Security Basics mailing list archives

RE: Nessus/keyloggers

From: "Andrew Pretzl" <arp () norlight com>
Date: Tue, 12 Aug 2003 08:59:51 -0500





I would like to interject a word of caution here to everyone regarding
keylogging, scanning etc. While I believe that netsec novice and others
have only good intentions at heart you must be careful to "CYA" when
undertaking some of the actions that are being proposed. The use of
keyloggers and other 'hacking' tools could be seen as an attack on the
institution you are checking instead of a demonstration of security
problems.  If you are planning on setting up such a demonstration make sure
that you have a detailed plan in place to show what you are doing and what
tools you will be using. This plan should also address how you will handle
data recovered from the keystroke logger such as personal information, PIN
codes etc.  Have you also considered what would happen if someone else
noticed the thumb drive on the system and took it? How would you protect
the data then? You MUST have buy in and approval of management prior to
undertaking such scans or testing. I personally would make sure that you
have signatures from at least 2 different corporate officers approving your
scanning/testing plan prior to starting.  For an example of good intentions
gone bad check out what happened to Randal Schwartz when he attempted to
demonstrate a security problem to his company:
http://www.lightlink.com/spacenka/fors/

Please note I am not a lawyer nor do I play one on TV. The information
above is not guaranteed to be accurate or foolproof. It is merely my
rambling thoughts on a subject.
=============================
Andrew Pretzl - CISSP
Network Engineer
Norlight Telecommunications
http://www.norlight.com
=============================
"The opinions expressed here are my own and do not necessarily represent
those of Norlight Telecommunications".


                                                                                                                        
                
                      "Simon"                                                                                           
                
                      <simon () snosoft co        To:       "netsec novice" <netsec9 () hotmail com>, <security-basics 
() securityfocus com>     
                      m>                       cc:       (bcc: Andrew Pretzl/Norlight)                                  
                
                                               Fax to:                                                                  
                
                      08/11/2003 01:43         Subject:  RE: Nessus/keyloggers                                          
                
                      AM                                                                                                
                
                                                                                                                        
                
                                                                                                                        
                




-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Actually,
             While we are on the topic, I am looking for a keylogger that
will
send keystrokes to a syslogd server for windows.  Anyone got any
ideas?




- -----Original Message-----
From: netsec novice [mailto:netsec9 () hotmail com]
Sent: Thursday, August 07, 2003 6:35 PM
To: security-basics () securityfocus com
Subject: Nessus/keyloggers


I would like to demonstrate the importance of physical security to
management by presenting information I was able to easily obtain by
accessing one of our 'publically' available PCs residing on our
private
network.  What I had in mind was to run a keylogger and perhaps
nessus from
a machine for a short period of time and present the output.  I
pictured
installing a keylogger and a reconaissance type tool on a thumbdrive
- - leave
it there for a period of days and then retrieve.  Does anyone have
suggestions on a keylogger or nessus type tool that could be easily
installed on portable media that could then be carried away for
analysis?  I
want to provide as realistic scenario as possible.  IE - someone
leaves a
thumb drive attached for a day for keylogger or someone walks in and
powers
the PC off and then boots of a Linux based CD to run a scan and then
easily
collects data?

Thanks for any ideas!!

_________________________________________________________________
Add photos to your e-mail with MSN 8. Get 2 months FREE*.
http://join.msn.com/?page=features/featuredemail


- ----------------------------------------------------------------------
- -----
- ----------------------------------------------------------------------
- ------

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

iQA/AwUBPzc7ErR5YB3MHZrzEQLU/ACgqlmHn2VFVyI89KKurS/qB7Tdnt8AnRCK
GqSdys6hG6umvsOWbQPCfMQE
=VRSb
-----END PGP SIGNATURE-----


---------------------------------------------------------------------------
----------------------------------------------------------------------------







---------------------------------------------------------------------------
----------------------------------------------------------------------------
Current thread:

Nessus/keyloggers netsec novice (Aug 08)
- RE: Nessus/keyloggers Manuel Lanctôt (Aug 08)
- Re: Nessus/keyloggers shawnmer (Aug 08)
- RE: Nessus/keyloggers Simon (Aug 11)
- Re: Nessus/keyloggers pablo gietz (Aug 12)
- <Possible follow-ups>
- RE: Nessus/keyloggers Andrew Pretzl (Aug 12)