFi
More people "borrow" (aka steal) WiFi from their neighbors, local business, and other sources than they would be comfortable admitting.  In fact, over 53 percent of people admitted, in a recent survey, to stealing WiFi.  And stealing it is a crime.  Last year a man from Cedar Springs, Mich. was fined $400 when a police officer spotted him pilfering someone's wireless connection from his car.  With the struggles of municipal WiFi, the long-promised "free" internet, this trend is likely to only increase.  Simple configuration of your routers and home networks can easily prevent this, so if you don't want the RIAA knocking on your door, be attentive of your home networks.

Wiretapping For Dummies
Ever bore some curiosity as to how to wiretap someone's phone?  Or perhaps you are an innocent party, merely concerned about your own phone being wiretapped.  Well turns out that it’s "incredibly easy" to set up a wiretap on your loved ones, acquaintances, and rivals phone (though illegal of course) -- maybe that's why the NSA and FBI are so prone to doing itIT Security, an online blog, breaks down every aspect of the hows and whys of wiretapping, to help you watch for signs that you've been tapped.

Surprise! Admins Snoop On You
A new survey confirms what many users fear -- their admins at work snoop on them.  Cyber-Ark, a security firm, survey 300 senior IT managers.  A third admitted to outright secretly snooping.  Another 47 percent admitted to peeking at information that was not relevant to their role with the company.

Mark Fullbrook, Cyber-Ark's UK director states, "All you need is access to the right passwords or privileged accounts and you're privy to everything that's going on within your company."

Of course if you don't do personal business on work machines, you have nothing to worry about.

Sweden Passes Law Allowing Government To Snoop On User Traffic
Those using Swedish internet or routing through it beware, you are being watched.  The Swedish government passed a new surveillance law, with a few minor cosmetic changes.  Pär Ström with The Local, an English language Swedish news site writes, "A monster with make-up is still a monster and "Swechelon", or Sweden's Echelon, must be stopped."

Unfortunately there is little hope of stopping the law now.  New government agencies are already being created to aid in the monitoring.  Sweden has been tightening is grip on the internet, which came into public notice when it leveled charges against the admins of The Pirate Bay, the world's largest torrent site.

With the new law on the books, and many others like it worldwide, how does one best protect themselves?  This is the question posed, which commenters are seeking to answer in a lively discussion on new aggregator Slashdot.

Internet Connected Coffee Machine Cracked To Do Hackers Evil Bidding

Craig Wright, a security manager with Risk Advisory Services, made a shocking discovery.  The Jura F90 Coffee machine can be hacked by black hat users (or those looking to prank their friends and coworkers).

The product description sounds innocent enough, "Enable the Jura Impressa F90 to communicate with the Internet, via a PC.  Download parameters to configure your espresso machine to your own personal taste.  If there's a problem, the engineers can run diagnostic tests and advise on the solution without your machine ever leaving the kitchen."

Turns out that the remote access can be gained by malicious users as well and can be used to weaken (or strengthen) your coffee or to make a puddle by changing the amount of water settings.  They can even break your machine by adding settings that don't work, making you have to take it in for service.  However the worst (and most serious) part is that they can use the portal to gain access to the XP system the machine is running on at the user's permission level.  For many users this would provide would-be hackers with a free pass to administrative rights.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

Stealing Wireless?
By Frank M on 6/19/2008 4:30:17 PM , Rating: 2
quote:
In fact, over 53 percent of people admitted, in a recent survey, to stealing WiFi. And stealing it is a crime. Last year a man from Cedar Springs, Mich. was fined $400 when a police officer spotted him pilfering someone's wireless connection from his car.


I was always told that this is untrue, that there wasn't anything illegal about using an open network. Any lawyers want to chime in?




RE: Stealing Wireless?
By FDisk City on 6/19/2008 4:45:38 PM , Rating: 2
I'm not a lawyer but I'm pretty sure it's a state-by-state.

State of Michigan:

http://legislature.mi.gov/doc.aspx?mcl-752-795

752.795 Prohibited conduct.

Sec. 5.

A person shall not intentionally and without authorization or by exceeding valid authorization do any of the following:

(a) Access or cause access to be made to a computer program, computer, computer system, or computer network to acquire, alter, damage, delete, or destroy property or otherwise use the service of a computer program, computer, computer system, or computer network.



