An Australian man has discovered security vulnerabilities in his Internet-connected coffee maker that could allow a remote attacker to not only take over his Windows XP-based PC but also make his coffee too weak.
Craig Wright, a risk advisory services manager at professional services firm BDO, found several security holes, including a buffer overflow in the Internet Connection software that links his Jura F90 coffee maker to his PC.
This $2,000 Jura F90 coffee maker can be connected to the Internet for remote control of the settings. But it also can open up your PC to remote attacks, a security expert says.
(Credit: Jura)Wright posted the information on the vulnerabilities, and the fact that there is no patch available yet, to the BugTraq security e-mail list on Tuesday.
A U.S.-based public relations representative for the coffee maker said she would try to reach spokespeople in the Switzerland headquarters for comment.
The threat hasn't kept Wright awake at night, although the coffee does, he said in an interview with CNET News.com at 2:30 Wednesday morning Sydney time.
"I don't know if many people would target this particular vulnerability because there probably are not a lot of coffee makers at the moment that are Internet-connected, and in my case it's behind a firewall," he said.
However, Internet-connected appliances are the wave of the future. There is already an Internet-connected refrigerator, at least one prototype of a Web-enabled oven, and pilot tests for dryers and water heaters.
Eventually "you'll be able to turn on your oven with your mobile phone" and a malicious hacker could wind up burning the house down, Wright said.
The Google Mini search appliance got a booster shot Tuesday with the addition of three new features and support for six additional languages.
Google, which has been building up its enterprise presence for several years now, is bolting on to Google Mini file system access control, source biasing, and date biasing.
File system access control is designed to let Google Mini crawl through files housed in shared drives and dish them up as search results to authorized users.
Source biasing aims to give users the ability to rank URLs based on the location and type of documents they're seeking, resulting in those highly ranked documents appearing farther up on the search page.
"Sometimes, files from a certain server are less important and shouldn't clog the search results page. Source biasing enables users to give us URL patterns and tell us if they should be weighted higher or lower," Cyrus Mistry, Google enterprise product manager, said in a Google Enterprise Blog posting.
Google, meanwhile, has created date biasing, which pushes the more recently created documents to the top of the page.
Google Mini, which offers the capacity to search from 50,000 to 300,000 documents, has also increased the number of languages it supports by adding Basque, Catalan, Galician, Greek, Hungarian, and Polish.
Last year, Google expanded its enterprise software offering with Google Mini 2.2.
Every few years, some new technology or application comes along that everyone's sure will miraculously conquer every obstacle in its path and, in some ludicrously short time period, make existing technology obsolete. And then, long after all the media hype fades away and investors' checkbooks disappear, well, nothing happens.
So what? Who cares? Why bother talking about our industry's bombs, the next big things that weren't? Well, for one thing, it's interesting to note how hungry we all are for news about new technology. It gets us excited. We complain about media hype, but love the hype.
It's also fascinating how existing technology has this way of hanging on by its fingernails way past the point of its predicted obsolescence. More importantly, we learn more from mistakes than we do from successes. That's part of the scientific method: hypothesis, test, learn, repeat until you get it right.
Lastly, those who ignore history are doomed to repeat it. Those are all good enough reasons for me. So here are my top 10 technology flops. But first, some ground rules. I stuck to the last 50 years or so. And I avoided specific company products. We've heard enough about the IBM PCjr, Apple Newton, Microsoft Bob, and OS2 to last 10 lifetimes. ... Read more
The big news from Red Hat yesterday was its deal with Amazon to host Red Hat Enterprise Linux on its EC2 service (a great move, as Tim O'Reilly notes). Why big? Because Red Hat just significantly raised the bar on ease of adoption for Linux.
In fact, Red Hat just raised the bar for all operating systems/infrastructure technology, and not merely other Linux vendors.
As Red Hat notes:
Linux Automation. The ability to run any application, on any system, at any time. Allowing IT to simplify their IT infrastructure in the process. With the belief that undue complexity and over-architecture will have both short and long term costs....
... Read more
Google may be known as the Web search advertising company but Google has big plans for offering services to corporations, says Stephen Arnold, author of The Google Legacy and a Google patent scrutinizer.
Arnold figures out possible tech company strategies by analyzing their patents. He's come across several patent applications from Google that he says indicate that they plan to use the Google Search Appliance as much more than just a device that lets employees search for data within the internal network. The Google Search Appliance is a "Trojan Horse" that will soon be able to do much more than just search, he says. He cites two patents, "Determination of a Desired Repositor" and "Programmable Search Engine," that he says make it possible to connect a Google Appliance into Google's data centers, almost like a node on the network.
"This connection makes it possible for a licensee (Appliance user) to tap into the computational power and the applications running on Google's servers," he writes in a news release scheduled to be distributed on Monday.
"Even more interesting is that a Google Appliance can send data to Google's servers for inclusion in new information products and charge users a fee for the access to this data." For example, a merchant could push its entire catalog of products directly to Google through its Appliance, or a company could get video or other content directly from Google the same way. Multiple Appliance users could also exchange data with each other.
"Search is today's offering. Tomorrow it will be e-mail, enterprise applications, and a wide range of innovative partnerships to help Appliance licensees leverage information more effectively," Arnold writes.
Just as the Google Search Appliance is a form of outsourced corporate search, Google can position the Appliance as the IT department's helper, handling the research, word processing and other applications a company doesn't want to deal with in-house, he says. The more applications that a corporation can have Google serve and manage through the "data cloud"--as Google puts it--the more money and resources a company can save. This seems to jive nicely with Google's own vision of its future as a Web-based apps provider. During Google's shareholder meeting on Thursday, Chief Executive Eric Schmidt said the company is expanding beyond search and advertising.
"We're going to start using the phrase 'search, ads and apps' to define what we're trying to do," he told reporters before the meeting. "There is a big opportunity before us, which is to move to a new architectural platform...based on the data in the cloud."
A Google spokesman provided this statement in response to Arnold's theory: "Protecting the privacy of information is paramount to Google. This is true of the Google Search Appliance and Google Mini. We have specifically not added features that might be misconstrued as communicating with Google.com, such as auto-update functionality or diagnostic reporting. The Google Search Appliance and the Google Mini do not now, nor have they ever, connected to Google.com. We have no plans for these appliances to connect to Google's data centers and any communication technology on the appliances is not intended for this purpose."
- prev
- 1
- next
