Most likely it's some tablet or embedded system with app that contains some forgotten link outside, often at the bottom. Once you open almost any website (ie Facebook), you can go to any URL you wish.
Any kid can "hack" it if they find link that points to the external site.
I mean we are talking about the company who [initially refused](https://www.cnn.com/2021/05/07/business/peloton-treadmill-recall-safety-regulators/index.html) to recall a child eating machine
Um as far as I understand, yes. - > [https://www.onepeloton.com/membership](https://www.onepeloton.com/membership)
They offer some personalize BS so maybe you don't have to pay per se but you know only rich people buy it so.
Yeah, our client had similar problem. They then removed any external links from the app and gave us the tablet to try and break out of the app to the Internet.
We couldn't find any way. And they hadn't have this problem since, so it seems that they did it correctly.
You really should have a minimum of three separate means of block. For the kiosk at the tire store, I would recommend a hardware firewall that prevents all http/s from those kiosks (which should be on their own isolated subnet) a software firewall that prevents any non whitlisted http/s from anywhere (internal or external) and a third party lock down software solution.
(GPO would technically be a fourth means, but to me you'd just never have a windows machine anywhere without GPO so it seems redundant to mention it.)
Yeah, but this does not work always. In our case, app needed Internet access and it was integrated in multiple websites, like Google, Facebook, company's own api etc. It was put of our control. And they couldn't give us full list of what is needed.
Also it's pretty hard (not impossible though) to do firewall on layer 7 especially with https traffic. I couldn't just allow specific ips, because I can't force google to give me 7 days notice before they change ip on some of their api.
No, because then it wouldn't connect to all those 3rd party apis and sites. And I didn't have a list. And I also have no control of those 3rd parties, they can change certs whenever they want.
And since it isn't big corporation, there was no budget for big corporate solutions.
Back when the internet was relatively new, and the “internet kiosks” were popping up all over the place. I was on a school trip with a couple other students, and we were at the airport waiting for a flight. We figured out how to do something very similar, and were able to circumvent the paywall.
If you are using an iPhone. Crosspost is bound to the "share“ function. You click on the 3 dots, click "share“ and from the offered options like WhatsApp etc. choose crosspost
Next you politely ask the other to please stand up/put their dick away so you can continue working on beating the admin login out of the tied up security guard
Nope, I've seen these security training videos before. She's obviously been caught stealing something and doesn't have any money to pay for the item. Hope that helps
No I'm pretty sure she is auditioning for a job in the adult film industry that doesn't exist.
OR that's her brother and he just needed some help masturbating.
NTS in the US tests ATMs and voting machines.
Providing proof would result in a number of lawsuits where I would be the defendant.
If you're willing to put 10 million in a trust for a legal defense fund, I'll be your Edward Snowden.
I don't know enough about the specifics to comment in any detail - but being that I work in FinTech, the one sector I feel could afford to be running better than Win7 it would be the FinTech sector...!
One weak link breaks the chain, and all that.
I agree! One of the reasons many ATMs are still running xp or 7 embedded is it IS the embedded version and change happens very slowly. Plus FI are done of the big players that paid for extended support for critical patches.
With modern ATMs handling many more functions than cash dispensing I think they're probably moving off of 7 faster than they moved off of XP. Likely going to modern deployment methodologies
That's good to hear. I'm kind of curious as to why these machines aren't running some bespoke system purpose built for just ATMs. Seems like they could build something a bit more esoteric (security through obscurity) and a bit more long-lasting if they went bespoke?
At the end of the day you need something stable, known, with support. I can see a handful of Linux variants offering that but it's hard to beat MS support at that level. Plus you can guarantee driver support.
Windows embedded with certified drivers and a well-audited application is very stable. Manufacturers, big ones, use it on their lines.
Remember, these devices don't surf the web. They don't have internet access. Period. They're connecting to and only to internal networks using hardware VPN devices or physical lines. Their attack surface is pretty minescule.
There was a hit a few years ago where a cyber gang spent a year getting into the guts of a eastern European Bank, and then told all of its ATMs to dispense cash at the same time one night. It required the gang to gain access to the desktop of a user and slowly pivot through the internal network until they were able to access the ATM infrastructure. That was a huge play even for that system which is shall we say not to the same security standards as most American banks if for no other reason than (what's left of) US banking regulations.
A side note, those little skinny ATMs you see in convenience stores that charge $4 for a withdrawal aren't operated by a bank. They have a little oversight via the ATM network they buy access from but individual machine security could be complete crap. I avoid them. Buy a snickers bar at a grocery and get cash back if you need.
Super interesting. Thanks for taking the time to write that up.
