Well off I went to the cinema last night and attempted to purchase a ticket from their automatic ticket booths (because I get to pick seats then). In the corner of the screen was a Norton Antivirus popup proudly displaying a warning about "w32.hllw.nebiwo".

(more info http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.nebiwo.html). In principle it's a windows affecting worm.

Wouldn't you have thought that machines which deal with your credit card / debit card details would be kept well away from the internet which is where the worm started ?

Makes you wonder how safe your details really are when you swipe your card somewhere as I'm sure an unknown worm with an altered payload could have got further and caused some real damage or details theft ?

scary indeed, Ive seen a virus (saw the familiar popup) crash all the monitors in a vegas casino before, which was kinda funny as they all had to reboot

Originally posted by KermitTheFrag
Wouldn't you have thought that machines which deal with your credit card / debit card details would be kept well away from the internet which is where the worm started ?

But then how would they confirm your credit card?
You are charged when you swipe the card not when you book the tickets.
Also it checks your card number against the one used to book the seats so it knows who you are. All done over the friendly interweb :)

I've seen the Windows BSOD on those Warner ticket machines before but never an Anti Virus message.

Well i would have thought them to work the same as the PQD machines, IE not be directly connected and dial up to a secure credit card place only when required.

yeah but where did the worm come from ?

But PDQ machines only take payments.
The Warner machines have to check your card against a booking.
I guess the bookings database is held in a single location that all the machines connect to.

UNLESS IT WAS SOMEONE DELIBERATELY TRYING TO DO SOMETHING TO THE WARNER BORTHERS SYSTEMS?

H4X OR A DISGRUNTLED EMPLOYEE?


JUST NOTCIED THIS IS ALL IN CAPS BUT CBA TO CHANGE IT...

ive seen several BSOD'ed cash machines and a gambling machine in The Orange House - Swansea that had locked up on the Win2k boot screen...

There are quite a few nice photos of those huge cinema screens in New York and such getting BSODs randomly, same with the train departure monitor things

Yeah, they should be connected to a secure back end system not to the internet.

Just be thankful they had an antivirus package running on it... A lot of people in industries like this really haven't got a clue.

lovely when you see this before you board your flight...
http://www.jobsmaps.com/other/pictures/crashedcarosel.jpg

Originally posted by KermitTheFrag
Well off I went to the cinema last night and attempted to purchase a ticket from their automatic ticket booths (because I get to pick seats then). In the corner of the screen was a Norton Antivirus popup proudly displaying a warning about "w32.hllw.nebiwo".

(more info http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.nebiwo.html). In principle it's a windows affecting worm.

Wouldn't you have thought that machines which deal with your credit card / debit card details would be kept well away from the internet which is where the worm started ?

Makes you wonder how safe your details really are when you swipe your card somewhere as I'm sure an unknown worm with an altered payload could have got further and caused some real damage or details theft ?

Developing 1 ordering system, thats on the net is far easier, cheaper and sometimes safer. It'll allow home users to order online and cinemas to setup cheaper self-booking machines.

Firstly, the Windows OS, if it's using the internet it's safer using this than building your own OS. In the long term with auto update, virus checkers and a fully configured firewall, not forgetting the SSL connection to the online server, being hacked into and loosing your details is almost impossible.

Secondly, there are FAR easier ways to get other peoples full credit card details.

social engineering for one, its suprising how many people fall for it

Defcon spot on.

PC security etc may have moved on lots on last few years but telephone stuff is erm ;0

Originally posted by Defcon
Firstly, the Windows OS, if it's using the internet it's safer using this than building your own OS. In the long term with auto update, virus checkers and a fully configured firewall, not forgetting the SSL connection to the online server, being hacked into and loosing your details is almost impossible.

I shun any corporate that uses any kind of auto updater - look at what a couple of patches have done to systems.

Obviously the firewall isn't configured properly as this is a worm which spreads via an IP port actually managed to reach an endpoint on the network. SMB is visible on the network.

It only takes one mistake and humans aren't perfect by any means.

I think your argument is floored.

How about, FLAWED.

:p:

i suppose floored would work as well because essentially he's saying its been knocked on its arse

looks like i get no prizes for my english language :/

*mentally writes down flawed in his head*

aye the one's in plymouth both had illegial operations. Warner Bro cinemas.