In any right, patch that cup of joe!
Oracle Release Notes: http://www.oracle.com/technetwork/topics/security/alerts-086861.html
Step 1: Attacker uses a genuine K-Cup in the Keurig machine to brew coffee or hot chocolate.
Step 2: After brewing is complete, attacker removes the genuine K-Cup from the Keurig and uses a knife or scissors to carefully remove the full foil lid from the K-Cup, ensuring to keep the full edges intact. Attacker keeps this for use in the attack.
Step 3: Attacker inserts a non-genuine K-Cup in the Keurig, and closes the lid. Attacker should receive an "oops" error message stating that the K-Cup is not genuine.
Step 4: Attacker opens the Keurig, leaving the non-genuine K-Cup in the Keurig, and carefully places the previously saved genuine K-Cup lid on top of the non-genuine K-Cup, lining up the puncture hole to keep the lid in place.
Step 5: Attacker closes the Keurig, and is able to brew coffee using the non-genuine K-Cup.
Since no fix is currently available, owners of Keurig 2.0 systems may wish to take additional steps to secure the device, such as keeping the device in a locked cabinet, or using a cable lock to prevent the device from being plugged in when not being used by an authorized user.So, come on guys, really?!? If you want to stop people from using pods other than your own. Try doing something like barcode or RF scanner or something better than a camera looking for a little photo.
|Data Breaches: Does the Government Need to Step In? - credit.com|
"Consumes have the right to know!"
- Barack ObamaUpdate: 01.15.2015 - On the same day, Central Command's Twitter and YouTube accounts were hacked by individuals claiming to be with the ISIS group. Photos were posted appearing to contain information relating to place of residence for retired military personnel. Officials then said that the information was not actually classified and anything posted on those accounts is designated as "official use only". Just to make us feel better, lol, the white house released a statement saying that they are monitoring the situation.
We are making changes to how we distribute ANS to customers. Moving forward, we will provide ANS information directly to Premier customers and current organizations involved in our security programs, and will no longer make this information broadly available through a blog post and web page.It should also be noted that this decision will apply to all emergency patch releases as well that to not happen on the planned Tuesday schedule. Meaning the general public will not get the early notifications until the day of the patch release. That's a bummer for sure. Although, I have to say that I usually do not get my Microsoft bug fix info from the software giant. Instead, I look to places such as krebsonsecurity[dot]com, threatpost[dot]com, and many others. I would have to assume that these media outlets will have some kind of insider information made available to them. At least one would think so, right?