Secure Credit Card Station
William Park
opengeometry-FFYn/CNdgSA at public.gmane.org
Sun Sep 22 06:57:53 UTC 2013
On Sat, Sep 21, 2013 at 04:19:33PM -0400, Howard Gibson wrote:
> An organzation I belong to is interested in setting up a laptop on
> which members can do credit card transactions. I pointed out to
> them that I do not type my credit card number onto MY laptop. I am
> sure as hell not typing it on someone else's. I am looking into
> the problem here, at the very least, because it is interesting.
> Let us assume people are willing to trust us.
>
> The offending laptop is running Linux. It is connected to the
> internet, probably through wifi. It is placed facing a wall or
> some other barrier so that people can sit at it and not have their
> keystrokes observed. I have set up a user account with a
> restricted environment. The user can launch a browser that
> connects to our website, or they can log out. There is no access
> to other applications, file managers, or terminals. We will log
> them in. They will not know the password. There are multiple ways
> to do this. I picked one of them. As far as I know, the machine
> passes http://www.grc.com's True Stealth analysis. I need to test
> this.
>
> Any thoughts on this?
>
> If you knew we were doing this, how would you hack into the machine?
If you are talking about letting members shop online, then I think there
is "Start Private Browsing" (under Tools tab) in Firefox. You can tell
them to use that. But, I would recommend to avoid this kind of
liability.
--
William
--
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy
mailing list