Sunday, December 7, 2008

Stealing Data the Easy Way

As I entered the Athens Airport Business Class lounge, I asked if there was WiFi connectivity. I was told there was no WiFi, but I could help myself to the kiosk computers. I jumped at the chance to check out the security posture of these computers. I assumed that there would be security issues.

I wasn't disappointed with the amount of information I had access to, much of which I considered to be breaches of confidentiality for some previous users of the kiosk. The following pictures are just a sample, there was much more. If I were a bad guy, I could have stolen loads of data the easy way by just emailing the files to myself. I took the pictures here for security awareness efforts. Names have been hidden to protect the innocent.

The following are reasons why people shouldn't use free Internet kiosks:

1. The Windows Security Alert tells you that the system may not be up to date for security fixes.


2. The following "user agreement" means that everyone has access to anything you store on this computer.

3. Your browser history is usually intact and credentials are sometimes still valid.

4. People can read confidential documents you typed on the computer.


5. People may get a sneak peak at your lucrative sports contract.


6. People may get a copy of your C.V. and all of the personal information it contains.


7. People may get access to your accounts spreadsheet.


8. People can install malicious code into important directories.


9. Being a security professional I warned to attendants on duty about the issues that I had found. The lead attendant said, "If anyone is stupid enough to use the kiosk and do that, they should not be using the computers!".

Enough said!

-MJC

1 comment:

  1. I really enjoyed reading the comment from the lounge personnel; if only everybody thought that way, there might not be a need for us security folks.

    ReplyDelete