IKiosk Security Lapse

jpapier jpapier at infolink.org
Fri Oct 30 11:01:13 EST 1998


Greetings From Fairest NJ:

I've been using Winselect Policy / Kiosk 3.3.1 on our public Internet
PC's to good effect for some
time now.  However, our ever-curious teenagers have (unwittingly)
brought the following security lapse to my attention:  if you reboot the
PC, when Windows 95 (or 98) starts up again you can click repeatedly
with the mouse where the "Start" button
eventually shows up.  This easily brings up the Task Manager.  From
there you can choose "Run Applications."  A default box comes up.  If
you ignore this box and  choose "Browse," a new box comes up. You cannot
enter a pathname into this browse box, which is as it should be, since
access to the hard drive has been turned off. But if instead of choosing
the "Browse" option, you stick with the first, default box which
appears, you CAN enter a pathname, e.g. "c:\command.com."  And into DOS
we go.

I suppose you could also bring in "command.com" on a floppy and upload
too, if you allow access to the A: drive.

Thought you should know.  I've brought this to the attention of Hypertec
(http://www.hypertec.com).

Cheers,
JP

--
Jeff Papier
Network / Internet Librarian
South Brunswick Public Library
Monmouth Junction, NJ




More information about the Web4lib mailing list