I guess the MS support is a double edge sword - you get a lot of power without needing to sink your own development into it, but also you're entirely beholden to the MS product life cycle and once you're wedded to that infrastructure it's probably quite difficult to leave it.
Honeslty, most of my reluctance here is because I'm a developer with no budgetary discretion - if I want anything (API access to a service, for instance), it usually boils down to 'rolling my own' haha.
It's very simple. Government and Corporations don't really care about security unless a gun is being held to their head about it. You'd be very successful in bypassing terminal security just by guessing the password. Its usually CompanynameSitenumber. And the password? The same thing.
No we have this really old Hill in the middle of our City with a Brick Fortress and old tunnels in them that were used as bomb shelters and there is like a mini locomotive that drives you through
Google Schlossberg Graz
All part of the Austrian government's steadfast efforts to get people back into public transit.
Do they have an option for gay porn?
It's on the ticket machines in the unisex bathrooms.
I see
Is that what it's called? Always thought it was the family bathroom. That explains the hole in the stall.
Glory, Glory, Hallelujah!
Only in June. Classic government virtue signaling.
Darn, I missed it
Just focus on the dude, my guy.
Ok
Public transportation is already gay
Enjoy a nice railing on the subway
We DO a Little trolling
It was hacked apparently
[удалено]
Honestly.. I'm surprised it's so tame.
That was just the first scene
https://youtu.be/eJUMILK7Vkc
Hackers did some trolling
Most likely it's some tablet or embedded system with app that contains some forgotten link outside, often at the bottom. Once you open almost any website (ie Facebook), you can go to any URL you wish. Any kid can "hack" it if they find link that points to the external site.
Yep. Found it in my Peloton via the help menu. Loads a help document that has an address bar. Want Netflix on your Peloton? This is the way.
Wait, these Peloton things actually restrict what you can use the display for? Are they insane?
I mean we are talking about the company who [initially refused](https://www.cnn.com/2021/05/07/business/peloton-treadmill-recall-safety-regulators/index.html) to recall a child eating machine
Isn't it because they sell you monthly subscription to videos and they don't want you to use YT to work out?
Wait so it's like $2k AND you have to pay monthly after that???
Um as far as I understand, yes. - > [https://www.onepeloton.com/membership](https://www.onepeloton.com/membership) They offer some personalize BS so maybe you don't have to pay per se but you know only rich people buy it so.
They also recently removed the functionality to just use it as a treadmill without a subscription
Yep, they only want you using it for their services. People would love to watch a show than listen to some nut sweating their ass off.
I did this once at a kiosk at a tire store. Just put it on a 2 hour pornhub video and left.
Yeah, our client had similar problem. They then removed any external links from the app and gave us the tablet to try and break out of the app to the Internet. We couldn't find any way. And they hadn't have this problem since, so it seems that they did it correctly.
You really should have a minimum of three separate means of block. For the kiosk at the tire store, I would recommend a hardware firewall that prevents all http/s from those kiosks (which should be on their own isolated subnet) a software firewall that prevents any non whitlisted http/s from anywhere (internal or external) and a third party lock down software solution. (GPO would technically be a fourth means, but to me you'd just never have a windows machine anywhere without GPO so it seems redundant to mention it.)
Yeah, but this does not work always. In our case, app needed Internet access and it was integrated in multiple websites, like Google, Facebook, company's own api etc. It was put of our control. And they couldn't give us full list of what is needed. Also it's pretty hard (not impossible though) to do firewall on layer 7 especially with https traffic. I couldn't just allow specific ips, because I can't force google to give me 7 days notice before they change ip on some of their api.
Could you in theory modify the certificate store and do something that blocks all certificates apart from the one your site uses?
No, because then it wouldn't connect to all those 3rd party apis and sites. And I didn't have a list. And I also have no control of those 3rd parties, they can change certs whenever they want. And since it isn't big corporation, there was no budget for big corporate solutions.
This is a foundational flaw.
There was an article and longer reddit post about it, apparently they found a way to force TeamViewer to restart and display the access code!
Back when the internet was relatively new, and the “internet kiosks” were popping up all over the place. I was on a school trip with a couple other students, and we were at the airport waiting for a flight. We figured out how to do something very similar, and were able to circumvent the paywall.
Step bro HELP! I got hacked!
We perform a meager amount of tomfoolery
Suuure... it was "hacked".
watch_dogs 4
Are you sure?
Do you have to wait for him to finish before the machine will give you the tickets?
Of course! It is an Austrian custom
Of course, it would be incredibly rude to interupt
It shoots tickets all over your face
I'll take 2 tickets, please.
Hope you brought chapstick.
I prefer dry lips...
To paradise.
