Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Internet Kiosk Security -- Need Info!

From: "Murda" <murdamcloud () bigpond com>
Date: Tue, 22 Jun 2010 14:25:43 +1000
manufacturer's information (including contact information)


Can you ask the people in your organization who bought the kiosks? Are they
allowed to share this information with you?




-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of Security Enthusiast
Sent: Friday, June 18, 2010 6:04 PM
To: security-basics () securityfocus com
Subject: Internet Kiosk Security -- Need Info!

I've noticed a large number of pay-per-minute internet kiosks around my 
area, and I'm curious to find out information about them.  I've done 
some research and I've discovered many things that make me suspicious of 
these systems, and I'm trying to compile a presentation for my 
organization (which owns many of these kiosks) outlining the potential 
dangers of these systems.

It is my belief that they are QUITE insecure, but I'd like to present my 
organization with as much information as possible as to why. This would 
include as much system information as possible, as well as potential 
points of attack, methods of compromise, and possible opportunities for 
data theft.

Here is the information I have collected thus far:

Kiosk name: Surf LinX
Default Browser: IE6 (User Agent reports Mozilla/4.0 compatible)
OS: Windows XP / NT 5.1 -- Service Pack 1
System Security: Running Symantec products (anti-virus, etc.)
Possible Risks:
- Outdated software could allow unintentional installation of malware, 
which could compromise the entire system (keystrokes, browsing 
histories, credit card information, etc.) This would be dangerous to the 
organization and its customers.

I'm interested in knowing the manufacturer's information (including 
contact information), and as much information as possible about the 
system itself.

 From my research, a number of potential vulnerabilities have already 
been discovered, but more information is desired about the kiosks. 
Unfortunately, I am not (yet) authorized to perform a full pen-test of 
the target.

If anyone has any suggestions, or any information about my query, please 
let me know!

Thank you.

~SE

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL
certificate.  We look at how SSL works, how it benefits your company and how
your customers can tell if a site is secure. You will find out how to test,
purchase, install and use a thawte Digital Certificate on your Apache web
server. Throughout, best practices for set-up are highlighted to help you
ensure efficient ongoing management of your encryption keys and digital
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727
d1
------------------------------------------------------------------------


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: