Comments on: Airport Kiosks Security http://www.gnucitizen.org/blog/airport-kiosks-security/ Information Security Think Tank Tue, 06 Jan 2009 14:36:09 +0000 http://wordpress.org/?v=2.7 hourly 1 By: cybergoth http://www.gnucitizen.org/blog/airport-kiosks-security/comment-page-1/#comment-77742 cybergoth Tue, 27 Nov 2007 16:29:34 +0000 http://www.gnucitizen.org/blog/airport-kiosks-security#comment-77742 n, try some asp tricks like | and ~ , example: login|.aspx n, try some asp tricks like | and ~ , example: login|.aspx

]]> By: Adrian Pastor http://www.gnucitizen.org/blog/airport-kiosks-security/comment-page-1/#comment-77739 Adrian Pastor Tue, 27 Nov 2007 16:27:17 +0000 http://www.gnucitizen.org/blog/airport-kiosks-security#comment-77739 @n - just click on "Show Complete Compilation Source" on the .NET error page (see screenshot). @n - just click on “Show Complete Compilation Source” on the .NET error page (see screenshot).

]]> By: sws http://www.gnucitizen.org/blog/airport-kiosks-security/comment-page-1/#comment-77606 sws Tue, 27 Nov 2007 11:12:07 +0000 http://www.gnucitizen.org/blog/airport-kiosks-security#comment-77606 oh no... so great ;) funny article... oh no… so great ;) funny article…

]]> By: n http://www.gnucitizen.org/blog/airport-kiosks-security/comment-page-1/#comment-77600 n Tue, 27 Nov 2007 11:03:09 +0000 http://www.gnucitizen.org/blog/airport-kiosks-security#comment-77600 Nice, how did you use the debug functionality to get the source code listing? Nice, how did you use the debug functionality to get the source code listing?

]]> By: cybergoth http://www.gnucitizen.org/blog/airport-kiosks-security/comment-page-1/#comment-76892 cybergoth Sun, 25 Nov 2007 18:32:18 +0000 http://www.gnucitizen.org/blog/airport-kiosks-security#comment-76892 Some sitekiosks are connected to company's lan, few times I have successfully found intranet sites using your javascript port scanner. Some sitekiosks are connected to company’s lan, few times I have successfully found intranet sites using your javascript port scanner.

]]> By: pdp http://www.gnucitizen.org/blog/airport-kiosks-security/comment-page-1/#comment-76679 pdp Sun, 25 Nov 2007 08:15:55 +0000 http://www.gnucitizen.org/blog/airport-kiosks-security#comment-76679 Daniel, this section of the UK law should get a lot more specific. Otherwise, the bad guys can use it for their own good. First of all how do we know that this is not the intendet feature when the only input device that was used was the m-pointer. In USA for example, if u r hiding drugs in your car and u get caught when being searched by a cop who did not had any reason to, then you can get away and attack back the legal system. Same with IT. The law is vague but often based on case studies, which are even more vague. In IT sec we are constantly playing with fire even when all the work we do is legal. I can get into a lot more details but I will stop here. Daniel, this section of the UK law should get a lot more specific. Otherwise, the bad guys can use it for their own good. First of all how do we know that this is not the intendet feature when the only input device that was used was the m-pointer. In USA for example, if u r hiding drugs in your car and u get caught when being searched by a cop who did not had any reason to, then you can get away and attack back the legal system. Same with IT. The law is vague but often based on case studies, which are even more vague. In IT sec we are constantly playing with fire even when all the work we do is legal. I can get into a lot more details but I will stop here.

]]> By: Daniel http://www.gnucitizen.org/blog/airport-kiosks-security/comment-page-1/#comment-76659 Daniel Sun, 25 Nov 2007 07:20:43 +0000 http://www.gnucitizen.org/blog/airport-kiosks-security#comment-76659 Don't forget, under UK law you would have been persecuted for doing what you did. The issue isn't you just pressing buttons, but the fact you never had permission to make that computer perform that function, which is the crux of section 1a of the computer misuse act. Good to see kiosk security is still as crap as ever though :) Don’t forget, under UK law you would have been persecuted for doing what you did.

The issue isn’t you just pressing buttons, but the fact you never had permission to make that computer perform that function, which is the crux of section 1a of the computer misuse act.

Good to see kiosk security is still as crap as ever though :)

]]> By: naom http://www.gnucitizen.org/blog/airport-kiosks-security/comment-page-1/#comment-76577 naom Sun, 25 Nov 2007 01:23:17 +0000 http://www.gnucitizen.org/blog/airport-kiosks-security#comment-76577 3 minutes killed out of 3 hours. Not bad. 3 minutes killed out of 3 hours. Not bad.

]]> By: Sam http://www.gnucitizen.org/blog/airport-kiosks-security/comment-page-1/#comment-76539 Sam Sat, 24 Nov 2007 23:31:51 +0000 http://www.gnucitizen.org/blog/airport-kiosks-security#comment-76539 Interesting stuff. Reminds me of the time I saw the BoSoD on an ATM and the Windows XP desktop on a scan yourself checkout. Interesting stuff. Reminds me of the time I saw the BoSoD on an ATM and the Windows XP desktop on a scan yourself checkout.

]]>