[pchelpers] Article:Hacking public information kiosks

• From: John Durham <john.modec@xxxxxxxxxx>
• To: PC-Helpers <pchelpers@xxxxxxxxxxxxx>
• Date: Mon, 18 Feb 2008 08:18:53 +1300

February 17, 2008 6:15 AM PST
Posted by Robert Vamosi

Public information kiosks are supposed to allow users to find out more
about a company or government agency, and that's all. But on Saturday
afternoon, Shanit Gupta, a senior consultant at McAfee Foundstone,
demonstrated several ways that he and others have been able to map the
internal network on a system running XenApp, formerly Citrix
Presentation Server.

On the demonstration screen at ShmooCon, an East Coast computer hacking
conference, Gupta showed how the familiar toolbars and browser frame are
missing on a system running XenApp. The idea is that on a kiosk the
public can click on links only within the single page. But if there's a
keyboard or a mouse present, which there often are, Gupta was able to
open additional sites, exposing the internal network.

More here:
http://www.news.com/8301-10789_3-9873865-57.html?part=rss&subj=news&tag=2547-1_3-0-20
-- 
John Durham
Site http://modecideas.com
Server hosted on Ubuntu 4.10
Good advice is like good paint. It only works when applied.



-- 
-------list-services-below-----------
Regards, John Durham (list moderator) <http://modecideas.com/contact.html?sig>
Freelists login at http://www.freelists.org/cgi-bin/lsg2.cgi
List archives at http://www.freelists.org/archives/pchelpers
PC-HELPERS list subscribe/unsub at http://modecideas.com/discuss.htm?sig
Latest news live feeds at http://modecideas.com/indexhomenews.htm?sig
Good advice is like good paint- it only works if applied.

• » Related posts
• » Previous by Date
• » Next by Date
• » This Month's Archive
• » Main Archive Page

• » View list details
• » Manage your subscription