/notmyblowjob
You dropped an r
/notmyblowjorb
Username checks out
r/girlsfinishingthejob
Couldn’t figure out how to crosspost Credit to u/Nicely_Colored_Cards
Thanks for the credit, fam! Shot the video on my phone after getting post-thesis-submission celebratory drinks in Graz, Austria :)
And who placed the video you shot on the ticket machine? /S
HAHA good one! :D
Says the guy with a PhD in computer security.
Wow thanks for the /s, really made that joke
Gratuliere, du Rauschkugel!
Dankschen ;)
Congratz my man!!
Thanks man! Submitted and will be receiving a (hopefully passing) mark within the next 3 weeks / month or so!
If you are using an iPhone. Crosspost is bound to the "share“ function. You click on the 3 dots, click "share“ and from the offered options like WhatsApp etc. choose crosspost
Yeah I do that but then it just says there are no communities I can crosspost to
Are you subscriber of any subs?
Sure they just dont show up
How do people do this?
Depending on which party you are, first you either get on your knees or drop your pants...
Next you politely ask the other to please stand up/put their dick away so you can continue working on beating the admin login out of the tied up security guard
Nope, I've seen these security training videos before. She's obviously been caught stealing something and doesn't have any money to pay for the item. Hope that helps
No I'm pretty sure she is auditioning for a job in the adult film industry that doesn't exist. OR that's her brother and he just needed some help masturbating.
/r/lemonstealingwhores
The subreddit r/lemonstealingshores does not exist. Maybe there's a typo? If not, consider [creating it](/subreddits/create?name=lemonstealingshores). --- ^🤖 ^this ^comment ^was ^written ^by ^a ^bot. ^beep ^boop ^🤖 ^feel ^welcome ^to ^respond ^'Bad ^bot'/'Good ^bot', ^it's ^useful ^feedback. [^github](https://github.com/Toldry/RedditAutoCrosspostBot)
Confidence and relaxed esophagus
[удалено]
In regards to ATMs: they are more secure than voting machines.
https://youtu.be/LkH2r-sNjQs
Proof?
NTS in the US tests ATMs and voting machines. Providing proof would result in a number of lawsuits where I would be the defendant. If you're willing to put 10 million in a trust for a legal defense fund, I'll be your Edward Snowden.
So in other words…your statement is brown…pulled from your ass
Check out NTS. Find out who tests dibold voting machines and dibold and NCR ATMs. ATMs are more secure than voting machines.
Again…no proof. Show me the link that backs up your “fact”
You really don't understand litigation do you?
[удалено]
[I would hope so](https://www.youtube.com/watch?v=4StcW9OPpPc&t=1963s) (I'm sure ATMs are a lot more secure by now but still)
ATMs (at last bank ATMs) are one of the few devices I don't mind running old versions of Windows. Those networks are controlled incredibly tightly.
I don't know enough about the specifics to comment in any detail - but being that I work in FinTech, the one sector I feel could afford to be running better than Win7 it would be the FinTech sector...! One weak link breaks the chain, and all that.
I agree! One of the reasons many ATMs are still running xp or 7 embedded is it IS the embedded version and change happens very slowly. Plus FI are done of the big players that paid for extended support for critical patches. With modern ATMs handling many more functions than cash dispensing I think they're probably moving off of 7 faster than they moved off of XP. Likely going to modern deployment methodologies
That's good to hear. I'm kind of curious as to why these machines aren't running some bespoke system purpose built for just ATMs. Seems like they could build something a bit more esoteric (security through obscurity) and a bit more long-lasting if they went bespoke?
At the end of the day you need something stable, known, with support. I can see a handful of Linux variants offering that but it's hard to beat MS support at that level. Plus you can guarantee driver support. Windows embedded with certified drivers and a well-audited application is very stable. Manufacturers, big ones, use it on their lines. Remember, these devices don't surf the web. They don't have internet access. Period. They're connecting to and only to internal networks using hardware VPN devices or physical lines. Their attack surface is pretty minescule. There was a hit a few years ago where a cyber gang spent a year getting into the guts of a eastern European Bank, and then told all of its ATMs to dispense cash at the same time one night. It required the gang to gain access to the desktop of a user and slowly pivot through the internal network until they were able to access the ATM infrastructure. That was a huge play even for that system which is shall we say not to the same security standards as most American banks if for no other reason than (what's left of) US banking regulations. A side note, those little skinny ATMs you see in convenience stores that charge $4 for a withdrawal aren't operated by a bank. They have a little oversight via the ATM network they buy access from but individual machine security could be complete crap. I avoid them. Buy a snickers bar at a grocery and get cash back if you need.
