ZeroBeat Posted June 13, 2008 Share Posted June 13, 2008 Well i remember a time where people atleast tried to secure there systems. Usually poorly due to a lack of knowladge. But now... I'm sitting at a computer in the public library. Back in the day they had that "Kiosk" os, where you logged in using your social security number and a pin-code. They have now changed that to Win2000 computers with admin priviledge. And no there are know other security software running. You have cmd access, are able to install software, access regedit... everything. Have tried sniffing on the other computers... worked perfect... why is it that not even system admins can secure our information. It's dumb for me to even log in to this page, since you could retrieve that password in a matter of secound, if someone not allready have installed a password sniffer on this machine. This would also make a perfect server for bad business. SSH, and some nasty apps and you could pwn all that used one of the computers, or the unencrypted wifi. Same goes for my old school. they dumbed there Nowell login system and went for... well nothing. And we are talking high payed, highly educated system admins. Why can it be so damn hard to set up some computer security... at least give me a challange... but well I'll try to find the sys admin, and hear what's up with this shit. Not funny at all ;) But well if anyone want a server just say the word, have installed SSH and portforwarded! ;) Quote Link to comment Share on other sites More sharing options...
moonlit Posted June 13, 2008 Share Posted June 13, 2008 But well if anyone want a server just say the word, have installed SSH and portforwarded! ;) ...are you trying to pimp out a public system? Quote Link to comment Share on other sites More sharing options...
Iain Posted June 13, 2008 Share Posted June 13, 2008 Why can it be so damn hard to set up some computer security... at least give me a challange... Maybe the admin's set it up like this to lure someone into doing something dodgy ... ? Quote Link to comment Share on other sites More sharing options...
ZeroBeat Posted June 14, 2008 Author Share Posted June 14, 2008 Well no, I don't want to pimp it, And there does not appeare to be anything running that log you doing, or any other profiles the that admin profile. Just seams dumb. Quote Link to comment Share on other sites More sharing options...
tim.vangehugten Posted June 14, 2008 Share Posted June 14, 2008 Well, you have 3 options: 1: be an evil 1337 blackhat hacker and change all the authors of the books MUHAHAHA => seriously there's no fun in that, really that would be dumb 2: bring it to the attention to the sysadmin so that no other dumbasses would do option 1 3: relax and do nothing. Quote Link to comment Share on other sites More sharing options...
ZeroBeat Posted June 16, 2008 Author Share Posted June 16, 2008 Well i went the whitehat way... sort of... Made a IE plugin, that bringes up a message and a link about the security on the system, and in general, each time someone tries to enter a password on web... Quote Link to comment Share on other sites More sharing options...
tim.vangehugten Posted June 17, 2008 Share Posted June 17, 2008 You took the right decission :) Quote Link to comment Share on other sites More sharing options...
leetninja Posted June 20, 2008 Share Posted June 20, 2008 I have noticed this in multiple schools, libraries, and even my job--it is pretty ridiculous. I think the best thing to do is what you did, ZeroBeat...make people aware. People are so unaware of what (can) lurks in an insecure system, and it's not their fault. Good choice, ZeroBeat. Quote Link to comment Share on other sites More sharing options...
ZeroBeat Posted June 21, 2008 Author Share Posted June 21, 2008 Has started to create a USB Switchblade that don't steel the information, only see if there accessible, and create a security report based on the information + add tweaks to to IE, FF, OS whatever to make it more secure, to use on public computers... If you want to help, i would appreciate some input :D Quote Link to comment Share on other sites More sharing options...
leetninja Posted June 21, 2008 Share Posted June 21, 2008 Has started to create a USB Switchblade that don't steel the information, only see if there accessible, and create a security report based on the information + add tweaks to to IE, FF, OS whatever to make it more secure, to use on public computers... If you want to help, i would appreciate some input :D Sweet! I will try to think of some ideas. Quote Link to comment Share on other sites More sharing options...
nicatronTg Posted June 21, 2008 Share Posted June 21, 2008 Wow. At my my local library uses DeepFreeze... You could make a warning about using usb keys on the computers, incase the hacksaw was present... Quote Link to comment Share on other sites More sharing options...
Joerg Posted June 21, 2008 Share Posted June 21, 2008 Interesting idea, I'll try to code (euphemism for scripting) something like that :) Quote Link to comment Share on other sites More sharing options...
ZeroBeat Posted June 23, 2008 Author Share Posted June 23, 2008 Coolies... have made some applications for some of the stuff since this the question is not which information you can steal, decode and use, only to check permissions for all the places, so it is as simple as making an application that tries to get access to ex the ie cache... if it succeed, there is a security hole, if not the application will fail, and you can catch that error... there is no need to make functions that searches for the actual passwords (and would kind of like to avoid scripts, due to vistas beloved UAC ;)) Quote Link to comment Share on other sites More sharing options...
shido Posted July 21, 2008 Share Posted July 21, 2008 well just a thought, maybe u could scan the lan u on and then see what ports and so forths u can close. Try getting a firewall (obviously freeware, since seeing u not geting paid for this) and maybe an av. mmmm what else can you do?try setting a password on the bios and disable booting from cd so that no1 can crack passwords of the computer by means of live cd's. Create seperate accounts and hide the admin account. oh and use gpedit so that u can set policies of the whole network, but gpedit sometimes takes a while to set up its policies on every computer so youd have to try to force the policies. Set policies such as removal of cmd/task manager. check internet setting on gpedit and well theres alot u can do there so its up to u.... You said u wantd ideas to secure the computers so thats just my ideas...im sure alota ppl will fill in whatever i left out Quote Link to comment Share on other sites More sharing options...
ZeroBeat Posted July 24, 2008 Author Share Posted July 24, 2008 Definatly something that i will look into... Thanks :) Quote Link to comment Share on other sites More sharing options...
Nophix Posted August 7, 2008 Share Posted August 7, 2008 More public institutions are moving this way. However, at least they usually separate the unprotected computers from the main network. Most often, they are on a dedicated net connection and a basic wifi router. Part of it is cost and maintenance. The employees of libraries and the like are usually not very computer savvy, so they have no idea how to fix something if it goes out of config. For budget reasons, they usually don't have a dedicated admin either. I know this because my business used to serve a few local libraries and community centers. When I took the contracts they were very specific that it would be dedicated public access, and no security was added. They didn't even want me to change the default passwords on the routers. I know it's stupid, but you can't budge those political types. I spent a lot of time re-imaging machines for them. Oh well, their money in my pocket lets me spend more on things I want... Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.