robert’s rant room

As our refrigerators and microwaves become part of the internet, their firmware — unexposed before — will be a regular candidate to security research. This CVE was assigned today, discovered by Chris Withers:

CVE-2008-1546:
servlet/MIMEReceiveServlet in the web controller for Mitsubishi Electric GB-50
and GB-50A air-conditioning control systems allows remote attackers to cause
a denial of service (air-conditioning outage) via an XML document containing
a setRequest command.

I’m still hoping for the first GNU/Toaster.

Finally, I joined those great masters and friends and conquer the web with my new and shiny blog.

Let’s see if I get this all working.