[WEB4LIB] IKiosk Security Lapse
Charles F. Bearden
cbearden at ruf.rice.edu
Fri Oct 30 13:23:25 EST 1998
Try renaming C:\WINDOWS\TASKMAN.EXE to something like TASKMAN.AXE.
Does WinSelect Policy have an option to list programs that shouldn't
be permitted to run? That might also be a way to prevent it from
running.
Chuck
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Chuck Bearden cbearden at rice.edu
Electronic Resources Librarian
Fondren Library--MS44 713 / 527-8101 x3634
Rice University 713 / 737-5859 (fax)
P.O. Box 1892
Houston, TX 77251-1892
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
On Fri, 30 Oct 1998, jpapier wrote:
> Greetings From Fairest NJ:
>
> I've been using Winselect Policy / Kiosk 3.3.1 on our public Internet
> PC's to good effect for some
> time now. However, our ever-curious teenagers have (unwittingly)
> brought the following security lapse to my attention: if you reboot the
> PC, when Windows 95 (or 98) starts up again you can click repeatedly
> with the mouse where the "Start" button
> eventually shows up. This easily brings up the Task Manager. From
> there you can choose "Run Applications." A default box comes up. If
> you ignore this box and choose "Browse," a new box comes up. You cannot
> enter a pathname into this browse box, which is as it should be, since
> access to the hard drive has been turned off. But if instead of choosing
> the "Browse" option, you stick with the first, default box which
> appears, you CAN enter a pathname, e.g. "c:\command.com." And into DOS
> we go.
>
> I suppose you could also bring in "command.com" on a floppy and upload
> too, if you allow access to the A: drive.
>
> Thought you should know. I've brought this to the attention of Hypertec
> (http://www.hypertec.com).
>
> Cheers,
> JP
>
> --
> Jeff Papier
> Network / Internet Librarian
> South Brunswick Public Library
> Monmouth Junction, NJ
>
>
More information about the Web4lib
mailing list