Security Basics mailing list archives
RE: Nessus/keyloggers
From: "Andrew Pretzl" <arp () norlight com>
Date: Tue, 12 Aug 2003 08:59:51 -0500
I would like to interject a word of caution here to everyone regarding keylogging, scanning etc. While I believe that netsec novice and others have only good intentions at heart you must be careful to "CYA" when undertaking some of the actions that are being proposed. The use of keyloggers and other 'hacking' tools could be seen as an attack on the institution you are checking instead of a demonstration of security problems. If you are planning on setting up such a demonstration make sure that you have a detailed plan in place to show what you are doing and what tools you will be using. This plan should also address how you will handle data recovered from the keystroke logger such as personal information, PIN codes etc. Have you also considered what would happen if someone else noticed the thumb drive on the system and took it? How would you protect the data then? You MUST have buy in and approval of management prior to undertaking such scans or testing. I personally would make sure that you have signatures from at least 2 different corporate officers approving your scanning/testing plan prior to starting. For an example of good intentions gone bad check out what happened to Randal Schwartz when he attempted to demonstrate a security problem to his company: http://www.lightlink.com/spacenka/fors/ Please note I am not a lawyer nor do I play one on TV. The information above is not guaranteed to be accurate or foolproof. It is merely my rambling thoughts on a subject. ============================= Andrew Pretzl - CISSP Network Engineer Norlight Telecommunications http://www.norlight.com ============================= "The opinions expressed here are my own and do not necessarily represent those of Norlight Telecommunications". "Simon" <simon () snosoft co To: "netsec novice" <netsec9 () hotmail com>, <security-basics () securityfocus com> m> cc: (bcc: Andrew Pretzl/Norlight) Fax to: 08/11/2003 01:43 Subject: RE: Nessus/keyloggers AM -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Actually, While we are on the topic, I am looking for a keylogger that will send keystrokes to a syslogd server for windows. Anyone got any ideas? - -----Original Message----- From: netsec novice [mailto:netsec9 () hotmail com] Sent: Thursday, August 07, 2003 6:35 PM To: security-basics () securityfocus com Subject: Nessus/keyloggers I would like to demonstrate the importance of physical security to management by presenting information I was able to easily obtain by accessing one of our 'publically' available PCs residing on our private network. What I had in mind was to run a keylogger and perhaps nessus from a machine for a short period of time and present the output. I pictured installing a keylogger and a reconaissance type tool on a thumbdrive - - leave it there for a period of days and then retrieve. Does anyone have suggestions on a keylogger or nessus type tool that could be easily installed on portable media that could then be carried away for analysis? I want to provide as realistic scenario as possible. IE - someone leaves a thumb drive attached for a day for keylogger or someone walks in and powers the PC off and then boots of a Linux based CD to run a scan and then easily collects data? Thanks for any ideas!! _________________________________________________________________ Add photos to your e-mail with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail - ---------------------------------------------------------------------- - ----- - ---------------------------------------------------------------------- - ------ -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> iQA/AwUBPzc7ErR5YB3MHZrzEQLU/ACgqlmHn2VFVyI89KKurS/qB7Tdnt8AnRCK GqSdys6hG6umvsOWbQPCfMQE =VRSb -----END PGP SIGNATURE----- --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Nessus/keyloggers netsec novice (Aug 08)
- RE: Nessus/keyloggers Manuel Lanctôt (Aug 08)
- Re: Nessus/keyloggers shawnmer (Aug 08)
- RE: Nessus/keyloggers Simon (Aug 11)
- Re: Nessus/keyloggers pablo gietz (Aug 12)
- <Possible follow-ups>
- RE: Nessus/keyloggers Andrew Pretzl (Aug 12)