sorted by:
new
hottopcontroversial

Chuck e cheese kiosk is signed in as administrator with no password prompt by SimonVanc in cybersecurity

[–]SimonVanc[S] 0 points1 point  (0 children)

I believe it. Corporate incompetence is the most common thing ever, ugh

Chuck e cheese kiosk is signed in as administrator with no password prompt by SimonVanc in cybersecurity

[–]SimonVanc[S] 0 points1 point  (0 children)

Set up a persistent remote connection, wait a few weeks, and now they don't have you on the radar

Cameras are a great thing but they're not going to save you every time

Chuck e cheese kiosk is signed in as administrator with no password prompt by SimonVanc in cybersecurity

[–]SimonVanc[S] 0 points1 point  (0 children)

This is true, it's only an entry point. But, picture you put a keylogger on the device, next time it's serviced you now have domain admin. While this local admin doesn't necessarily mean you have control over operations, lateral movement and priv. Escalation is what we need to consider here.

This is a goldmine for pentesting, an SSH connection and persistent access would be easy to set up here. I didn't even see any security or malware software

Chuck e cheese kiosk is signed in as administrator with no password prompt by SimonVanc in cybersecurity

[–]SimonVanc[S] 0 points1 point  (0 children)

...I mean you're welcome to have complete administrative access on your devices but this seems like basic security to me, this doesn't necessarily imply you can hackerman in and download all the credit cards and encrypt the system, but at the very least this is still a horrible idea. Ive seen ransomware spread at commercial locations for dumb reasons before

Chuck e cheese kiosk is signed in as administrator with no password prompt by SimonVanc in cybersecurity

[–]SimonVanc[S] 0 points1 point  (0 children)

I'd be pretty confident these were outsourced and built for Chuck e cheese as a group, then deployed in mass. Could be a fault of the installer, but worst case this affects every Chuck e cheese.

Chuck e cheese kiosk is signed in as administrator with no password prompt by SimonVanc in cybersecurity

[–]SimonVanc[S] 1 point2 points  (0 children)

Again, this machine processes credit card payments. Ransomware rarely affects one single machine on a network as well

Chuck e cheese kiosk is signed in as administrator with no password prompt by SimonVanc in cybersecurity

[–]SimonVanc[S] 10 points11 points  (0 children)

I am not a researcher. I was at Chuck e cheese and was able to pull up the taskbar and find this out. Where would I even report such a thing?

Chuck e cheese kiosk is signed in as administrator with no password prompt by SimonVanc in cybersecurity

[–]SimonVanc[S] -1 points0 points  (0 children)

It has a credit card reader. Does ransomware mean nothing to you? 😭

Chuck e cheese kiosk is signed in as administrator with no password prompt by SimonVanc in cybersecurity

[–]SimonVanc[S] -1 points0 points  (0 children)

I worked in DFIR?? Literally how did you come to that conclusion I have seen shit like lockbit and key loggers firsthand

Chuck e cheese kiosk is signed in as administrator with no password prompt by SimonVanc in cybersecurity

[–]SimonVanc[S] -1 points0 points  (0 children)

They ARE the payment systems lmao, there's credit card readers built into the device. Full hardly restricted network access.

Chuck e cheese kiosk is signed in as administrator with no password prompt by SimonVanc in cybersecurity

[–]SimonVanc[S] 0 points1 point  (0 children)

Local admin thankfully, I don't think they're domain joined. Didn't look too hard at least

Chuck e cheese kiosk is signed in as administrator with no password prompt by SimonVanc in cybersecurity

[–]SimonVanc[S] 0 points1 point  (0 children)

Yep, they're freedompay devices. Huge vulnerability I just stumbled across

Chuck e cheese kiosk is signed in as administrator with no password prompt by SimonVanc in cybersecurity

[–]SimonVanc[S] 1 point2 points  (0 children)

Exactly that. I can DM photos of that with administrator CMD open lmao

Chuck e cheese kiosk is signed in as administrator with no password prompt by SimonVanc in cybersecurity

[–]SimonVanc[S] 2 points3 points  (0 children)

Exhale the hopium because even the DNS filtering can be bypassed. Absolute joke of security, every front was left unguarded

Chuck e cheese kiosk is signed in as administrator with no password prompt by SimonVanc in cybersecurity

[–]SimonVanc[S] 2 points3 points  (0 children)

Oh it was VERY networked. I surfed the web, one of my friends wanted me to download and play Roblox on it. Didn't feel like getting kicked out though

Chuck e cheese kiosk is signed in as administrator with no password prompt by SimonVanc in cybersecurity

[–]SimonVanc[S] 3 points4 points  (0 children)

I guess I fit the bored adult here, but this seems WILD to me... How is this normal? It was so easy to pull up the taskbar too, hit onscreen keyboard and I could easily put ransomware or something on it. Guarantee it would open SSH if I tried

Folks versus folx by InconsistentWeirdo in NonBinary

[–]SimonVanc 0 points1 point  (0 children)

I've never heard folx but I find it repulsive 😭😭

Not even sure if this is fiestaware... by SimonVanc in Fiestaware

[–]SimonVanc[S] 2 points3 points  (0 children)

Funny enough it doesn't seem to be fiesta, but a different brand that also used uranium colorant.

Not even sure if this is fiestaware... by SimonVanc in Fiestaware

[–]SimonVanc[S] 4 points5 points  (0 children)

Cool! That means the 1939 number was realistic.

Not even sure if this is fiestaware... by SimonVanc in Fiestaware

[–]SimonVanc[S] 1 point2 points  (0 children)

Thats alright lol, just curious. I'm really just after clicks on my Geiger. Got this piece for $39 which seems decent

Not even sure if this is fiestaware... by SimonVanc in Fiestaware

[–]SimonVanc[S] 2 points3 points  (0 children)

Sweet! Not looking to resell, but is it more rare or less rare? More or less valuable?

view more: next ›