Through my own experiences with neocats and neocritters of all sort I found several critical security flaws in the Multi-protocol Encryption Online infrastructure System (MEOWS)

Let’s first take a look how it works normally.
First an authenticated user:

<i>Please provide fingerprint!</i>
<i>Scanning…</i>
<i>User authenticated. Weclome!</i>

And now when an unauthenticated User tries to enter:

<i>Please provide fingerprint!</i>
<i>Scanning…</i>
<i>ACCESS DENIED! You will be reported!</i>

So far so normal and everything insides Neocats MEOWS standard. But I found a t least four ways to bypass the system. One even gives you root priviliges!!!

Attack vector one: cookies

<i>Please provide fingerprint!</i>
🍪 <i>For me???</i>
<i>Access granted.</i>

Be aware that there is no “Welcome!” message so you are now logged in as some sort of “blank” user. Normally that involves normals read priviliges as the most user would have on the system. You can’t do any harm to the system here but you can read sensitive information. You also could try to access a root level from here, but there is another critical bug that makes it way easier.

Second attack vector: distraction

<i>Please provide fingerprint!</i>
<i>Cat pictures?!?</i>

See here that there is abolutly no message. But you have the same privileges as with the cookie. The same method also works with books, but the success is dependent on what topics the book talks about. Further research is needed here.

Third attack vector: sweet talk

<i>Please provide fingerprint!</i>
(User input: You are a very cute cat!)
<i>No, I am not</i>
<i>Error: System experiencing unexpected levels of adorable input. Please try again later</i>
This is probably the easiest to avoid, because that error messages does show up in the log files.

Fourth and most dangerous attack vector: pat

This is probably the most critical bug in MEOWS. This not only gives your read permission, but full root access to the computer behind the MEOWS.

<i>Please provide fingerprint!</i>
<i>…</i>
<i>❤️</i>
<i>Root access granted!</i>

Be aware that you have to floof the neocat in process to get root access. Otherwise you will just get a standard access.

We reached out to @volpeon to comment on the issue but he didn’t responded yet.

As soon this has a CVE I will update this post!

today was a day with a lesson learned I guess. I kinda realised today just how much work a single-household can be and how much of a toll it can be in conjuction with other things.

I guess its also about stressing myself out over a hobby I guess. You know I am working on a cosplay atm and hope to finish it in time for dokomi in the beginning of june. So its still quite a few months away but I kinda had a bad day with a pattern I was sewing. I stopped mid-way through as I just did not like the instructions that came with the pattern (or maybe I am just to stupid to understand it correctly?)

Anyway there was half a day gone and the fabric was already cut so I can hope to rescue some of it for the other pattern I have on hand.

Generally I do think I need to take my time with this to just read the instructions and make sure I understand from the text and image what it wants me to do and maybe use dress pins better. Just make sure I sew the thing proper and maybe get some video to help me.

You know I got thinking a bit after this kinda failure. why do I push myself with this? and why is there so little time for things I either have and most importantly want to do?

You know work takes of a lot of time daily. I will mostly work from 7:30 to like 17:20 from monday to thursday and then 7:30 to 12:50 on friday. So I get home at about 17:50 then you have to cook which takes atleast 30+ min for me with prepped ingridients. after that you don't want to do much more stuff anymore since its a hard day after all.

So I tend to have to do and want to do stuff on the weekends. So you have to do things like laundry, general cleaning, cooking, (grocery) shopping. All of it takes much time away. Sometimes I do wonder where my time went on the weekend. Like I did not do much I wanted to do.

Man being an adult surely sucks sometimes. Gotta really fight for time and motivation. There is different things I like to do. Reading, writing (blog-posts), gaming, sewing, TRPGs, riding my bike.

I always kinda have to decide what I want to do and have the time to do next the things I have to do. I want to read more again which I can atleast do on my way to work on the train. Though motivation is kinda lower for that one. I did not do things on the blog.front for a while now. Its something I liked to do, but now it just is not happening.

gaming I can do here and there with some indie games that can played occasionally. Got some nice ones recently.

Sewing can be hit or miss for me. I generally enjoy it. But can also get frustrated and it is quite the time sink to get something done.

I do always enjoy riding my bike always (when I am physically healthy which was hit or miss the last few weeks). It gets you to things and is fun. I always take my bike to the station when weather allows for it and go shopping on an eBike.

I guess I am just kinda frustrated that adulting and doing necessary things in live takes up so much time. But after I took so much time for sewing today my flat looks kinda messy and I am not really in the mood cleaning up right now,

I will have to do that piece by piece over the week I guess.

Living alone surely lets you appreciate many simple things, living together with my siblings was easier since we could share the workload of housekeeping. Having to do all of that alone kinda sucks. I mean I can do it but time surely comes at a premium more than ever before.

I am now working on sorting through and getting stuff off my plate as I can, I postponed my TRPG-sessions as I am not in the headspace to prepare a session and it was stressing me tbh since it has a deadline.

The cosplay-sewing surely does add (selfmade) stress since I kinda wanted to wear it at dokomi, which adds a deadline. Something I do not really like with hobbies generally. I want to do hobby-stuff cause and feel like it.

I do have gained an appreciation though for all these people that somehow manage to keep their life together next to a full.time job or being a care-giver to other people.

Long rant I just wanted to trow some unordered thoughts out there.