This time, I went to Beijing to attend xcon, China Information Security Focus conference, and transferred to Seoul on the way. There are 4 computers in the business class lounge in Seoul to provide Internet services. I have seen many people view their emails, such as Gmail. One of the other brothers used Outlook Web Access to view the company's email.
Out of curiosity, when a machine is idle, I want to check its security settings, for example, whether a firewall is enabled or automatic update is set. However, you have not had time to view these configurations. My first note is the currently running user account. I originally estimated that because it is provided to the public, the public must use a common user account and should not be able to perform any sensitive operations. As a result, I found that the account used by each user is the local administrator account ). That is to say, I can do anything. The CD and USB interfaces of the system are completely effective. to install a key logger software to steal the email logon password of other users, you just need to start using it. If someone, like the old man, directly accesses company emails through OWA, the information is enough to break into the internal network of a company. If you need to access personal or sensitive information on any public computer, such as your personal email, pay attention to the following two points:
- Do you trust the provider of this computer.
- Do you trust the security configuration of this computer.
If any condition cannot be met, you should not proceed. For example, for a machine in an Internet cafe on the street, if the first condition is not met, you can play a game. Otherwise, you 'd better not do it. Although the first condition is met for the machine in the Hancheng airport lounge, its security settings allow any user to modify and install system software, how can I trust my personal information not to be stolen?