Security Basics mailing list archives
Re: Internet Kiosk Security -- Need Info!
From: Security Enthusiast <z3ros3c () gmail com>
Date: Wed, 23 Jun 2010 21:23:53 -0400
I've asked, and nobody seems to know where they came from. Apparently they were installed by contractors and authorized by some higher-up, yet I've never been able to get information on that particular person to contact them. (This is a very big, very burocratic organization.) I'll keep digging.
On 6/22/10 12:25 AM, Murda wrote:
manufacturer's information (including contact information)Can you ask the people in your organization who bought the kiosks? Are they allowed to share this information with you? -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Security Enthusiast Sent: Friday, June 18, 2010 6:04 PM To: security-basics () securityfocus com Subject: Internet Kiosk Security -- Need Info! I've noticed a large number of pay-per-minute internet kiosks around my area, and I'm curious to find out information about them. I've done some research and I've discovered many things that make me suspicious of these systems, and I'm trying to compile a presentation for my organization (which owns many of these kiosks) outlining the potential dangers of these systems. It is my belief that they are QUITE insecure, but I'd like to present my organization with as much information as possible as to why. This would include as much system information as possible, as well as potential points of attack, methods of compromise, and possible opportunities for data theft. Here is the information I have collected thus far: Kiosk name: Surf LinX Default Browser: IE6 (User Agent reports Mozilla/4.0 compatible) OS: Windows XP / NT 5.1 -- Service Pack 1 System Security: Running Symantec products (anti-virus, etc.) Possible Risks: - Outdated software could allow unintentional installation of malware, which could compromise the entire system (keystrokes, browsing histories, credit card information, etc.) This would be dangerous to the organization and its customers. I'm interested in knowing the manufacturer's information (including contact information), and as much information as possible about the system itself. From my research, a number of potential vulnerabilities have already been discovered, but more information is desired about the kiosks. Unfortunately, I am not (yet) authorized to perform a full pen-test of the target. If anyone has any suggestions, or any information about my query, please let me know! Thank you. ~SE ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727 d1 ------------------------------------------------------------------------ ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Internet Kiosk Security -- Need Info! Security Enthusiast (Jun 21)
- Re: Internet Kiosk Security -- Need Info! Todd Haverkos (Jun 23)
- Re: Internet Kiosk Security -- Need Info! Matthew Lye (Jun 23)
- RE: Internet Kiosk Security -- Need Info! Murda (Jun 23)
- Re: Internet Kiosk Security -- Need Info! Security Enthusiast (Jun 24)
- Re: Internet Kiosk Security -- Need Info! Adam Mooz (Jun 24)
- Re: Internet Kiosk Security -- Need Info! Security Enthusiast (Jun 24)
- Re: Internet Kiosk Security -- Need Info! Security Enthusiast (Jun 24)
- Re: Internet Kiosk Security -- Need Info! Shawn Merdinger (Jun 23)