| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: memetic-engineer at australia.edu (memetic-engineer@...tralia.edu) Subject: Empirical Security Advisory: New Otis Elevator Vulnerability hAHHAHAHAHAhahhahahhhahHHAHAHAHHAHAHAHAHHAHAHSHAHhahahhahahhahAHHahHAHhHAhH a AKAJAJAKJSHJAJAAHAHHHAHHAHHHAHHHAHAHAHAHAHA >BWAHHAHHAHHAHHAHAAHAHHAHAHA >sorry but that's phricken funny. > >On Thu, 2002-09-19 at 18:02, empirical@...hmail.com wrote: >> >> EMPIRICAL SECURITY ADVISORY 0x02 >> >> Product: Otis Elevator 12 Passenger, 2000lbs Model >> >> Summary >> A denial of service is possible against users of this model elevator. >> >> Background >> I was on the elevator the other day, going downstairs to get a cup of coffee the other day, when on the 2nd floor a herd of fucking CATTLE came on. These women were BIG. >> >> I was strangely aroused by it, but as the 11 of them herded on, I got pushed in the corner and almost crushed to death. Surrounded, crushed, and fighting for oxygen, I rode to the first floor, where the elevator came to a screeching halt (inertia is a real bitch). The structual integrity of this elevator was in question. That's when the realization of a potential denial of service, and a potential digital Battle Of The Bulge (similar to Digital Pearl Harbor) occurred to me. >> >> For reference, let's define a few technical specs up front. >> >> Otis Elevator 2000lbs 12 passenger >> Height: 10 feet >> Width: 14 feet >> Depth: 6 feet >> >> Steve Manzuik (hellNbak) >> Height: 5' 5" >> Width: 5' 5" >> Weight: 350lbs >> (this unit of measurement henceforth referred to as a "Manzuik") >> >> Vulnerability >> Due to an input validation error in Otis Elevators combined with a storage flaw, it may be possible to exceed the maximum Manzuik capacity of an Otis Elevator. >> >> Observe: >> >> x 12 >> ------- = ----- >> Manzuik 1 >> >> x = 12(Manzuik) >> x = 12(350) >> x = 4200 >> >> As we can see by the measurements of the elevator: >> >> Prism Volume B >> V = ABC ------ >> V = (10)(14)(6) A | |\ >> V = 60ft sq. | | \ >> \-----\ | >> C \ \| >> ------ >> >> As we can see from the measurements, it's possible to exceed the maximum number of Manzuiks permitted in one elevator. The design flaw of unchecked buffers in the elevator car, combined with a lack of input validation when measuring entering Manzuiks could present a potential disaster. >> >> Theorhetical Attack >> A terrorist performs a reconaissance mission on a tall office building, and discovers open commercial space on one of the upper floors of the building. >> >> The terrorist opens a Krispy Kreme Donuts on the top floor of the building. >> >> A group exceeding one Manzuik per party crams into the elevator and attempts to get to the Krispy Kreme, causing a severe mechanical failure of the elevator during transit. >> >> Mitigating >> Fill space in elevator car that could be used to exceed maximum Manzuik limit with large, empty, worthless objects, such as RFP's ego, Wysopal's trustworthiness, the talk to exploit ratio of Jay Dyson in the last ten years. >> >> Solution >> Remeasure elevator cars, and evaluate the size vs. maximum Manzuik ratio. >> >> >> >> Get your free encrypted email at https://www.hushmail.com >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.netsys.com/full-disclosure-charter.html > > > >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.netsys.com/full-disclosure-charter.html > This message was sent from http://australia.edu Check out the new international site at http://australia.edu/international
Powered by blists - more mailing lists