Full Disclosure mailing list archives
Re: Micky-dee's anyone?
From: vulcanius <vulcanius () gmail com>
Date: Sun, 1 May 2005 16:33:37 -0400
Speaking of McD's. I might as well disclose a little info on the new wireless setups they've installed. A while back I did some installations for them. Basically they're running a setup designed by a company called Wayport. If you ever venture into the back of a McD's they have two servers running their PoS systems, accounting, surveillance, etc. I forget the names of the servers but the system that's going to the wireless is called CCD or CCCD if I remember correctly. The actual wireless system uses DSL from BellSouth or another RBOC. They have a small rackmounted CPU inside the wall-mounted case running Debian. I was limited on time so don't bother asking me what kernel/services it's running. Other than that they have the usual DSL filters, a Sprint 4 port Hub mounted inside the case and I forget what wireless router they are using. The wireless router is mounted above the ceiling in front of the registers. Basically if your waiting in line your standing right beneath it. Also, to spoil your appetites for McD's wonderful burgers, while running cables in the ceiling I had the joy of encountering no less than 3 dead rats and more dead roaches than I could count. Enjoy your food. If anyone has more time to do a little probing, post what you find. On 5/1/05, n3td3v <xploitable () gmail com> wrote:
On 5/1/05, James Tucker <jftucker () gmail com> wrote:Er, Bank, McD's. The monetary values are not entirely dissimilar. XSS is XSS anyway, does it really matter where? Black hats are known for their exploitation of "underestimated" weaknesses, so if one were feeling philosophical, it could be expressed that this problem may be more important than the 'bigger' issues.You can't pick a better day than May the 1st to disclose a XSS vulnerability on a Mc Donands website than on May the 1st, and thats the point in this whole little affair. Thanks, n3td3v This is where I read Full-Disclosure: http://groups-beta.google.com/group/n3td3v _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Micky-dee's anyone? Paul Kurczaba (May 01)
- Re: Micky-dee's anyone? n3td3v (May 01)
- Re: Micky-dee's anyone? James Tucker (May 01)
- Re: Micky-dee's anyone? n3td3v (May 01)
- Re: Micky-dee's anyone? vulcanius (May 01)
- Re: Micky-dee's anyone? James Tucker (May 01)
- Re: Micky-dee's anyone? n3td3v (May 01)
- RE: Micky-dee's anyone? Pablo Abad (May 01)
- <Possible follow-ups>
- Re: Micky-dee's anyone? Ill will (May 01)