BWAHHAHHAHHAHHAHAAHAHHAHAHA sorry but that's phricken funny. On Thu, 2002-09-19 at 18:02, [EMAIL PROTECTED] wrote: > > EMPIRICAL SECURITY ADVISORY 0x02 > > Product: Otis Elevator 12 Passenger, 2000lbs Model > > Summary > A denial of service is possible against users of this model elevator. > > Background > I was on the elevator the other day, going downstairs to get a cup of coffee the >other day, when on the 2nd floor a herd of fucking CATTLE came on. These women were >BIG. > > I was strangely aroused by it, but as the 11 of them herded on, I got pushed in the >corner and almost crushed to death. Surrounded, crushed, and fighting for oxygen, I >rode to the first floor, where the elevator came to a screeching halt (inertia is a >real bitch). The structual integrity of this elevator was in question. That's when >the realization of a potential denial of service, and a potential digital Battle Of >The Bulge (similar to Digital Pearl Harbor) occurred to me. > > For reference, let's define a few technical specs up front. > > Otis Elevator 2000lbs 12 passenger > Height: 10 feet > Width: 14 feet > Depth: 6 feet > > Steve Manzuik (hellNbak) > Height: 5' 5" > Width: 5' 5" > Weight: 350lbs > (this unit of measurement henceforth referred to as a "Manzuik") > > Vulnerability > Due to an input validation error in Otis Elevators combined with a storage flaw, it >may be possible to exceed the maximum Manzuik capacity of an Otis Elevator. > > Observe: > > x 12 > ------- = ----- > Manzuik 1 > > x = 12(Manzuik) > x = 12(350) > x = 4200 > > As we can see by the measurements of the elevator: > > Prism Volume B > V = ABC ------ > V = (10)(14)(6) A | |\ > V = 60ft sq. | | \ > \-----\ | > C \ \| > ------ > > As we can see from the measurements, it's possible to exceed the maximum number of >Manzuiks permitted in one elevator. The design flaw of unchecked buffers in the >elevator car, combined with a lack of input validation when measuring entering >Manzuiks could present a potential disaster. > > Theorhetical Attack > A terrorist performs a reconaissance mission on a tall office building, and >discovers open commercial space on one of the upper floors of the building. > > The terrorist opens a Krispy Kreme Donuts on the top floor of the building. > > A group exceeding one Manzuik per party crams into the elevator and attempts to get >to the Krispy Kreme, causing a severe mechanical failure of the elevator during >transit. > > Mitigating > Fill space in elevator car that could be used to exceed maximum Manzuik limit with >large, empty, worthless objects, such as RFP's ego, Wysopal's trustworthiness, the >talk to exploit ratio of Jay Dyson in the last ten years. > > Solution > Remeasure elevator cars, and evaluate the size vs. maximum Manzuik ratio. > > > > Get your free encrypted email at https://www.hushmail.com > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