RE: Stealing Wireless?
By tjr508 on 6/19/2008 11:00:58 PM , Rating: 2
Thts's just it, jumping on an open network is perfectly authorized use. Your computer still asks the AP for authorization, and since it is adcvertised as so, it is usually granted.


RE: Stealing Wireless?
By omnicronx on 6/20/2008 9:00:07 AM , Rating: 2
Thats not what it means by authorized use. It means authorized by the owner, which in a court of law probably means oral authorization or as the MLB likes to say 'express written consent'. You should know better that your interpretation of authorization has absolutely no meaning in a court of law as the AP does not have the authority to give you what would be considered proper authorization from the owner.


RE: Stealing Wireless?
By othercents on 6/19/2008 4:46:48 PM , Rating: 2
There isn't a specific law stating that it is legal or illegal, but basically it falls under hacking or attempted hacking. You are gaining access to a network or system that you don't have permission to use. If you had permission then there wouldn't be an issue. Just like if you borrowed your neighbors car. Much better have permission.

Other


RE: Stealing Wireless?
By pauldovi on 6/19/2008 7:47:15 PM , Rating: 2
No it is not illegal to connect to a unsecured wireless network.

They are broadcasting radio waves, you can receive them.

Now if you hack into a secure network, now you are starting to get into the illegal stuff.


RE: Stealing Wireless?
By masher2 (blog) on 6/19/2008 10:33:55 PM , Rating: 2
No. The issue isn't whether or not the network is secured, it is whether there is a reasonable expectation of public use by the owner of that network.

If you gain access to a network which is clearly intended not for public use, you're guilty -- regardless of how wide open the owner may have left it.


RE: Stealing Wireless?
By tjr508 on 6/19/2008 11:05:26 PM , Rating: 2
I always leave my network open to public use and expect reasonable people to use it if they need to for something unless it becomes a big bandwidth problem. I would say it is reasonable to think any open network is available for public use.

What is unreasonable is someone who wants their network private that wont take the required 15 seconds to set a WEP password.


RE: Stealing Wireless?
By pauldovi on 6/20/2008 1:50:56 AM , Rating: 2
Wrong.

If someone wishes to transmit unprotected radio waves into your house there is nothing wrong with you using them.


RE: Stealing Wireless?
By omnicronx on 6/20/2008 8:51:05 AM , Rating: 2
quote:
Last year a man from Cedar Springs, Mich. was fined $400 when a police officer spotted him pilfering someone's wireless connection from his car.
It all depends where you live, and what you do with it. The second you try to access a share on someones computer on the network, whether or not the network was open is illegal, just about anywhere. In fact in many places in Europe, you can be sentenced up to 5 years just for using someones wireless network without permission. Radio waves are not your property because they pass through your land, same goes with satellite signals or pretty much any other data signal.


RE: Stealing Wireless?
By walk2k on 6/20/2008 6:50:41 PM , Rating: 2
just like if you leave your door unlocked it's legal for someone to break in right?

oh thank you Mr. Internet Lawyer.


RE: Stealing Wireless?
By Aloonatic on 6/23/2008 8:52:14 AM , Rating: 2
If your door is left open then someone entering your property would not be "breaking" in :)

I believe that there is now a law against "stealing" someone's internets, at least here in the UK.

Until then, there have been lots of different laws used to prosecute people, depending on what the local CPS (crown prosecution service) thinks they will get a "win" on until now.

One case (according to a policeman friend of mine) went to court on an unlawful extraction of electricity charge, or something along those lines???

Not sure how things are done in the states though.


good stuff
By Screwballl on 6/19/2008 4:37:16 PM , Rating: 2
I would like to see a weekly run down of this type of stuff. Helps keep us on our toes and may open a few eyes.

I have one question... how do you get a BSOD on a 2" coffee machine LCD? /joking/




RE: good stuff
By pattycake0147 on 6/19/2008 4:41:04 PM , Rating: 2
I agree little things like this are the kind of things that I am most likely to read. It should be helpful to learn and perhaps spot a few security issues that I need to look into on a more in depth level.


RE: good stuff
By Smartless on 6/19/2008 6:10:58 PM , Rating: 4
For some reason when I see that coffee machine I go...

"What's with this radar? What's all this bubbling and churning? You call this a radar?"

"No sir we call this Mr. Coffee. Mr. Radar is over here."

