-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

<!-- 2009-04-05 -->I love the Minneapolis airport. For an information security geek, it never fails to provide some interesting gem. 

<table>
<tr><td>Wandering through the airport this week I ran across a Delta "Helpline" kiosk (formerly Northwest's Rebook Service Center).  Every time I walk through the airport I see these gray kiosks closed up and pushed aside in some corner. 
</td><td>
<img src="http://philosecurity.org/wp-content/uploads/2009/04/nwa_cart3-254x300.jpg" alt="nwa_cart3" title="nwa_cart3" width="190" height="225" class="right size-medium wp-image-1400" />
</td>
</tr>
<tr><td>As luck would have it, this one was open. There were several cell phones sitting on it, tethered to desks. A sign instructed users to contact a Northwest agent by picking up the phone and dialing "1692 #TALK." 
</td><td> 
<img src="http://philosecurity.org/wp-content/uploads/2009/04/helpline-desk3-297x300.jpg" alt="helpline-desk3" title="helpline-desk3" width="168" height="168" class="right size-medium wp-image-1404" />
</td></tr>
<tr><td>
"The phone can only be used to access the Northwest Customer Service Rebook Hotline," concluded the sign.

Apparently, that didn't stop people from trying (and perhaps succeeding). The phone allowed full access to call history, revealing all outbound numbers that had been dialed, to both cell phones and land lines:
</td><td>
<img src="http://philosecurity.org/wp-content/uploads/2009/04/helpline_cell1-225x300.jpg" alt="helpline_cell1" title="helpline_cell1" width="168" height="225" class="right size-medium wp-image-1382" />
</td></tr>
<tr><td>
What's more, the phone also allowed full access to configuration information, including Northwest's Sprint user account name and associated phone IDs. 
</td><td>
<img src="http://philosecurity.org/wp-content/uploads/2009/04/helpline_cell31-225x300.jpg" alt="helpline_cell31" title="helpline_cell31" width="168" height="225" class="right size-medium wp-image-1389" />
</td></tr>
<tr><td>
Funky. Reminds me of a public toilet that never gets cleaned.
</td><td>
<img src="http://philosecurity.org/wp-content/uploads/2009/04/helpline-kiosk-300x264.jpg" alt="helpline-kiosk" title="helpline-kiosk" width="168" height="148" class="right size-medium wp-image-1421" />
</td></tr>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Use GnuPG with Firefox : http://getfiregpg.org (Version: 0.7.5)

iEYEARECAAYFAknZexoACgkQSAUOoW73R4z0SwCghszGlqRCcoJRGLYHwY7sjZYf
3m8An12LqKWvbxfFKtKkaHpgLNv9nnyl
=Zc5a
-----END PGP SIGNATURE-----