PaulDotCom mailing list archives
Dial Home Docs
From: irongeek at irongeek.com (Adrian Crenshaw)
Date: Mon, 21 Sep 2009 16:25:21 -0400
I'm more interested in seeing who opens a doc, someone else brought up the idea of lojacking a laptop. Thanks, Adrian On Mon, Sep 21, 2009 at 3:19 PM, Tim Krabec <tkrabec at gmail.com> wrote:
just use a dynamic dns client and have it report the IP of the machine a simple script in the startup of windows or a http://adeona.cs.washington.edu/ is a "freeware" that attempts to do what lojack for laptops does also just add in a simple fake email server throw some spam and other "valid" emails in the box. On Mon, Sep 21, 2009 at 12:49 PM, Harley Green <harley.s.green at gmail.com>wrote:There are certainly some PDF capabilities that would meet this criteria but it is not transparent to the end-user. One example is official electronic transcripts. In order to view the file the PDF calls home to the certificate server and makes sure the document has not reached the maximum viewing limit, there may be other possible restrictions or checks it can do at the same time as well. It could be presented to the end-user as an authenticity mechanism ensuring you view the verified original content, rather than a "call-home" mechanism. On Mon, Sep 21, 2009 at 7:47 AM, Allen Deryke <allen.deryke at hushmail.com>wrote:I admit, it does take some social engineering for both cases to work. You just need to make the webcontent seem critical to the message. In an email a sentence like "your new acess code is:" followed by you bugged image. Have it set up so that if the macro isn't run make the excel data seem invalid, mess with formating ect. -- Allen Deryke On Sep 21, 2009, at 10:33 AM, Adrian Crenshaw <irongeek at irongeek.com> wrote: I've done the webbugs in emails before, the problem is anymore most email clients seem to turn off image loading by default. Adrian On Mon, Sep 21, 2009 at 10:07 AM, Allen Deryke <<allen.deryke at hushmail.com> allen.deryke at hushmail.com> wrote:Yeah, but excel prompts about this stuff so much that most people would just click "ok". Also links to external images in emails or docs is a great way to pull this off. -- Allen Deryke On Sep 21, 2009, at 9:47 AM, Adrian Crenshaw < <irongeek at irongeek.com> irongeek at irongeek.com> wrote: But would that illicit a warning? Adrian On Mon, Sep 21, 2009 at 3:23 AM, Dimitrios Kapsalis <<dimitrios at gmail.com><dimitrios at gmail.com> dimitrios at gmail.com> wrote:The only way I can think of this occuring in a word doc is to write a macro. The macro can just ping your box, this should be enough to get the IP. On Mon, Sep 21, 2009 at 2:56 AM, Andrew Ellis <<only.samurai at gmail.com><only.samurai at gmail.com> only.samurai at gmail.com> wrote:You could add a tab to firefox's default tabs (the ones it loads on a new session) that points to a webserver you control. Eventually, the stolen laptop's new user will open firefox anew and you'll have the new IP. Obviously if the person stealing your box mounts the drive rather than logging in, this won't help. -andrew On Sun, Sep 20, 2009 at 3:49 PM, Adrian Crenshaw <<irongeek at irongeek.com><irongeek at irongeek.com> irongeek at irongeek.com> wrote: > I recently had a conversation with an author about webbugs, and it broughtanother idea to mind. I seem to remember John Strand sayingsomething aboutVal Smith doing something with detecting insider threats by leakingadocument and seeing who opens it. (sorry I can't remember more). Here is the question, anyone know how to make a doc/docx/pdf loadsomethingfrom an external site so you can at least find the ip of someone whoopenedthe document? Thanks, Adrian _______________________________________________ Pauldotcom mailing list <Pauldotcom at mail.pauldotcom.com> <Pauldotcom at mail.pauldotcom.com>Pauldotcom at mail.pauldotcom.com<http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom><http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom>http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcomMain Web Site: <http://pauldotcom.com/> <http://pauldotcom.com>http://pauldotcom.com-- Andrew Ellis <http://www.samurainet.org/blog> <http://www.samurainet.org/blog> http://www.samurainet.org/blog _______________________________________________ Pauldotcom mailing list <Pauldotcom at mail.pauldotcom.com> <Pauldotcom at mail.pauldotcom.com> Pauldotcom at mail.pauldotcom.com <http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom><http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: <http://pauldotcom.com/> <http://pauldotcom.com> http://pauldotcom.com_______________________________________________ Pauldotcom mailing list <Pauldotcom at mail.pauldotcom.com> <Pauldotcom at mail.pauldotcom.com> Pauldotcom at mail.pauldotcom.com <http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom><http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: <http://pauldotcom.com> <http://pauldotcom.com> http://pauldotcom.com_______________________________________________ Pauldotcom mailing list <Pauldotcom at mail.pauldotcom.com>Pauldotcom at mail.pauldotcom.com <http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: <http://pauldotcom.com> <http://pauldotcom.com> http://pauldotcom.com _______________________________________________ Pauldotcom mailing list <Pauldotcom at mail.pauldotcom.com>Pauldotcom at mail.pauldotcom.com <http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: <http://pauldotcom.com>http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: <http://pauldotcom.com>http://pauldotcom.com _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com-- Tim Krabec Kracomp 772-597-2349 smbminute.com kracomp.blogspot.com www.kracomp.com _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
-------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090921/56b47fb3/attachment.htm
Current thread:
- Dial Home Docs Adrian Crenshaw (Sep 20)
- Dial Home Docs Andrew Ellis (Sep 20)
- Dial Home Docs Dimitrios Kapsalis (Sep 21)
- Dial Home Docs Adrian Crenshaw (Sep 21)
- Dial Home Docs Allen Deryke (Sep 21)
- Dial Home Docs Adrian Crenshaw (Sep 21)
- Dial Home Docs Allen Deryke (Sep 21)
- Dial Home Docs Harley Green (Sep 21)
- Dial Home Docs Tim Krabec (Sep 21)
- Dial Home Docs Adrian Crenshaw (Sep 21)
- Dial Home Docs Dimitrios Kapsalis (Sep 21)
- Dial Home Docs Andrew Ellis (Sep 20)