Just to add my 2 penneth:
Targetting an individual in this way has definite legal implications. I work
for a large company, and we have to be *very* careful when doing any kind of
investigation on an individual. Involve your HR department (They ought to
already be involved and should have
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Friday 13 June 2003 00:47, Potter, Tim wrote:
Except that this person will be 'asked to leave' once we are sure they
sent the offended emails to our business partner. So we need to be as
close to 100% as possible. Even though this is
On Thu, 2003-06-12 at 16:13, Kelly Martin wrote:
I receive posts to the list on a daily basis that appear to be questions
on how to circumvent security. Those that are so obvious are rejected
outright with standard explanation, and in some cases people respond by
rephrasing their question,
Yes that was considered. There is 100% proof on who sent the email. I
can't explain why - we just know.
Now we just need to line up the physical evidence.
-Original Message-
From: Wiest, Damian [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 12, 2003 5:23 PM
To: '[EMAIL PROTECTED]'
Here was the one I used to catch my wife's IM logs. The divorce went
very smooth from there. :)
http://www.winwhatwhere.com/
JayW
Christian Freas [EMAIL PROTECTED] 06/12/03
02:39PM
You might want to take a look at
http://www.spectorsoft.com/
They make a couple of products, one a key
Well yes, the IP address inside the email header just points to the NAT
address that is used for this particular location. That was our first
step in narrowing down who sent the message.
-Original Message-
From: Luciano Miguel Ferreira Rocha [mailto:[EMAIL PROTECTED]
Sent: Thursday,
On Fri, 13 Jun 2003, M. Lucas wrote:
Kelly,
first: welcome as our new moderator...
Thanks.
Can you post a list statistics of the amount of
spam:
rejected questions:
rephrased accepted questions
total amount
emails you get a day/week on this list?
I don't have stats on these things
Mike Dresser wrote:
Create a webbug on a server you control(1x1 pixel .jpg or something)
Email the yahoo account, and when he opens it, it will download the
webbug, and that will show up on your machine with a time, ip(which would
belong to your netblock), and the url that he accessed.
Send
Why not just keep a watchful eye on the person you're suspecting? You know,
walk by his desk/office a little more often than normal, stuff like that.
If possible, install some remote administration tools (like Brian Carpio
suggested) to monitor what he is doing. Or take the more direct route and
Curt is absolutely right... I was amazed at how quickly people responded
with various mechanisms to do what was originally asked... I would hope
that the new Security Basics List administrator might pick up on this
potential social engineering ... For all we know this could be some 13
year old kid
*curled in fetal position, hiding somenthing in his hands, starring at a
white wall*
I am not telling ya. I am not telling ya. I am not telling ya. I am not
Seriously, this comes up a lot in a php list I participate...
When someone comes asking about cryptography or something
You could do it with a sniffer but if that's if you want to sit around for
24x7 and wait for it to happen in which case Id download Snort
(www.snort.org) and write a sig to trap the user, something like:
alert tcp $MY_NET any - $YAHOO_SERVERS any (msg:CHAT YAHOO my guy;
Greets.
There's been a variety of helpful responses to the original request
now.
There are good reasons for doing what he wants to do, but (and I'm
in no way impuning the original poster by asking this) there are some
crummy reasons as well.
How do any of you know this isn't part of a
Ref: Potter, Tim [EMAIL PROTECTED]'s
message dated Wednesday, June 11, 2003, 15:00 hours.
Hello! We have a security issue and need to know who is using a
particular Yahoo user ID from within our company. We are about 90%
certain of the person's identity. This user has been deleting his
Hello! We have a security issue and need to know who is using a
particular Yahoo user ID from within our company. We are about 90%
certain of the person's identity.
Three words for you: CAN OF WORMS
Run this by your legal department before doing anything.
That said, people have come up
Kelly, I applaud all of your efforts
As a subscriber to the list if there is anything posted I am not interested
in or thought inappropriate, I ignore it.
As a security professional the more information I have available (good or
bad) affords the opportunity to deduce my own conclusion and
Greetings.
Perhaps, it would be convenient to have a personal laptop with some
flavor of linux installed on it, and use it as a master swiss army
network tool. In this instance, it could be EASILY installed onto the
network, and left to do all the sniffing and scratching necessary, with
minimal
Okay - things have changed quite bit. What is a good keystroke-logger?
Thanks!
