Electronic Application Insecurity --------------------------------- (Spring, 2005) By clorox I'm sure most people searching for a job have filled out an electronic application at a business on one of their machines. I know about four months ago my friend was looking for a job and I figured I'd help him find one. No one was hiring so he decided to try a store in the mall. The store was JC Penney. We were brought into a room with two computers. He sat down and started to fill out his application and I, being the curious one I am, snooped around. The application itself was an HTML file that was being shown in IE in full screen mode. Ctrl+Alt+Delete did no good so I control escaped and it brought up the taskbar with the Start button and the task tray. The Start menu was bare, no way for me to execute an application there, just a shutdown button. But in the task tray they had McAfee Antivirus running. I'm not sure if it was a corporate enterprise version, but I doubleclicked it to try to find a way I could access the hard drive. There was a field with a Browse button next to it where you could change your virus database and it let me view the hard drive as well as the networked drives. I opened a Notepad file just so I could see txt files easier in the browser. I was snooping around when I came upon a folder in the C drive called apps. The text files in this folder were titled by a nine digit number. I opened one of the text files and it was Amie Laster's application. Formatted in this way: ssn-ssns-snn | Amie Laster | 0000101010101010110101011 The others were exactly like this so anyone could just sit down here, access everyone's applications, and pretty much exploit the person using this data. I sent an anonymous letter to the district office. I'm not sure if it's been fixed or not but I thought that people who are entering in critical information on a computer need to know where it is going and who has access to it. Other places you might find interesting: BestBuy: On their employee PCs near the CDs, control A and Z three times brings up the employee toolkit (this varies by store but it's combination of control, alt, or shift with two keys on the keyboard), which you need a login to use. On the demo PCs you can either double click the numbers on the right hand side or press control M to minimize the advertisement so you can access the drive. Their laptops usually have Internet access due to a wifi connection in the store. Circuit City: Their PCs are open and have a connection to the net. The world is yours. Shoutz: z3r0, shady, lucas, mayo, and josh.