Penetration Testing mailing list archives
RE: Boot floppy
From: "Pretorius, Wynand (ZA - Johannesburg)" <wpretorius () deloitte co za>
Date: Wed, 11 Apr 2007 11:58:41 +0200
Have you tried knoppix? You can boot and mount/copy files without changing the timestamps. Make sure you cover the legal aspects. Regards -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Anders Thulin Sent: 11 April 2007 08:53 AM To: pen-test () securityfocus com Subject: Re: Boot floppy Mifa wrote:
We have a user who takes a company computer home with them (no its not a lap top). We have a good reason to need to look at their files. However, we want to do so without that employ knowing. They seem to know something about security becasue auto runs is disabled and the workstation is always locked with a third party software. INserting a U3 drive will not run a program either. Are there any programs that will
boot from a floppy then copy a program to the c drive then wite an auto start entry into the registry? This was the only way I can think of to get the user to install a program..
Any other ideas how we maight gain access? It has to be fast (bathroom breaks ect). I dont have time to load a live cd. Further,
robooting would cause the user to loose work. I don't like the sound of this. You want to install software on a company computer, but are afraid to tip the user off that you are doing so? And you don't want to reboot the system in the process, and you only have short periods of time, such as bath-room breaks to your disposal? And who exactly are 'we'? Get in touch with a good security consultant -- someone who can get the whole picture, including the parts you're not discussing here. If there is a legitimate threat, it need to be considered in toto. On the assumption that this is above the board: if you don't have time to do the job, make it. Get the IT department to do a hardware upgrade, say, larger disks, for everyone in his work group. Or get the user into a full-day meeting on very short notice. Or ask if he wouldn't actually *prefer* a laptop, seeing how he's moving this computer to and from work every day (something I find *rather* difficult to believe). Or use some similar excuse to get sufficient hands-on time for a disk bitcopy to examine at your leisure. Apart from that, there is (or should be) an employer-employee relationship in place here: use it. If you are afraid of tipping the user off, make sure you have identified the correct threat: it may not be files on a disk, but the fact that you need to be tiptoeing around an employee at all. In that case, it's not a problem to be solved by bootdisks. -- Anders Thulin anders.thulin () sentor se 070-757 36 10 ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=70160000 0008bOW ------------------------------------------------------------------------ Important Notice: This email is subject to important restrictions, qualifications and disclaimers ("the Disclaimer") that must be accessed and read by visiting our website and viewing the webpage at the following address: http://www.deloitte.com/za/disclaimer. The Disclaimer is deemed to form part of the content of this email in terms of Section 11 of the Electronic Communications and Transactions Act, 25 of 2002. If you cannot access the Disclaimer, please obtain a copy thereof from us by sending an email to ClientServiceCentre () Deloitte co za.
Attachment:
smime.p7s
Description:
Current thread:
- Re: Boot floppy, (continued)
- Re: Boot floppy jasper . o . waale (Apr 11)
- 答复: [SPAM] - Re: Boot floppy - Sending mail server found on relays.ordb.org Cony.Zhou (Apr 11)
- Re: Boot floppy Chris Zevlas (Apr 11)
- Re: Boot floppy Curt Purdy (Apr 13)
- Re: Boot floppy jasper . o . waale (Apr 11)
- Re: Boot floppy berg (Apr 10)
- Re: Boot floppy Zed Qyves (Apr 11)
- RE: Boot floppy Scott Ramsdell (Apr 11)
- Re: Boot floppy Tim (Apr 11)
- Re: Boot floppy Anders Thulin (Apr 11)
- RE: Boot floppy Marvin Simkin (Apr 11)
- RE: Boot floppy Pretorius, Wynand (ZA - Johannesburg) (Apr 11)
- Re: Boot floppy Sat Jagat Singh (Apr 11)
- Re: Boot floppy Danyelle Gragsone (Apr 11)
- Re: Boot floppy Jamie Riden (Apr 11)
- Re: Boot floppy Juergen Fiedler (Apr 11)
- RE: Boot floppy Wiedemann, Adrian (Apr 11)
- RE: Boot floppy Mifa (Apr 13)
- Re: Boot floppy Michael Munt (Apr 13)
- RE: Boot floppy Sat Jagat Singh (Apr 13)
- Re: Boot floppy Shreyas Zare (Apr 13)
- Re: Boot floppy Morning Wood (Apr 13)
(Thread continues...)