One should never trust a public kiosk computer, but at the RSA security conference, one expects the public computers will at least be locked down as well as the public library's boxes.
This year you'd be wrong as Sunbelt Software's president Alex Eckelberry and R&D vice president Eric Sites gleefully demonstrated to 27B by downloading adware from Zango and The Best Offers and by checking Google searches run by previous users.
Seems the Windows XP boxes -- supposedly protected by Sophos -- were actually just Windows XP machines running with full administrative privileges -- meaning any user could install whatever he might like -- including malware and key loggers. The machines didn't even have Sophos's Anti-Virus installed -- instead they used AVG Professional 7.5 (a perfectly good anti-virus program, but its made by Grisoft -- not Sophos).
Eckelberry, who kept muttering "this is so evil," as he added more software to the machine, later said the prank reminded him of his days of messing with computers in Radio Shack as a teen.
Of course, the Sunbelt Software guys -- who the guys who discovered the Microsoft VML exploit in the wild in September and who make software products such as firewalls, anti-spyware and spam killers -- promptly removed their handiwork before running off to an afternoon meeting.
An RSA event employee, contacted by Wired News prior to running this item, said a contractor hired to install the kiosks hadn't done the work to spec and that these computers, along with others, had been fixed.
UPDATE: The Washington Post's computer security correspondent/blogger Brian Kreb's take is here.
-----------------------------------------------------
High Five to Alex for the RSA Pwnage!
No comments:
Post a Comment