Re: pen-testing an information kiosk (breaking out of the application)

alaric_at_alaricsecurity.com
Date: 04/29/03

  • Next message: Rob Shein: "RE: Scanning for trojans"
    Date: 29 Apr 2003 02:34:13 -0000
    To: pen-test@securityfocus.com
    
    
    ('binary' encoding is not supported, stored as-is) In-Reply-To: <20030423091601.25852.qmail@www.securityfocus.com>

    Hi,

    Building off what Mark Reardon has already posted, you should also
    consider the physical security of the kiosk (e.g. weak locks and visible
    cables).

    Another thing to remember is that passwords of these types of systems are
    trivial. If you start browsing past issues of 2600 you will find plenty of
    articles detailing store computers (One that comes to mind is how someone
    broke restriction controls on a Compaq computer on display at Radio
    Shack). I hope I was of help.

    Later,
    Alaric

    ---------------------------------------------------------------------------
    Did you know that you have VNC running on your network?
    Your hacker does.
    Plug your security holes.
    Download a free 15-day trial of VAM:
    http://www.securityfocus.com/StillSecure-pen-test
    ----------------------------------------------------------------------------


  • Next message: Rob Shein: "RE: Scanning for trojans"