Top
Search n00bz.net
  • South Florida Security Resources
    • HackMiami.org
      HackMiami is made up of information security professionals, hardware engineers, network administrators, students, and those who simply enjoy technology.
    • South Florida ISSA
      The Information Systems Security Association is, "the pre-eminent trusted global information security community".
  • PenTest Solutions
    • Rapid7 Metasploit Express
      Metasploit Express is an affordable, easy-to-use penetration testing solution that provides full network penetration testing capabilities, backed by the world’s largest, fully tested and integrated public database of exploits.
    • Core Impact PRO
      Core Impact is designed to evaluate the whole of the security in an office ecosystem. It allows the user to probe for and exploit security vulnerabilities in computer networks, endpoints and web applications.

Entries in DC (1)

Friday
Dec092011

Free: You get what you pay for!

DateFriday, December 9, 2011 at 2:39PM

I was traveling this past week and being the security nerd I am noticed this screen from across the room.

Above it was a sign that said, "Free Internet- Print your boarding pass for FREE!"

The infected computer was in a hotel lobby.  People were using it printing their traveling documents.

This got me thinking (a dangerous pastime)...

  • If you wanted to "upgrade" you seat or prepay a bag, you entered your credit card number.
  • If you looked up via your FF# you entered a password (and use the same password everywhere.)
  • Some print their email which has their travel documents stored safely in their inbox (which is where they email your password when your forget it at your banks website)
  • At the very least, now an attacker can pivot through this machine and wreck havoc on the internal (and wireless) network.  MiTM attacks galore.
  • This PC was in an unsecured area where anyone could walk up to it (or walk away with it).  The people at the front desk did not have a visual on it.

 

Oh yah, this PC was also in downtown Washington DC! 

Authorn00bz Network | Comment1 Comment |
tagged , in