full-disclosure-uk January 2009 archive
Main Archive Page > Month Archives  > full-disclosure-uk archives
full-disclosure-uk: Re: [Full-disclosure] Hackery Channel 01-09-

Re: [Full-disclosure] Hackery Channel 01-09-01-LOLZ: Cat Spoofing against Flow Control

From: Jeremy Brown <0xjbrown41_at_nospam>
Date: Fri Jan 30 2009 - 08:05:00 GMT
To: full-disclosure@lists.grok.org.uk


Forget cats, watch out for the ligers!

On Fri, Jan 30, 2009 at 2:50 AM, Nancy Kramer <nekramer@mindtheater.net> wrote:
> Another cat not carrying prey would also work well. Lots of stray cats
> like to come in when it is cold so this could very likely happen. The cat
> the device was bought for could also attract other cats that would follow
> it into the house. Some cats are quite social and have "friends". This
> should maybe be called cat spoofing as the cat this device was intended for
> is not the cat getting entry.
>
> Lots of fun finding strange cats in your house at 3AM. Note; Cats tend to
> be nocturnal. You don't need any kind of high tech device for this. Just
> open the door for your cat and others may come in. Cats are fast so it is
> hard to keep them out. Besides they are awake and you are probably NOT.
>
> Been there done that.
>
> Regards,
>
> Nancy Kramer
>
>
>
>
>
> At 06:04 PM 1/29/2009, hack ery wrote:
>
>>Security Risk: High
>>Exploitable: Local
>>Vulnerability: Arbitrary Flow Control Control, Cat Spoofing
>>Discovered by: The Hackery Channel
>>Tested: No
>>
>>The Flow Control project is an access control project for a cat. It
>>consists of a cat door, an electromagnetic latch, a access control device,
>>and image recognition software that allows Flow to enter the house, and
>>only when she is not carrying prey. When Flow is within proximity of the
>>door, she passes through a light that casts a shadow on an area monitored
>>by a camera. If the silouhette, appears to be Flow without prey, access
>>is granted.
>>
>>Cat Spoofing: An attacker could potentially gain access by posing as a
>>kitty by placing a cut out of the kitty next to the light.
>>
>>Mitigation: None.
>>Work around: Guard dog
>>Vendor Notified: No
>>Vendor Site:
>><http://www.quantumpicture.com/Flo_Control/flo_control.htm>http://www.quantumpicture.com/Flo_Control/flo_control.htm
>>_______________________________________________
>>Full-Disclosure - We believe in it.
>>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>Hosted and sponsored by Secunia - http://secunia.com/
>>
>>No virus found in this incoming message.
>>Checked by AVG.
>>Version: 7.5.552 / Virus Database: 270.10.15/1924 - Release Date:
>>1/29/2009 5:57 PM
>
>
> --
> No virus found in this outgoing message.
> Checked by AVG.
> Version: 7.5.552 / Virus Database: 270.10.15/1924 - Release Date: 1/29/2009 5:57 PM
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/