Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Paul Craig (paul.craigsecurity-assessment.com)
Date: Wed May 27 2009 - 04:01:33 CDT
Last year at Defcon 16 I released iKAT v1.0, the Interactive Kiosk Attack tool.
Those who went to Defcon and saw the hacked kiosks at the riverra, may realize just how effective iKAT was on the day.
The concept is very simple, iKAT is a website you visit from a Kiosk terminal.
iKAT's sole purpose is to pop shell on the Kiosk, using every possible technology.
What you do with the shell, is up to you...
It works, it works really well, and it works very fast.
I have been developing a new version of iKAT (v2) which I plan to demo at ShakaCon next month!
However I have released it publically today at : http://ikat.ha.cked.net
Multiple Kiosk vendors have taken to directly blocking the iKAT URL in new versions of their software.
To combat this I have also setup the alias domain: http://ikat2.ha.cked.net
iKAT v2.0 is now multi-platform, and supports Linux, Windows and some OSX based Kiosks.
It also supports FireFox and Safari based Kiosks (not just IE anymore!)
I have been busy writing tools, and more Kiosk specific exploitation tricks.
V2.0 represents a much faster and smoother Kiosk hacking experience.
If you are coming to ShakaCon 2k9 make sure you come see my talk, or at least buy me a beer.
On a final note, the 'iKAT Girl' as some people call her ( the iKAT logo) , is a common point of contention people like to email me about.
Apparently a "half naked girl plucking a thong out of her ass" is not acceptable when your hacking a Kiosk in public (or an airport)..
I would just like to remind everyone that iKAT was not designed to hack public Kiosks, or Kiosks in hotels.
Principal Security Consultant
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/