backtop


Print


Jura Impressa F90 Coffee Maker
Wi-Fi thievery, snopping admins, hacked coffee machines, OS root tricks, oh my!

A Major Permissions Vulnerability Found in Macs
There's a constant debate over which is most secure: Windows, Mac OS X, or Linux.  While some have argued traditionally that Macs are much safer that Windows machines, that did not prove the case at a recent hackers' convention, where the Mac machine was first exploited.  Now a new vulnerability has been detailed for machines running OS X 10.4 (Tiger) and 10.5 (Leopard).  By using the following Applescript command:

       osascript -e 'tell app "ARDAgent" to do shell script "whoami"';

The command gives root to both normal users and admins, assuming that they did not use fast user switching.  Of course you have to gain access to the terminal, so a bit of social engineering might be in order, but this is still somewhat alarming.  After all, gaining root is the ultimate goal of most serious attacks.

The Thieves Among Us -- Those Who Steal WiFi
More people "borrow" (aka steal) WiFi from their neighbors, local business, and other sources than they would be comfortable admitting.  In fact, over 53 percent of people admitted, in a recent survey, to stealing WiFi.  And stealing it is a crime.  Last year a man from Cedar Springs, Mich. was fined $400 when a police officer spotted him pilfering someone's wireless connection from his car.  With the struggles of municipal WiFi, the long-promised "free" internet, this trend is likely to only increase.  Simple configuration of your routers and home networks can easily prevent this, so if you don't want the RIAA knocking on your door, be attentive of your home networks.

Wiretapping For Dummies
Ever bore some curiosity as to how to wiretap someone's phone?  Or perhaps you are an innocent party, merely concerned about your own phone being wiretapped.  Well turns out that it’s "incredibly easy" to set up a wiretap on your loved ones, acquaintances, and rivals phone (though illegal of course) -- maybe that's why the NSA and FBI are so prone to doing itIT Security, an online blog, breaks down every aspect of the hows and whys of wiretapping, to help you watch for signs that you've been tapped.

Surprise! Admins Snoop On You
A new survey confirms what many users fear -- their admins at work snoop on them.  Cyber-Ark, a security firm, survey 300 senior IT managers.  A third admitted to outright secretly snooping.  Another 47 percent admitted to peeking at information that was not relevant to their role with the company.

Mark Fullbrook, Cyber-Ark's UK director states, "All you need is access to the right passwords or privileged accounts and you're privy to everything that's going on within your company."

Of course if you don't do personal business on work machines, you have nothing to worry about.

Sweden Passes Law Allowing Government To Snoop On User Traffic
Those using Swedish internet or routing through it beware, you are being watched.  The Swedish government passed a new surveillance law, with a few minor cosmetic changes.  Pär Ström with The Local, an English language Swedish news site writes, "A monster with make-up is still a monster and "Swechelon", or Sweden's Echelon, must be stopped."

Unfortunately there is little hope of stopping the law now.  New government agencies are already being created to aid in the monitoring.  Sweden has been tightening is grip on the internet, which came into public notice when it leveled charges against the admins of The Pirate Bay, the world's largest torrent site.

With the new law on the books, and many others like it worldwide, how does one best protect themselves?  This is the question posed, which commenters are seeking to answer in a lively discussion on new aggregator Slashdot.

Internet Connected Coffee Machine Cracked To Do Hackers Evil Bidding

Craig Wright, a security manager with Risk Advisory Services, made a shocking discovery.  The Jura F90 Coffee machine can be hacked by black hat users (or those looking to prank their friends and coworkers).

The product description sounds innocent enough, "Enable the Jura Impressa F90 to communicate with the Internet, via a PC.  Download parameters to configure your espresso machine to your own personal taste.  If there's a problem, the engineers can run diagnostic tests and advise on the solution without your machine ever leaving the kitchen."

Turns out that the remote access can be gained by malicious users as well and can be used to weaken (or strengthen) your coffee or to make a puddle by changing the amount of water settings.  They can even break your machine by adding settings that don't work, making you have to take it in for service.  However the worst (and most serious) part is that they can use the portal to gain access to the XP system the machine is running on at the user's permission level.  For many users this would provide would-be hackers with a free pass to administrative rights.





"When an individual makes a copy of a song for himself, I suppose we can say he stole a song." -- Sony BMG attorney Jennifer Pariser













botimage
Copyright 2017 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki