Xtreme pen-testing.
It’s just not enough these days to sit at a Starbucks and partake of the hot and cold running wireless. Noooo. Some people have to go the extra mile and toy with the carbon-based utilities as well:
However, there are other less exercised code paths that have significant input validation errors. My personal favorite is the “iced tea” overflow. Barristas are used to only two variables of input when taking an order for iced tea - “sweetened/unsweetened”, and “lemonade/no lemonade”.
If an order is given to an unpatched barrista containing extended variables, a buffer overflow occurs and the results of service delivery are extremely unpredictable.
I submit that the Starbucks help was probably thrown together in a hurry without much coding expertise. Back in the good old days, when programming was a slowly, carefully crafted art, the older food and retail service models embodied the default-deny posture. Which we all know is the best security measure anyway.
But now, dammit, I’m tempted to do a little probing at the local McD’s. All white hat, of course.
