Secure Credit Card Station

William Park opengeometry-FFYn/CNdgSA at public.gmane.org
Sun Sep 22 06:57:53 UTC 2013


On Sat, Sep 21, 2013 at 04:19:33PM -0400, Howard Gibson wrote:
>    An organzation I belong to is interested in setting up a laptop on
>    which members can do credit card transactions.  I pointed out to
>    them that I do not type my credit card number onto MY laptop.  I am
>    sure as hell not typing it on someone else's.  I am looking into
>    the problem here, at the very least, because it is interesting.
>    Let us assume people are willing to trust us.  
> 
>    The offending laptop is running Linux.  It is connected to the
>    internet, probably through wifi.  It is placed facing a wall or
>    some other barrier so that people can sit at it and not have their
>    keystrokes observed.  I have set up a user account with a
>    restricted environment.  The user can launch a browser that
>    connects to our website, or they can log out.  There is no access
>    to other applications, file managers, or terminals.  We will log
>    them in.  They will not know the password.  There are multiple ways
>    to do this.  I picked one of them.  As far as I know, the machine
>    passes http://www.grc.com's True Stealth analysis.  I need to test
>    this.
> 
>    Any thoughts on this?
> 
>    If you knew we were doing this, how would you hack into the machine?  

If you are talking about letting members shop online, then I think there
is "Start Private Browsing" (under Tools tab) in Firefox.  You can tell
them to use that.  But, I would recommend to avoid this kind of
liability.
-- 
William
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists





More information about the Legacy mailing list