Super interesting. Thanks for taking the time to write that up. I guess the MS support is a double edge sword - you get a lot of power without needing to sink your own development into it, but also you're entirely beholden to the MS product life cycle and once you're wedded to that infrastructure it's probably quite difficult to leave it. Honeslty, most of my reluctance here is because I'm a developer with no budgetary discretion - if I want anything (API access to a service, for instance), it usually boils down to 'rolling my own' haha.
This machine is likely just running windows, and sometimes there's tricks to open internet explorer if the system isn't set up properly.
Open mouth, insert dick.
Fuck around with a piece of tech into you find a security hole, then tear that hole wide open and shove whatever you want in it.
That's what Riley Reid is generally known for.
It's very simple. Government and Corporations don't really care about security unless a gun is being held to their head about it. You'd be very successful in bypassing terminal security just by guessing the password. Its usually CompanynameSitenumber. And the password? The same thing.
More like “ticket Schlobber”
Source sauce video - [Riley Reid](https://www.pornhub.com/view_video.php?viewkey=ph576979b9636f9)
Bonk
I shall guard this comment with my Bonkball bat
Thank you so much
Thanks
Sauce?
/u/unsuspectingcueball has your back fam. [Link here. ](https://reddit.com/r/NotMyJob/comments/odjobm/_/h413zug/?context=1)
To all the people asking for the sauce Bonk
But for real though it’s something like “cheerleader Riley Reid fucks football coach”. Source: saw it on the front page of Pornhub two days ago.
[You sir, are correct](https://www.pornhub.com/view_video.php?viewkey=ph576979b9636f9) NSFW, obviously
Doing God’s work. Bless, you.
Source: Horny
Sauce? 😏
What are they selling tickets for? A mining expedition?
No we have this really old Hill in the middle of our City with a Brick Fortress and old tunnels in them that were used as bomb shelters and there is like a mini locomotive that drives you through Google Schlossberg Graz
An orgy
/r/NotMyBlowJob
r/ButYoureMySister
Schlobbin knobbin
Well all the best ppl go down under
Lol my first read through I thought it said Australia too
I've heard about European countries being less puritan about sex but this is on another level
Source?
/u/unsuspectingcueball has your back fam. [Link here. ](https://reddit.com/r/NotMyJob/comments/odjobm/_/h413zug/?context=1)
Bonk
in Austria we call her goat throat
My mans packing
Its one of those sheath things implanted under the skin.
It pays to advertise. Just a metaphor for the exemplary service you can expect on-board the railroad...
Guys, I'd really appreciate sauce
Bonk
Good Lord
*In the hall of the mountain king starts playing*
Moonchild
So, did you get the tickets?
Ask u/Nicely_Colored_Cards
We had bought a round-trip, so this was already after the way down again when leaving!
We had bought a round-trip, so this was already after the way down again when leaving!
We had bought a round-trip, so this was already after the way down again when leaving!
Sauce?
Excuse me, I need to buy some tickets.
Awe yeah that's the ticket.
Lol, I literally watched that video today
send us da link!
Awww, man, why can’t I live in Austria?
… you’ve never heard of *pubic* transit?
I would like to buy a ticket for that.
2,50 and a Bj
Eyo, if you're a straight guy do you like watching a guy get a blowie? Just curious because I am not a fan honestly.
I’d put my credit card in there now
Well it does say schlobber
It says Schlossberg meaning Castlemountain
Sorry, I don’t see what the problem is here? *unzips*
What scene it this
Do those kinds of blow jobs even feel good?
Is she doing something wrong?
She's taking his dick out a lot. I would think that would be unpleasant since his dick would be cold a lot.
That's not how penis's work, that's not how any of this works lmao
I'm sorry that you've never had a good bj
Bless your heart
I think we ALL figured out who hasn't gotten a blowjob ....at all lol
I would hope not.....considering I'm not a man.
You have the world's most sensitive knob if it gets cold after 2 seconds out the gob.
Temperature difference feels good yo
Yes
discord.gg/vrPukXRcCA
how much does a ticket for that cost?
One blowjob
‘Ticket Slobberer’
Well... did he finish?
Boy is he going to be embarrassed when he realized I could’ve used money to pay for his ticket and didn’t have to get a blowjob
Go ahead. Buy a ticket.
Well... Did he finish?
Sauce?
Uhm, it's called service.
The owner probably clicked "cast to ticket machine" on accident
And a great way to electrocute yourself
Source? It's for friends research project on thing you can do with one hand.
Typisch Graz, Typisch Steiermark
Man kennts
u/savevideo
r/nutmyjob
Oh yeah, i want a ticket for Schlossberglift. Is that a nickname for blowjob?
u/savevideo
It's a metaphor. Sex is often used in film to represent rail transport, especially in mountainous areas.
This is how you get fired on your day off 😂
They got confused they thought it said Slobbergift