[<prev] [next>] [day] [month] [year] [list]
Message-ID: <3d8b47b1.6838.0@australia.edu>
From: memetic-engineer at australia.edu (memetic-engineer@...tralia.edu)
Subject: Empirical Security Advisory: New Otis Elevator Vulnerability
hAHHAHAHAHAhahhahahhhahHHAHAHAHHAHAHAHAHHAHAHSHAHhahahhahahhahAHHahHAHhHAhH
a
AKAJAJAKJSHJAJAAHAHHHAHHAHHHAHHHAHAHAHAHAHA
>BWAHHAHHAHHAHHAHAAHAHHAHAHA
>sorry but that's phricken funny.
>
>On Thu, 2002-09-19 at 18:02, empirical@...hmail.com wrote:
>>
>> EMPIRICAL SECURITY ADVISORY 0x02
>>
>> Product: Otis Elevator 12 Passenger, 2000lbs Model
>>
>> Summary
>> A denial of service is possible against users of this model elevator.
>>
>> Background
>> I was on the elevator the other day, going downstairs to get a cup of
coffee the other day, when on the 2nd floor a herd of fucking CATTLE came
on. These women were BIG.
>>
>> I was strangely aroused by it, but as the 11 of them herded on, I got
pushed in the corner and almost crushed to death. Surrounded, crushed, and
fighting for oxygen, I rode to the first floor, where the elevator came to
a screeching halt (inertia is a real bitch). The structual integrity of
this elevator was in question. That's when the realization of a potential
denial of service, and a potential digital Battle Of The Bulge (similar to
Digital Pearl Harbor) occurred to me.
>>
>> For reference, let's define a few technical specs up front.
>>
>> Otis Elevator 2000lbs 12 passenger
>> Height: 10 feet
>> Width: 14 feet
>> Depth: 6 feet
>>
>> Steve Manzuik (hellNbak)
>> Height: 5' 5"
>> Width: 5' 5"
>> Weight: 350lbs
>> (this unit of measurement henceforth referred to as a "Manzuik")
>>
>> Vulnerability
>> Due to an input validation error in Otis Elevators combined with a
storage flaw, it may be possible to exceed the maximum Manzuik capacity of
an Otis Elevator.
>>
>> Observe:
>>
>> x 12
>> ------- = -----
>> Manzuik 1
>>
>> x = 12(Manzuik)
>> x = 12(350)
>> x = 4200
>>
>> As we can see by the measurements of the elevator:
>>
>> Prism Volume B
>> V = ABC ------
>> V = (10)(14)(6) A | |\
>> V = 60ft sq. | | \
>> \-----\ |
>> C \ \|
>> ------
>>
>> As we can see from the measurements, it's possible to exceed the maximum
number of Manzuiks permitted in one elevator. The design flaw of unchecked
buffers in the elevator car, combined with a lack of input validation when
measuring entering Manzuiks could present a potential disaster.
>>
>> Theorhetical Attack
>> A terrorist performs a reconaissance mission on a tall office building,
and discovers open commercial space on one of the upper floors of the
building.
>>
>> The terrorist opens a Krispy Kreme Donuts on the top floor of the
building.
>>
>> A group exceeding one Manzuik per party crams into the elevator and
attempts to get to the Krispy Kreme, causing a severe mechanical failure of
the elevator during transit.
>>
>> Mitigating
>> Fill space in elevator car that could be used to exceed maximum Manzuik
limit with large, empty, worthless objects, such as RFP's ego, Wysopal's
trustworthiness, the talk to exploit ratio of Jay Dyson in the last ten
years.
>>
>> Solution
>> Remeasure elevator cars, and evaluate the size vs. maximum Manzuik
ratio.
>>
>>
>>
>> Get your free encrypted email at https://www.hushmail.com
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.netsys.com/full-disclosure-charter.html
>
This message was sent from http://australia.edu
Check out the new international site at http://australia.edu/international
Powered by blists - more mailing lists