Security Basics mailing list archives
Re: Internet Kiosk Security -- Need Info!
From: Matthew Lye <m.lye () griffith edu au>
Date: Tue, 22 Jun 2010 08:13:21 +1000
I still haven't got past IE 6 and SP1. Im guessing these must be running Windows XP Embedded... I'm no lawyer (especially not in the US) but from what I've seen from places like techdirt they are likely opening themselves up for a lawsuit based around negligence. I would never use one of these before, and now I have an even better reason. If i was going to work with those terminals I would configure them with a hardened Linux configuration. ++++++++++++++++++++++++++++++++++++++++++++++++++++ Matthew Lye Client Technology Services Griffith University Nathan campus, Griffith University, 170 Kessels Road, Nathan, QLD 4111, Australia Email: m.lye () griffith edu au ++++++++++++++++++++++++++++++++++++++++++++++++++++ -----listbounce () securityfocus com wrote: ----- To: security-basics () securityfocus com From: Security Enthusiast <z3ros3c () gmail com> Sent by: listbounce () securityfocus com Date: 06/18/2010 06:04PM Subject: Internet Kiosk Security -- Need Info! I've noticed a large number of pay-per-minute internet kiosks around my area, and I'm curious to find out information about them. I've done some research and I've discovered many things that make me suspicious of these systems, and I'm trying to compile a presentation for my organization (which owns many of these kiosks) outlining the potential dangers of these systems. It is my belief that they are QUITE insecure, but I'd like to present my organization with as much information as possible as to why. This would include as much system information as possible, as well as potential points of attack, methods of compromise, and possible opportunities for data theft. Here is the information I have collected thus far: Kiosk name: Surf LinX Default Browser: IE6 (User Agent reports Mozilla/4.0 compatible) OS: Windows XP / NT 5.1 -- Service Pack 1 System Security: Running Symantec products (anti-virus, etc.) Possible Risks: - Outdated software could allow unintentional installation of malware, which could compromise the entire system (keystrokes, browsing histories, credit card information, etc.) This would be dangerous to the organization and its customers. I'm interested in knowing the manufacturer's information (including contact information), and as much information as possible about the system itself. From my research, a number of potential vulnerabilities have already been discovered, but more information is desired about the kiosks. Unfortunately, I am not (yet) authorized to perform a full pen-test of the target. If anyone has any suggestions, or any information about my query, please let me know! Thank you. ~SE ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------ ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Internet Kiosk Security -- Need Info! Security Enthusiast (Jun 21)
- Re: Internet Kiosk Security -- Need Info! Todd Haverkos (Jun 23)
- Re: Internet Kiosk Security -- Need Info! Matthew Lye (Jun 23)
- RE: Internet Kiosk Security -- Need Info! Murda (Jun 23)
- Re: Internet Kiosk Security -- Need Info! Security Enthusiast (Jun 24)
- Re: Internet Kiosk Security -- Need Info! Adam Mooz (Jun 24)
- Re: Internet Kiosk Security -- Need Info! Security Enthusiast (Jun 24)
- Re: Internet Kiosk Security -- Need Info! Security Enthusiast (Jun 24)
- Re: Internet Kiosk Security -- Need Info! Shawn Merdinger (Jun 23)