Big W infecting photo printing customers?
Mon, 07/05/2010 - 17:05
Topic Source:
The Windows-based Fuji photo kiosks located in the company's stores apparently don't run antivirus software, so lovely little bits of malicious software like Trojan.Poison-36 are winding up on customers' USB keys, according to Risky Business listener and blogger Morgan Storey.
Tue, 07/06/2010 - 21:28
#2
I'm pretty sure they're
I'm pretty sure they're maintained by either Fuji or Siltech. Software installation and updates are remotely managed by one of those two companies.
Wed, 07/07/2010 - 01:08
#3
Seen similar in the UK, possibly same kiosk
I had a USB memory stick get an addition when I when to a local, independent, photo printing place, here in the UK. I think the machine there was a Fuji one, though it is obviously just a cheap PC in a box running some application full screen.
Like everything in business, if they think they can get away with being cheap (or they can shift costs), they will. These machines probably run the most simple version of Windows they can (XP home basic? Or that extra crippled version that MS condescendingly sold as for the 3rd world). They don't have AV because of licensing costs, and they machines would need to be updated near constantly too, and that extra labour will not be wanted by businesses. And configuring Windows to be a little more secure (read-only, locking down the file system using NTFS file permissions, enforcing application policies) would cost time and money.
I would not be surprised if these photo kiosk machines aren't just all running exactly the same hard drive image. It was probably configured once, and imaged. Then dumped on every machine the computer the vendor shifts.
I hate to sound like this too, but the worm on my memory stick wasn't any threat to me, as my operating system isn't stupid enough to execute something on newly inserted media, and even if it did, the trojan wouldn't work under Linux.
Microsoft's monopoly (confirmed by 2 continent-wide governments) has lead to insecure products, due to lack of competition. End users have a choice: either struggle when you inevitably get a virus/trojan/worm, or struggle with an alternative operating system that is not common place. I recommend the latter, as once you have learnt a little, the struggle is over, and your computing experience will be smoother and less liable to attack.
Wed, 07/07/2010 - 10:14
#4
Would love to know which
Would love to know which government department you're from, Anon... ;)
Wed, 07/07/2010 - 11:32
#5
Also, I didn't think to point
Also, I didn't think to point this out yesterday, but this is a story about Big W outlets in Australia... Risky.Biz is an Australian outlet, hence the reference to Big W being a subsidiary of Woolworths.
P
Wed, 07/07/2010 - 12:14
#6
Medi relations at BIG W
Dear Patrick,
I work for the media relations department of Woolworths.
I have received no email from you or this website with questions on this issue. Who did you talk to who said we don't like phone calls? They seem seriously misinformed.
My contact details, including phone number, can be found at the Woolworths Limited website.
http://www.woolworthslimited.com.au/phoenix.zhtml?c=144044&p=irol-contact1
Call me - I'd love to hear from you.
Beendict
Wed, 07/07/2010 - 12:42
#7
As I pointed out in my e-mail
As I pointed out in my e-mail to you, I rang your reception and asked for the media affairs department.
I was told to e-mail amiller [at] bigw.com.au and that a reply would be virtually instant.
I waited four hours before publishing, which I thought was reasonable given that I'd been fobbed off on the phone.
As it turns out that address is for your marketing manager, not your media relations manager. It's certainly not my fault that I was given the incorrect information by your receptionist.
The only person who was seriously misinformed here appears to be your receptionist.
And you.
Wed, 07/07/2010 - 13:31
#8
Poorly implemented Tech!
There is no reason for this to be an issue, even with using an insecure-by-design OS like windows! The machines should be booting off a network image that is read-only and as previously mentioned, the usb sticks and memory cards should be only used (or mounted in unix/linux parlance) read-only to avoid stupid stuff like this.
A far better option would be to use a dedicated, embedded OS that would be take these sorts of risk into account, and work around them.
Basically, Big W & Woolies need to tell their IT suppliers to get a clue and do some basic risk management of their own!
Thu, 07/08/2010 - 16:58
#9
Media relations at Big W
I can confirm Patrick Gray's assertion that Big W's media relations department is a bit high-handed. I am a trade journalist in the photo industry and I had to wait weeks to get a response to a series of questions (put in writing), and consequently missed a deadline. When I was so rude as to ask why there was such a wait, I was told that Woolworths had far more important issues and media to deal with that me.
What the response from the Woolies PR person lacks in humility it makes up for in hubris! Maybe they need to get to launch a PR campaign to improve the 'brand' of their PR department...
These kiosks are, I think, looked afer internally by Big W. Most of the servicing involves swap-in swap out of faulty card readers and the like.
Keith Shipton
keiths@photocounter.com.au
Thu, 07/08/2010 - 19:49
#10
BIG W Kiosks
As a previous employee of XXX (who at the time I was there serviced the BigW Kiosks as this company did the work for Dell (kiosks have a have a dell sff pc in them)
On numerous occasions upon visiting Kiosks (most of the time blown power supplies, and dirt clogged CPU fans)
that many times I remember seeing questionable processes running in Task manager and the list of dodgy sofware on there was rather amusing, not to mention klez,conficker,bugbear, theres a few I can remember the processes of the top of my head they were so common
On several occasions I reported this to both Dell and BigW helpdesk and after I left there a few years later my concerns were still not addressed.
I should also add that its very easy, still to this day to press a certain part of the screen a certain number of times and have the full windows desktop appear where you can go nuts as some machines are logged in with administrator rights.
The thing which concerned me most was when I was there (I sure hope this has changed) the photo lab computers were on the same network as the self service terminals, I could ping/even browse the c$ of other registers WITHOUT PASSWORDS.
although before I left the firewall and anti-virus was enabled on the self service terminals.
As to the OS, they ran (when I was there) Windows XP Embedded, the same OS the self service terminals use and ATM's which was another part of my job.
Fri, 07/09/2010 - 00:42
#11
Hi Everyone, I am Morgan
Hi Everyone, I am Morgan Storey.
I didn't realise this was such big news when I discovered the issue, really viruses on kiosks I thought where pretty old hat. I am sure I have seen it before, just never blogged about it or took the details, like I did this day (noted down the docket details and screenshotted the file creation time of mere 10 minutes before the reciept for printing the photos)
But I am hoping that now it has hit the media it will get fixed and no one who is succeptable gets infected.
I actually sent the first message to Big W on the 30th, got a response on the second.
I don't think using a different OS would have fixed this, if they were running Linux Kiosks running as root (ala windows as admin), someone could write some malware for it fairly easily I imagine.
We (govt dept) advised Big W in September 2009 about persistent infections - mainly Conficker, from staff carried USBs from the local Big W photo kiosks.
We even advised staff of the issue and warned of the risk.
Bert