On Fri, Jan 30, 2009 at 11:57 AM, Charles Morris <[email protected]>wrote:
> On Thu, Jan 29, 2009 at 6:04 PM, hack ery <[email protected]> > wrote: > > Security Risk: High > > Exploitable: Local > > Vulnerability: Arbitrary Flow Control Control, Cat Spoofing > > Discovered by: The Hackery Channel > > Tested: No > > > > The Flow Control project is an access control project for a cat. It > > consists of a cat door, an electromagnetic latch, a access control > device, > > and image recognition software that allows Flow to enter the house, and > only > > when she is not carrying prey. When Flow is within proximity of the > door, > > she passes through a light that casts a shadow on an area monitored by a > > camera. If the silouhette, appears to be Flow without prey, access is > > granted. > > > > Cat Spoofing: An attacker could potentially gain access by posing as a > > kitty by placing a cut out of the kitty next to the light. > > > > Mitigation: None. > > Work around: Guard dog > > Vendor Notified: No > > Vendor Site: http://www.quantumpicture.com/Flo_Control/flo_control.htm > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > The solution of course would be to clone the system and take a > vertical image, creating a decent 3-D map of the Cat attempt. What > about two-factor authentication? I'm thinking a mass spectrometer > reading in combination with the facial recognition. That could detect > a Cat spoofing and/or brute-force attack with a bust or cardboard > cut-outs. With any biometric authentication it's going to be expensive > and have all kinds of bugs and quirks... just teach him a password.. > sheesh. Have any of you guys heard of RFID? -- /me
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
