Jump to content

Where is the security


ZeroBeat
 Share

Recommended Posts

Well i remember a time where people atleast tried to secure there systems. Usually poorly due to a lack of knowladge. But now...

I'm sitting at a computer in the public library. Back in the day they had that "Kiosk" os, where you logged in using your social security number and a pin-code. They have now changed that to Win2000 computers with admin priviledge. And no there are know other security software running. You have cmd access, are able to install software, access regedit... everything.

Have tried sniffing on the other computers... worked perfect... why is it that not even system admins can secure our information.

It's dumb for me to even log in to this page, since you could retrieve that password in a matter of secound, if someone not allready have installed a password sniffer on this machine.

This would also make a perfect server for bad business. SSH, and some nasty apps and you could pwn all that used one of the computers, or the unencrypted wifi.

Same goes for my old school. they dumbed there Nowell login system and went for... well nothing.

And we are talking high payed, highly educated system admins.

Why can it be so damn hard to set up some computer security... at least give me a challange...

but well I'll try to find the sys admin, and hear what's up with this shit. Not funny at all ;)

But well if anyone want a server just say the word, have installed SSH and portforwarded! :blink: ;)

Link to comment
Share on other sites

Well, you have 3 options:

1: be an evil 1337 blackhat hacker and change all the authors of the books MUHAHAHA => seriously there's no fun in that, really that would be dumb

2: bring it to the attention to the sysadmin so that no other dumbasses would do option 1

3: relax and do nothing.

Link to comment
Share on other sites

Well i went the whitehat way... sort of...

Made a IE plugin, that bringes up a message and a link about the security on the system, and in general, each time someone tries to enter a password on web...

Link to comment
Share on other sites

I have noticed this in multiple schools, libraries, and even my job--it is pretty ridiculous. I think the best thing to do is what you did, ZeroBeat...make people aware. People are so unaware of what (can) lurks in an insecure system, and it's not their fault. Good choice, ZeroBeat.

Link to comment
Share on other sites

Has started to create a USB Switchblade that don't steel the information, only see if there accessible, and create a security report based on the information + add tweaks to to IE, FF, OS whatever to make it more secure, to use on public computers...

If you want to help, i would appreciate some input :D

Link to comment
Share on other sites

Has started to create a USB Switchblade that don't steel the information, only see if there accessible, and create a security report based on the information + add tweaks to to IE, FF, OS whatever to make it more secure, to use on public computers...

If you want to help, i would appreciate some input :D

Sweet! I will try to think of some ideas.

Link to comment
Share on other sites

Coolies... have made some applications for some of the stuff since this the question is not which information you can steal, decode and use, only to check permissions for all the places, so it is as simple as making an application that tries to get access to ex the ie cache... if it succeed, there is a security hole, if not the application will fail, and you can catch that error... there is no need to make functions that searches for the actual passwords (and would kind of like to avoid scripts, due to vistas beloved UAC ;))

Link to comment
Share on other sites

  • 4 weeks later...

well just a thought, maybe u could scan the lan u on and then see what ports and so forths u can close. Try getting a firewall (obviously freeware, since seeing u not geting paid for this) and maybe an av. mmmm what else can you do?try setting a password on the bios and disable booting from cd so that no1 can crack passwords of the computer by means of live cd's. Create seperate accounts and hide the admin account. oh and use gpedit so that u can set policies of the whole network, but gpedit sometimes takes a while to set up its policies on every computer so youd have to try to force the policies. Set policies such as removal of cmd/task manager. check internet setting on gpedit and well theres alot u can do there so its up to u.... You said u wantd ideas to secure the computers so thats just my ideas...im sure alota ppl will fill in whatever i left out

Link to comment
Share on other sites

  • 2 weeks later...

More public institutions are moving this way. However, at least they usually separate the unprotected computers from the main network. Most often, they are on a dedicated net connection and a basic wifi router.

Part of it is cost and maintenance. The employees of libraries and the like are usually not very computer savvy, so they have no idea how to fix something if it goes out of config. For budget reasons, they usually don't have a dedicated admin either. I know this because my business used to serve a few local libraries and community centers. When I took the contracts they were very specific that it would be dedicated public access, and no security was added. They didn't even want me to change the default passwords on the routers. I know it's stupid, but you can't budge those political types.

I spent a lot of time re-imaging machines for them. Oh well, their money in my pocket lets me spend more on things I want...

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...