I can see how Al-Qaeda could disrupt the entire industry if they reprogram the coffeemaker to decaf.

goggles cause i wont go near a jura without them

It's called Irn Bru

From the linked article "Best yet, the software allows a remote attacker to gain access to the Windows XP system it is running on at the level of the user."

Paris, as even she wouldn't put XP on a coffee machine

I can understand accessing it over your LAN, but the internet?

I also can't see anything in their instructions as to whether there's a sensor to stop it pouring when there isn't a cup under the nozzle.

Otherwise Al-Qaeda could be hacking into it and pouring lovely rich dark espresso all over your floor.

Now *that* would be a crime against humanity!

What could they go, make the machine order coffee from a specific region thus atrifically inflating price and letting them gain word dominance based on your caffine addiction.

OH MY GOD!!! WE ARE ALL GOING TO DIE!!! THIS IS THE END OF WESTERN CIVILIZATION!!!

Given the temperature of the coffee, this would surely be a "scalding" buffer overflow rather than "chilling".

Networked coffee. YEAH!!!!

That most people may not pay a great deal of attention to security until the networked and automated office coffee maker has been hacked?

...for that evil collaborating coffee machine!

it probably spends evennings and weekends reading 'training manuals' and child porn!

My toaster's had its own IP address for years.

Its a bit odd how many luddites a technology publication manages to have on its payroll. Relax, its just a security advisory! If El Reg had a bit more imagination then it could have explored the implications of the growing number of internet-enabled consumer devices. Many of these will be based on low-cost firmware models that will probably be difficult/impossible to patch leading to long-term vulnerability windows.

... I'm redirected here?

El Reg: Dredging the barrel that feeds IT.

A buffer overflow on this type of asset should be especially dangerous.

"allows users to select "coffee specialities" via their PCs"

I was hoping that the net connected machine could put the weather forecast in the choccy toppings, or something equally imaginative... turns out they've just made a fancy remote control!

Now, how to convert a printer to print chocolate???

IGMC in a minute:

The last thing we need in a modern office is a coffee machine that's susceptible to [buffer] overflow

It is not the first networked coffee maker: http://www.ddj.com/architect/184409827

Can this machine be used to illegally file-share copyrigthed songs and movies?

We all know that copyright infringement is the worst crime against humanity and this may open the coffee drinkers to, at the very least, a massive C&D assault by RI and MP Ass'es of America.

So you can select the coffee type via a browser, but you still have to walk over to the machine, put your cup under, press "go", wait for the coffee and then walk back? Why?

<dullard> Is it Java compatible? </dullard>

Coat, got.

...the old linux howto

http://tldp.org/HOWTO/Coffee.html

flames because that's what my flat would be in if I tried it myself!

http://jp.dk/uknews/article1371510.ece

"Christa Møllgaard-Hansen, owner of Christabella's in the town of Maribo on Lolland, routinely buys women's clothing and shoes from around the world to resell in Denmark. But a recent purchase of six dresses from Pakistan for $205 was considered by the American authorities to be money going to support terrorists."

"Møllgaard-Hansen said she was surprised that such a small sum could be made into such a big issue, but was happy that the amount was not a larger one which could have caused her serious financial problems - unlike drilling engineer Sigurd Solem's experience with the US Treasury Departments’ Office of Foreign Assets Control, where $16,000 of an employee's pay was confiscated by the American agency."

Surely that would be when you get more than a cup full and it ends up pouring all over your feet?

so this is a JAVA exploit then?

Brings new meaning to NetBeans vulnerability.

You don't need to invoke Terrorism to have a threat to our Way of Life. Merely suggesting that there could be a crisis in the delivery of caffeinated beverage should be enough! Coffee machines should be considered to be part of the Critical National Infrastructure.

No problems with butter overruns?

Note the world famous victorian WMD - the Princesse Marie de Orleans Suprise Bombe.

"A luxurious white coffee ice cream is (cunningly) concealed in a meringue casing and served with a (rogue) peach purée"

You made it up? And it's in the headline? Sensationalist much?

You owe me a new keyboard. :-(

One without coffee & sn0t in it.

...than buffer overflow:

Filter Overflow Attack!

"From the linked article 'Best yet, the software allows a remote attacker to gain access to the Windows XP system it is running on at the level of the user.'

Paris, as even she wouldn't put XP on a coffee machine"

Maybe they chose XP because it's the smilie that most clearly describes the coffee it makes...?

Only paedos and Terr'ists? I guess that's just 'coz it's a simple embedded device. Were it a full-featured user device then we'd get Drugs and Organised Crime too, and then you'd have to register before using one.

Hey, that wouldn't be so bad. ASIO could monitor your caffeine consumption and see if your cardiac problems are due to excess consumption? If so Medicare won't have to pay. Taxpayers would be thrilled! And what about children drinking coffee?

Skull-n-crossbones because in the future only hackers 'n pirates will use unlicensed coffee machines.

Didn't I see that Jordanian cleric Abu Qatada's terms of bail include the curious restriction that he should not communicate with Osama bin Laden? If he enjoys an occasional cup like the rest of us he'd perhaps be well advised to stick to drinking Turkish coffee made on a gas stove.

...filters would be appropriate then.

OK, alright, I'm going.

http://en.wikipedia.org/wiki/Humour

"Sense of humour" - GROW ONE!

As to a lot of the other posts: Sheer brilliance. ade, you bloody-near killed me. and to the initial post: if I thought for a moment that there was a clear and present danger of our machines being remotely switched over to decaf, I'd start my own little "Waronterr'r"

Thankfully the espresso machine here in our IT dept is a stand-alone model and the only overruns it's likely to experience are if someone's caffeine-withdrawal-induced jitters cause them to punch the button too many times...

You can mess with my PC but please not the coffee machine.

The future is not looking bright.

Surely this could be used by terrorists as a comms device. Simply connect to the internet:

Columbian Espresso - Send more money

Espressochoc - Attack now

Expect the door to be kicked down, and heavily armed officers will be removing your coffee machine.

Surely that would be.....

A WAR ON THE DECAF!

Taxi for pctechxp!

Haha, reminds me of the RFC :

"... This document describes HTCPCP, a protocol for controlling,

monitoring, and diagnosing coffee pots.

1. Rationale and Scope

There is coffee all over the world. Increasingly, in a world in which

computing is ubiquitous, the computists want to make coffee. Coffee

brewing is an art, but the distributed intelligence of the web-

connected world transcends art. Thus, there is a strong, dark, rich

requirement for a protocol designed espressoly for the brewing of

coffee. Coffee is brewed using coffee pots. Networked coffee pots

require a control protocol if they are to be controlled. "

lolz. Death by Nescafe.

ftp://ftp.isi.edu/in-notes/rfc2324.txt