Re: pen-testing an information kiosk (breaking out of the application)

From: alaric@alaricsecurity.com
Date: Mon Apr 28 2003 - 22:34:13 EDT

Next message: Rob Shein: "RE: Scanning for trojans"
Previous message: cdowns: "Re: Scanning for trojans"
Maybe in reply to: bugtraq@oechslin.net: "pen-testing an information kiosk (breaking out of the application)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

('binary' encoding is not supported, stored as-is) In-Reply-To: <20030423091601.25852.qmail@www.securityfocus.com>

Hi,

Building off what Mark Reardon has already posted, you should also
consider the physical security of the kiosk (e.g. weak locks and visible
cables).

Another thing to remember is that passwords of these types of systems are
trivial. If you start browsing past issues of 2600 you will find plenty of
articles detailing store computers (One that comes to mind is how someone
broke restriction controls on a Compaq computer on display at Radio
Shack). I hope I was of help.

Later,
Alaric

---------------------------------------------------------------------------
Did you know that you have VNC running on your network?
Your hacker does.
Plug your security holes.
Download a free 15-day trial of VAM:
http://www.securityfocus.com/StillSecure-pen-test
----------------------------------------------------------------------------

Next message: Rob Shein: "RE: Scanning for trojans"
Previous message: cdowns: "Re: Scanning for trojans"
Maybe in reply to: bugtraq@oechslin.net: "pen-testing an information kiosk (breaking out of the application)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:32 EDT