Re: pen-testing an information kiosk (breaking out of the application)

[<alaric () alaricsecurity com>]

In-Reply-To: <20030423091601.25852.qmail () www securityfocus com>

Hi,

Building off what Mark Reardon has already posted, you should also 
consider the physical security of the kiosk (e.g. weak locks and visible 
cables). 

Another thing to remember is that passwords of these types of systems are 
trivial. If you start browsing past issues of 2600 you will find plenty of 
articles detailing store computers (One that comes to mind is how someone 
broke restriction controls on a Compaq computer on display at Radio 
Shack). I hope I was of help.

Later,
Alaric

---------------------------------------------------------------------------
Did you know that you have VNC running on your network?
Your hacker does.
Plug your security holes.
Download a free 15-day trial of VAM:
http://www.securityfocus.com/StillSecure-pen-test
----------------------------------------------------------------------------