funsec mailing list archives
Re: Inmate Hackers
From: Dan White <dwhite () olp net>
Date: Mon, 11 Jan 2010 11:18:08 -0600
On 11/01/10 09:58 -0500, Justin Scott wrote:
There is a lot of content about "thin client hacking". One of the most common ways to hack a thin client is simply open up "help". This is a separate program that contains links to other programs, the command prompt, and the web browser to the Internet.On a related note, I've been tossed into a project where I could use some advice. One of my clients is hoping to put some computers in a prison for inmates to use for specific applications (let's just say online learning for the sake of discussion). The plan involves putting a computer into a kiosk style enclosure which would boot from a Debian Live CD (no hard disk in the computer) running a customized version of Webconverger (www.webconverger.com). This is a custom version of Debian Live which boots into a stripped down Mozilla web browser. It would have a home page coded into it and the address bar would not be available. The boot menu is password protected, and the keyboard would not have function keys on it. The network layout calls for a firewall that only allows egress traffic to certain public IP addresses where the application lives. Any thoughts on how this could be torn to shreds by someone who really knows what they're doing?
Find out what window manager the system is using. Find out what keyboard shortcuts are available for that window manager. Figure out default usernames, passwords, shells, /etc/inittab config (are logins accepted virtual terminals or serial port). Are any network ports open? What boot order is configured within the BIOS? Is PXE enabled? Is there physical access to the network by some other means? -- Dan White _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Inmate gets 18 months for hacking prison computer Juha-Matti Laurio (Jan 11)
- Inmate Hackers Justin Scott (Jan 11)
- Re: Inmate Hackers Young, Keith (Jan 11)
- Re: Inmate Hackers Dan White (Jan 11)
- Inmate Hackers Justin Scott (Jan 11)