And to think ... all this time I've been using public access Internet terminals to check my bank accounts, log on to my web mail, administrate my servers via webmin plus check my Facebook and LinkedIn accounts. Oh, nearly forgot updating my blog and adding articles to my website via its CMS.

If I had only known how insecure these terminals could be. I mean they're all over the place, and can be accessed by anybody!

I am truly shocked and will never use a PUBLIC (doh!) internet access terminal for any secure stuff again.

Why is this Reg news - it's stating the bleeding obvious! Last year all the public terminals at Infosec (of all places) were found to be riddled with spyware. Possibly an article for the silver surfer section of the Beeb - but not the Reg.

So a PC in an internet cafe wasn't secure.

Tell me you'd have run the story if it wasn't Heathrow..

but seriously whoever installed this machine is an idiot. Cudos to the "white hacker" for exposing the flaws...although i wonder, could another, perhaps "greyish" hacker have compromised the machine and kept quiet about it? perhaps stealing CC info for his trouble? If you're wondering how he hacked the box, it's quite simple...open Gmail compose mail,then press attach file/browse...goto windows/system32 right click on command.com and then open.....hey presto, you've got a nice useful interface for doing all sorts of crap.....oh and to access the file system, all you have to do is type file:///c:/ into a browsers address bar.

I wonder how they're gonna fix these flaws? without uninstalling windows xp that is....

Bears found to defecate in forested areas!

Also, it turns out that the Pope is not a Protestant!

They were fine 'till that bloody Italian came along! White hat my a**e, they're all connected with organised crime, people trafficking and drugs... not to mention terrorism!

Rip the HDD out, and put a custom knoppix CD in and problem solved.

Oh, lock the CD Drive inside the machine so the disk can't be removed unless the case is opened.

If the machines are like the ones I have seen you would look rather suspisious taking it apart in the middle of an airport.

It's not too hard to avoid suspicion. Just dress a bit preppy, collared shirt with some company name on it, and bring a toolkit. Most people won't look at you twice. If anyone does ask, hold up a stick of ram and say you're upgrading the machine.

Social Engineering: The Universal Exploit™

14 hour layover in Gatwick led me to discover the same thing around 6 months ago.. so I called the 24 hour IT helpdesk from a payphone and described the flaw and possible fixes in detail to the guy on the other end. He was pretty convincing that he would do something about it, but obviously it didn't get through. I said I'd give em till my next time in gatwick to fix, however as it's already exposed...

For all you spectrum interative using airport go-ers here's a nifty little trick:

Ctrl-Shift-Esc brings up the task manager.

Kshield.exe gets killed.. MSconfig turns it off , reboot et voila.

Now you have free net access for the next 13 hours. or you can root it to yer hearts content.

God bless layovers :)

Someone found a security issue on a computer running Windows. For me the PC never has been more than a glorified ZX81 for the first 20 years of it's existence, so it's not really all that surprising that the people that brought us a clone of that operating system have had a problem or two making one with pictures in it.

... That's why I don't touch public terminals with a barge pole (and thank God for my own T-Mobile logon.

Spectrum Interactive bought a really good company with a really good system, and screwed it up. *sigh*

It never surprises me anymore that companies like this do not have these public terminal services checked from a security perspective.

Any decent ethical security firm will supply desktop build reviews and pick up on issues like this and document them fully.

Might cost a couple of grand but will highlight any issues like the above!

Next time PWDUMP, LSACache and cachedump!

It's surprising how many domain admin credentials can be picked up from these public terminals which would be still valid on the suppliers domain/external network/OWA.

Matt@MRS Sec

So pay 50p , download malware, log off, and then the keylogger works on all new customers, whats so new about that?