Posted by: Diabolic Preacher | July 4, 2007

stupid jet airways ticketing kiosk…for stupid people

i don’t mind exposing this kind of negligence on the part of Jet airways airport staff…and kiosks

the delhi airport has as far as i noticed, 2 kiosks for jet airways, where basically you can check your ticket’s status with PNR no. and other informational stuff. Anyways my primary intention was to check for stuff other than what was shown ;P Here’s how the experiment proceeded and succeeded. You gotta agree, anything that’s possible with mouse-clicks/finger touches is easier than just about anything…even newbies could do it…but most of delhi airport jet passengers were innocent assholes.

  1. When clicking on any of the links/buttons, i noticed the windows XP logo, the page loading bar and the window size control buttons ( minimize, restore from full screen and close).
  2. These buttons however last only as long as the page is loading, which is quite a bit, since unlike using a mouse, finger touch ensures the mouse cursor reaches where you want to click at the very instant that you touch the screen.
  3. noticing these a few times (there was no queue at that time so i could experiment with relative easy) i clicked near the area of minimize and restore buttons and one among them restored “Internet Explorer to maximized mode but sans the menu toolbar and the address bar. Although, it showed the standard icon toolbar (back, fwd, reload, home, etc.)
  4. Among the external application icons, Windows/MSN Messenger comes by default and so does the icon on IE 6. So I just clicked on the messenger icon…initially feelin like gettin online n then being “oops! no keyboard. :p” I clicked on the Help link on the messenger sign-in box but i suppose the kiosk doesn’t have internet access.
  5. Under File menu of Windows Messenger, I noticed the item to view received files…now isn’t that itself risky? u don’t even need to sign in to get to the received files of possibly someone else who used the computer before you. its partly also the weakness of the filesystem level security as well. you probably would be having more messenger accounts than computer user accounts…but M$ doesn’t see it that way.
  6. bas! aur kya? once i got to an explorer window, the helpful task panes of windows xp made it real easy to get to My Computer in a click and voila! that barely used kiosk has 80 fuckin Gb’s of data and as the partitions C n D showed, it was barely used upto (say) even 5%.

These kiosks can improve performance with usage of Google Gears and Firefox 3 which allows caching of web applications and hence complete transactions more instantaneously. if not firefox, atleast they could have upgraded to IE 7, (or perhaps the windows copies are not genuine/authentic/blessed by bill gates/rebellious) or even better they could use one of the customized slimmed down linux distros.

if information is so easy to collect from the hard disks, how safe do you think it is to use them? secondly windows filesystems despite a 1000 passwords are no good beyond hiding stuff within Documents and Settings. anything else needs a manual permission setting on a directory by directory basis. its always safer to whitelist rather than blacklist access permissions when setting up default install scripts, especially in this case where the functionality required is very minimal…was the messenger really required? all in all jet airways is still a newbie at getting kiosks secure. but the fact is that passengers mosly need an operator who blindly follows the default sequence of buttons. guess it’ll be loadsa fun to use the prank program which keeps swappin the ok n cancel buttons. maybe a shutdown button would add to the fun. 😛

These companies should train their airport ground staff with unhappy-cases (in use case model/description…this means the methods by which things can go wrong and how to rectify it, without exposing information (like debug messages to the users…some may get irritated and some … happy 😉 They should either move away from windows or configure it as securely as possible which by default and by the GUI options is still not trustworthy enough.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Categories

%d bloggers like this: