Security Basics mailing list archives
Application backdoor suspect
From: skp () sargam com
Date: Fri, 13 Dec 2002 14:40:05 -0500
We have a very unusual situation. We have a client that uses a software to connect to a vendor for information. This software connects and than says synchronizing. Here is where we have issues with the client. If a computer connecting has been once used by a employee who is not with the company anymore than the sync process errors out. Although no username is asked until after the synch the software still sends info to the main server during the synch process. It apparently sends info of the employee that used the computer before. If the software connects from a newly installed OS than no issues it sync's and than ask for a username password. We tried uninstalling the software getting rid of any registry key that references the software and than reinstalled. Still error if connecting from a machine used by a ex-employee. The vendor says since the account has been disabled that's why the error. Issue is that the software should not look for a username password at the synch process. My question is there a way to see what files the application is calling on during the synch process. I want to see what other info it is sending. Its troubling to know that the app is sending info that is not relevant to its starting up. SKP
Current thread:
- Application backdoor suspect skp (Dec 13)
- Re: Application backdoor suspect Catfish (Dec 16)
- Re: Application backdoor suspect Gene (Dec 17)
- <Possible follow-ups>
- RE: Application backdoor suspect Tony Fondo (Dec 17)
- Re: Application backdoor suspect nick84 (Dec 17)
- Re: Application backdoor suspect H C (Dec 18)