I agree entirely.<br><br><div class="gmail_quote">On Wed, Jun 18, 2008 at 3:49 PM, security curmudgeon <<a href="mailto:jericho@attrition.org">jericho@attrition.org</a>> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<br>
: Regarding the Jura F90 Coffee maker hack:<br>
<div><div></div><div class="Wj3C7c">:<br>
: <a href="http://www.securityfocus.com/archive/1/493387" target="_blank">http://www.securityfocus.com/archive/1/493387</a><br>
:<br>
: I'm tempted to include this in CVE, since physical damage can occur. (We<br>
: used a similar rationale for an air-conditioning control system,<br>
: CVE-2008-1546).<br>
:<br>
: If no - then where's the line between coffee makers, air conditioners,<br>
: and SCADA products?<br>
<br>
</div></div>This is definitely worth inclusion in OSVDB in my eyes. If we can't draw<br>
the line today, we will be able to in a year or years from now. At some<br>
point, the blur between computing device and household appliance will be<br>
too hard to distinguish. Rather than waste too much time arguing that<br>
line, why not put in a few now that are a bit primitive, but will surely<br>
show historic value if nothing else.<br>
</blockquote></div><br><br clear="all"><br>-- <br>Russ McRee, GCIH, GCFA, CISSP<br>425-518-6998 cell<br><a href="http://holisticinfosec.org">holisticinfosec.org</a><br><a href="http://blog.holisticinfosec.org">blog.holisticinfosec.org</a>