Secure Credit Card Station
Howard Gibson
hgibson-MwcKTmeKVNQ at public.gmane.org
Sat Sep 21 20:19:33 UTC 2013
An organzation I belong to is interested in setting up a laptop on which members can do credit card transactions. I pointed out to them that I do not type my credit card number onto MY laptop. I am sure as hell not typing it on someone else's. I am looking into the problem here, at the very least, because it is interesting. Let us assume people are willing to trust us.
The offending laptop is running Linux. It is connected to the internet, probably through wifi. It is placed facing a wall or some other barrier so that people can sit at it and not have their keystrokes observed. I have set up a user account with a restricted environment. The user can launch a browser that connects to our website, or they can log out. There is no access to other applications, file managers, or terminals. We will log them in. They will not know the password. There are multiple ways to do this. I picked one of them. As far as I know, the machine passes http://www.grc.com's True Stealth analysis. I need to test this.
Any thoughts on this?
If you knew we were doing this, how would you hack into the machine?
--
Howard Gibson
hgibson-MwcKTmeKVNQ at public.gmane.org
howard.gibson-PadmjKOQAFnQT0dZR+AlfA at public.gmane.org
jhowardgibson-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
http://home.eol.ca/~hgibson
--
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy
mailing list