-Original Message-
From: Jon Baer [mailto:[EMAIL PROTECTED]
Sent: Wednesday, June 11, 2003 9:06 PM
To: [EMAIL PROTECTED]
Subject: Re: How to obtain a yahoo username off a computer
You could do it with a
You might want to take a look at
http://www.spectorsoft.com/
They make a couple of products, one a key stroke logger, and one a more
directed snooper that will forward copies of all email sent or read,
including those (according to their claims) from Yahoo, AOL etc. Both
products look pretty
Tim,
Have you considered the possibility that the mail headers were forged to
implicate an innocent third party?
-Damian
-Original Message-
From: Potter, Tim [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 12, 2003 11:48 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: How
Or it could also have been of a legitimate corporate need, as im used to
seeing. So when its not blatently obvious, where do you draw that line
?? Nothing i read here in the replies is any different then you could
find doing a little bit of googling on the web
On Thu, 2003-06-12 at 13:03,
Been watching this one. There are numerous loggers out there, just do a
google.
However, you better check criminal, HR and labor laws where this is
occurring. If you have clearly stated policies regarding the use of a
company computer you can just walk up and tell the employee to logon to
Yahoo
In my opinion this is a perfectly appropriate question for the list. It got
me (and probably a lot of others) thinking about how an unscrupulous user
might try to crack our security. Not that we're big Yahoo! users but a lot
of the tricks mentioned would work for other things as well.
It's been
On Thu, Jun 12, 2003 at 11:47:32AM -0500, Potter, Tim wrote:
Except that this person will be 'asked to leave' once we are sure they
sent the offended emails to our business partner. So we need to be as
close to 100% as possible.
Well, if you have access to those emails, verbatim, then there
You will find the User ID in the registry
HKEY_CURRENT_USER\software\Yahoo\Pager
-Original Message-
From: Potter, Tim [mailto:[EMAIL PROTECTED]
Sent: Wednesday, June 11, 2003 1:01 PM
To: [EMAIL PROTECTED]
Subject: How to obtain a yahoo username off a computer
Hello! We have a
Yea,
Pull his hard drive and use a data recovery application to recover the data, you can
simply plug the hard drive into a linux box an run the strings command and grep for
the UserID. Even though the data has been deleted it hasn't really, when deleting data
the data doesn't relly get over
You can still pull his history and cookies form his .dat files. Also it in
the registry there are places that info is stored.
Or, you could simply set up a sniffer and monitor his system, it would show
what he his doing.
Dave
_
Dave Kleiman
[EMAIL PROTECTED]
Slap a sniffer on the network, as far as I remember it is unencrypted,
or use a key logger, sod the ethics, law etc
-Original Message-
From: Potter, Tim [mailto:[EMAIL PROTECTED]
Sent: 11 June 2003 21:01
To: [EMAIL PROTECTED]
Subject: How to obtain a yahoo username off a computer
From: Potter, Tim [EMAIL PROTECTED]
Hello! We have a security issue and need to know who is using a
particular Yahoo user ID from within our company. We are about 90%
certain of the person's identity. This user has been deleting his
cookies and temp Internet files. We want to search his
That would be true if he used the Yahoo Messenger, Lets take this a step
further though, say he isnt using the messenger client, your only hope
then to locate said id is from the browser cache, or a caching
proxy. your chance could provide result with a recursive search
through the cache for
On Wed, 11 Jun 2003, Potter, Tim wrote:
Hello! We have a security issue and need to know who is using a
particular Yahoo user ID from within our company. We are about 90%
certain of the person's identity. This user has been deleting his
cookies and temp Internet files. We want to search
The easiest way I can think of would be to sniff the network traffic
originating from that IP on your internal network. You could restrict
you sniffing to only packets bound for port 80, 110, 25, etc depending
on how the Yahoo! account is being used. If you could covertly place
their ethernet
And there's always the use of a keyboard logger. . .
-Original Message-
From: dave [mailto:[EMAIL PROTECTED]
Sent: Wednesday, June 11, 2003 6:23 PM
To: 'Potter, Tim'; [EMAIL PROTECTED]
Subject: RE: How to obtain a yahoo username off a computer
You can still pull his history and cookies
You could probably recover deleted cookies and internet files using a file
recovery program like the one that Norton used to sell.
That should work unless the user has one of those shredder programs.
You could also check the registry for any turds that might be left behind.
Finally, you could
There's been a variety of helpful responses to the original request now.
There are good reasons for doing what he wants to do, but (and I'm in no
way impuning the original poster by asking this) there are some crummy
reasons as well.
How do any of you know this isn't part of a stalking, or
35 matches
Mail list logo
