[<prev] [next>] [day] [month] [year] [list]
Message-ID: <a8fe69350906180839v2178cc85i7070984a4d08c9a8@mail.gmail.com>
Date: Thu, 18 Jun 2009 10:39:30 -0500
From: Fredrick Diggle <fdiggle@...il.com>
To: full-disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Platypus Starbucks DoS
Fredrick Diggle Security is proud to disclose a new denial of service
attack against Starbucks coffee and biscuity goodness. Other retailers
are also affected by this critical vulnerability but do not provide as
critical a service and therefore are not enumerated in this
disclosure. The attack was initially suggested to Fredrick Diggle
Security by Robert Hansen (RSnake) at last years furry convention in
Madrid. The exploit takes advantage of a retailers queued nature and
the fact that a single malicious client can effectively deny service
to all other coffee seekers.
A Starbucks has a limited number of registers where orders can be
taken. If the attacker is able to attach clients to each of this
registers no legitimate clients will be able to successfully complete
transactions. This disclosure will present several attack strategies
which can be used individually or in parallel with other techniques to
effectively shut down a Starbucks coffee house.
- Order an infinite number of items individually and very slowly (this
method works best when ordering items that require that cashier to
perform time consuming actions away from the register. for example
complex coffee based drinks or hot food items that must be
microwaved). For this attack it is important that you use at least as
many clients are there are registers in the store.
- Using one client per register feign indecisiveness and insistence
that (you were there first and people can't queue jump). This is also
very effective when combined with the first attack (For example order
a time consuming beverage or food item after much thought and then
when it is almost prepared change your mind and sit on the fence for a
few minutes before ordering another).
- Use a large number of malicious clients to fill the building to a
point where it is uncomfortable for legitimate client. Typically
enough clients fill the store to standing room only all queuing and
performing the first or second attack is sufficient.
Fredrick Diggle Security hopes that Starbucks takes immediate action
to remediate these vulnerabilities as they present an unacceptable
level of risk that Fredrick Diggle will be unable to get his coffee
fix. Fredrick Diggle would like to specifically thank RSnake for his
insight and incredible work in resource exhaustion and cross-site
scripting attacks. It is the opinion of Fredrick Diggle Security that
if you can't break into the server you might as well make it so no one
else can either.
YAY!
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists