Announcement

Collapse
No announcement yet.

Example of really bad security...

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Example of really bad security...

    So this always makes me laugh. I go to a post office which is a branch in a bank.

    On the counter, they have a monitor set up, facing the customers. The problem with said monitor is that whenever a post office employee has to log into use the computer there to access the postal services, the monitor shows a keyboard which lights up which keyboard button the employee uses to log in as well as shows what they are typing. This includes the password, which at least shows up as Xs, but you can still see the exact keys that they are typing, so learning the pass is rediculously easy. I've also learned that the pass is the same for all employees as well.

    *shakes head sadly*
    ======================================
    DJ Jackalope
    dopest dj in the galaxy. *mwah!*

    send in the drop bears!
    ======================================
    Tags: None
  • #2
    Re: Example of really bad security...

    Originally posted by DJ Jackalope View Post
    So this always makes me laugh. I go to a post office which is a branch in a bank.

    On the counter, they have a monitor set up, facing the customers. The problem with said monitor is that whenever a post office employee has to log into use the computer there to access the postal services, the monitor shows a keyboard which lights up which keyboard button the employee uses to log in as well as shows what they are typing. This includes the password, which at least shows up as Xs, but you can still see the exact keys that they are typing, so learning the pass is rediculously easy. I've also learned that the pass is the same for all employees as well.

    *shakes head sadly*
    I've seen a very similar situation at the Wal-Mart self checkout machines.
    "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

    Comment

    • #3
      Re: Example of really bad security...

      lol still not as cool as me going into the apple store and checking people's email since they logged in under there email accounts to "test" the iphone or mac book air and never removed the accounts :D

      Comment

      • #4
        Re: Example of really bad security...

        Originally posted by Vyrus View Post
        lol still not as cool as me going into the apple store and checking people's email since they logged in under there email accounts to "test" the iphone or mac book air and never removed the accounts :D
        Ha, when will people learn? Were you nice enough to lock them out of their accts? :P
        ======================================
        DJ Jackalope
        dopest dj in the galaxy. *mwah!*

        send in the drop bears!
        ======================================

        Comment

        • #5
          Re: Example of really bad security...

          I sometimes find myself taking a thumb drive running switchblade to storkes like Best Buy and plugging it into some of the demo laptops they have there.
          DaKahuna
          ___________________
          Will Hack for Bandwidth

          Comment

          • #6
            Re: Example of really bad security...

            I needed an item for a client and went to Compusa for it, only to find the item was only available online. So, the saleskid showed me the PC they had for making orders from the store. I clicked on the item it conveniently provided with dozens of stores credit card numbers to choose from to pay for it. Yep, that IE autocomplete sure is nice. I pointed this out to the saleskid who said "Oh, that's probably not good." Seeing as my Karma was a bit low I went in and erased the cache and turned off autocomplete.

            DaKahuna, don't bother with the demos they're usually locked down just slip it into the internet order machine or when they're not looking right into the sales register. Of course this is just a hypothetical situation as I would never try to circumvent any type of security on a public (kiosk) terminal ;)

            Comment

            • #7
              Re: Example of really bad security...

              I had a vendor do a Webex demo of a tool today. He used his usual setup, revealing every program running on his machine. Even better, when he was showing off some of the features he also showed me every individual he sent a file to in the last three weeks in order to show me that the tool saves messages.

              Clever, these vendors are.
              jur1st, esq.

              Comment

              • #8
                Re: Example of really bad security...

                beakmyn - you are right. If I was a bad person looking to do bad things, the store's computer would be a much better choice than the demo machines.

                Has anyone see any versions of switchblade or hacksaw that work on Mac OS X or Linux?
                DaKahuna
                ___________________
                Will Hack for Bandwidth

                Comment

                • #9
                  Re: Example of really bad security...

                  Originally posted by DaKahuna View Post
                  beakmyn - you are right. If I was a bad person looking to do bad things, the store's computer would be a much better choice than the demo machines.

                  Has anyone see any versions of switchblade or hacksaw that work on Mac OS X or Linux?
                  Where would you use that? The caveat is that the switchblade assumes administrative privilege is available on the machine. For most "road warriors" with laptops and desktops in a domain the local user has local admin rights so it works. But, in Linux and I'll assume the Mac the same isn't true. I don't run as root on any of my machines I use sudo or su for that.

                  So, a Linux or Mac switchblade wouldn't work for ~90% of the machines out there since the "low hanging fruit" is Windows.

                  I got a dirty look and comment from a vendor when I mentioned some of the folders (names of other clients). I said something like "oh you did work for xxx". He wasn't happy, although I did shoot back "Maybe you shouldn't run the file manager when you're plugged into the projector". +1 for me.
                  Last edited by beakmyn; March 2, 2008, 14:40. Reason: MAC != Mac

                  Comment

                  • #10
                    Re: Example of really bad security...

                    s/MAC/Mac/

                    Comment

                    Previous template Next
                    Working...
                    X