Feeds

Airport PCs stuffed with meaty goodness

Intimate emails, malware, confidential data...

Top 5 reasons to deploy VMware with Tegile

Businesspeople are treating public access terminals in airport departure lounges as their home PCs and in the process exposing confidential data and email messages to all and sundry. A mixture of curiosity and boredom led consultants from the Dubai-based network security outfit Scanit to uncover a plethora of secrets left by globe-trotting executives who log on in-between flights.

Many airport executive lounges are equipped with PCs that allow business and first class fliers to surf the web. Rather than using a web-based email service and clearing the cache and password completion forms before shutting down, some execs are using Outlook Express packages on these machines to write emails.

Outlook Express is probably not configured to allow emails to be sent from these machines, so any message created simply moves to the system's 'outbox' where it remains indefinitely after the user clicks 'send'. Even if the system is configured to send messages, the email will normally be saved in the machine's 'sent items' folder. In either case, email messages are left wide open for subsequent access. You'd think most people would realise this but Scanit has discovered otherwise.

While traveling to meet clients, Scanit engineers found everything from intimate messages to mistresses (perfect for blackmail) to desktop-saved documents outlining multi-million dollar deals, complete with profit margins and lowest bid values.

Tasty.

They also found many of these airport lounge PCs were infected with computer viruses. Scanit chief exec David Michaux recalls a discovery he made while waiting for a delayed flight.

"As I was playing patience, I noticed heavy network traffic on the lounge machine’s taskbar even though I wasn’t using any network applications," he said. "After some delving I was amazed to find Back Orifice 2000 (BO2K) as the culprit. It had been invisibly collecting my keystrokes and sending a record of them to a Hotmail account every 15 minutes."

Michaux reported his findings to the lounge receptionist who said that she wasn't responsible for the security of machines. Another lapse (this time in a London airport) permitted users to log onto machines as an administrator rather than a restricted user. Again, Scanit’s engineers found key-loggers running on systems at the airport.

"The danger is that the CEO-types who travel on behalf of their companies and use these lounges are privy to usually sensitive data," Michaux explains. "This makes computers there a veritable goldmine, whether it’s executives downloading attachments from their web mail and leaving them on the desktop, or even deleting them afterwards, but not emptying the recycle bin before they leave to catch their plane."

Even executives who do take care are likely to be let down by the lounge’s lack of security, especially if a hacker has turned its machines into zombie drones. The security of wireless networks if often maligned but this is one problem wider use of laptops by business execs can help to control.

Michaux is keen to hear from anyone who has experienced security lapses on public access terminals, and invites users to contact him in confidence by email. ®

Internet Security Threat Report 2014

More from The Register

next story
'Kim Kardashian snaps naked selfies with a BLACKBERRY'. *Twitterati gasps*
More alleged private, nude celeb pics appear online
Home Depot ignored staff warnings of security fail laundry list
'Just use cash', former security staffer warns friends
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Snowden, Dotcom, throw bombs into NZ election campaign
Claim of tapped undersea cable refuted by Kiwi PM as Kim claims extradition plot
Freenode IRC users told to change passwords after securo-breach
Miscreants probably got in, you guys know the drill by now
THREE QUARTERS of Android mobes open to web page spy bug
Metasploit module gobbles KitKat SOP slop
BitTorrent's peer-to-peer chat app Bleep goes live as public alpha
A good day for privacy as invisble.im also reveals its approach to untraceable chats
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.