"I knew that, everybody knows I always have coffee before I look at a radar."


RE: good stuff
By Clauzii on 6/22/2008 11:24:10 AM , Rating: 2
"Hot! Toooo Hot!"


Jura Coffee Machine Hacked?
By Saeco Coffee Machine on 6/20/2008 2:59:57 AM , Rating: 2
Unbelievable that someone would want to hack my Jura Coffee Machine. After months of fine tuning to suit my taste a pesky hacker can undo months of caffeine fueled tweaking!

It appears that Office Coffee Machines from Saeco have superior encryption standards - http://www.coffeeshrine.com.au/office-coffee-machi...




RE: Jura Coffee Machine Hacked?
By FaceMaster on 6/20/2008 7:53:52 AM , Rating: 3
That coffee machine looks damn impressive... but can it run Crysis?


RE: Jura Coffee Machine Hacked?
By Clauzii on 6/22/2008 11:41:36 AM , Rating: 2
I'd rather stick with a normal PC. Don't know about You, but I don't want a skyrocketing electricity bill while playing, withot even getting coffee out of it :(

Man, You really have a Crysis!


DailyTech:
By Clauzii on 6/19/2008 5:33:18 PM , Rating: 2
Does the "podcasts.odiogo.com" pose security problem? 8 of 10 times I click an article/user link here on DT, FF3 stops loading, waiting for that address. Super annoying.

Others have that??




RE: DailyTech:
By PhoenixKnight on 6/19/2008 7:18:44 PM , Rating: 2
Probably trying to download a flash banner ad. Go install the Ad Block Plus extension.


RE: DailyTech:
By Clauzii on 6/20/2008 11:26:14 PM , Rating: 2
BIG thanks! Works most of the time. It's just strange, FF2 didn't do it at all. And ONLY on DT ??...


By amanojaku on 6/19/2008 4:52:50 PM , Rating: 2
quote:
Turns out that the remote access can be gained by malicious users as well and can be used to weaken (or strengthen) your coffee or to make a puddle by changing the amount of water settings. They can even break your machine by adding settings that don't work, making you have to take it in for service. However the worst (and most serious) part is that they can use the portal to gain access to the XP system the machine is running on at the user's permission level. For many users this would provide would-be hackers with a free pass to administrative rights.


That's just bad design, pure and simple!




DailyTech:
By Clauzii on 6/19/2008 5:33:28 PM , Rating: 2
Does the "podcasts.odiogo.com" pose security problem? 8 of 10 times I click an article/user link here on DT, FF3 stops loading, waiting for that address. Super annoying.

Others have that??




Two problems
By Yawgm0th on 6/20/2008 5:06:24 AM , Rating: 2
quote:
There's a constant debate over which is most secure: Windows, Mac OS X, or Linux.


I've heard no such debate. First, by not specifying version aside from OSX, you're making this alleged debate open to all iteration of Windows, any system based off of any version of the Linux kernel, and any version of Mac OSX. Such wide, overarching assessments are simply not something people debate about -- at least not with substantial frequency.

Second, almost all UNIX and UNIX-like operating systems are both inherently more secure than Windows for many reasons and less likely to be targeted due to relative obscurity. Mac OSX and more graphical, feature-rich Linux distributions are also more vulnerable than the more "pure" implementations of UNIX and UNIX-like systems. There might be some debate as to whether FreeBSD or Slackware is more secure. Gentoo vs. Windows 2000 on the other hand, would not be a debate except amongst the ignorant.

In any case virtually all UNIX and UNIX-like systems except OS X are inherently more secure than Windows or Mac OSX, for that matter, and there's very little debate about it.

My second issue may be simply that the sarcasm is too dry and therefore lost on me, but I certainly take issue to referring to the unauthorized use of a radio-based computer networks as stealing. The morality of such an act is not on the same level as stealing; the denotation and connotation of said acts are incongruent at best, and far from each other at worst; the legality of such unauthorized use is certainly in question -- but without question, such unauthorized use would never result in charges of any form theft, burglary, robbery, larceny or other variant of stealing. It is not stealing. Again, I apologize if the sarcasm has simply gone over my head.




"I'd be pissed too, but you didn't have to go all Minority Report on his ass!" -- Jon Stewart on police raiding Gizmodo editor Jason Chen's home














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki