RE: How to obtain a yahoo username off a computer

["Times Enemy" <securityfocus () krr org>]

Greetings.

Perhaps, it would be convenient to have a personal laptop with some
flavor of linux installed on it, and use it as a master swiss army
network tool.  In this instance, it could be EASILY installed onto the
network, and left to do all the sniffing and scratching necessary, with
minimal cpu usage from other servers/clients.

If you're bored, you could even toss OBSD onto it, the laptop, two NICs,
and some interesting configurings to make the box invisible, a few
seconds to plug it into the network just before any switches or such,
and 'Tada!,' you have a sweet powerful sniffer with fast options to
reroute traffic to some warning should suspicious network traffic be
detected.  :)  Oh, and logging power galore!

As for being 100%, have you considered tricking the yahooligan?  Haha,
maybe some morning when they just get settled, walk to their
cubicle/office, and say, "Just a moment, we're installing these network
monitoring devices on several systems for testing purposes.  This will
just take a second to install."  Then plug in some stupid adaptor
between the keyboard, like a male to male extender or such, and tape it
with some tamper tape.  The whole time rambling about the advertised
powers of the little plug such as it's ability to detect all forms of
traffic, id them, and report to a central server, and how the server app
watches for any disconnects and the likes.  Blah blah blah.

:: shrugs ::

You seem to know your corporate environment.  Good luck.

PS, if all else fails, go corporate paper ninja on the yahooligan and
get them fired for not following some obscure corporate policy like
using a paperclip to attach hardcopy attachments rather than a staple.
Hey, it's your network.  You gotta protect it.  It's war.  No rules in
Love and War ...

Again, good luck.

ciao
.times enemy


> Except that this person will be 'asked to leave' once we are sure they
> sent the offended emails to our business partner.   So we need to be
> as close to 100% as possible.  Even though this is employment at will
> - but we don't want to get the wrong person!
> And yes, most of the responses were no brainers.   It was useful to
> learn about different scanners, etc. that I hadn't yet heard of.  But
> overall there wasn't a ton of new info for me that was sent.  I was
> hoping for some "quick trick" that someone knew of so we wouldn't have
> to go through all the sniffer work.  We don't own any sniffers and
> will have to download and install something.
>
> -----Original Message-----
> From: Times Enemy [mailto:securityfocus () krr org]
> Sent: Thursday, June 12, 2003 12:19 AM
> To: security-basics () securityfocus com
> Subject: Re: How to obtain a yahoo username off a computer
>
>
> Greets.
>
> > There's been a variety of helpful responses to the original request
> > now.
> >   There are good reasons for doing what he wants to do, but (and I'm
> > in no way impuning the original poster by asking this) there are some
> >  crummy  reasons as well.
> >
> > How do any of you know this isn't part of a stalking, or background
> > info for more social engineering, or yada? Near as I know, you don't.
> >  Sure, this is worst case scenario, but isn't paranoia part of the
> > game?
>
> Most of the responses were rather no-brainers.  If the responses here
> were enough to teach a stalker, social engineer, or yada, their trade
> ... well, at this level of the game they probably aren't too much of a
> threat.  If the company wants to strike before the threat truly
> exists, then they need to upgrade their knowledge of networks and
> possibly computers in general a wee bit more.
>
> T'is true though, that the list doesn't know a particular members
> motives.  I am curious though, to know, an effective and workable
> method for identifying stalkers, social engineers, and yada vs. valid
> on the up-and-up do-gooders.  What say ye?
>
> Haha, i must admit though, that i do find it humorous that someone
> with the authority to use various sniffers and make network
> configuration modifications would not think to use sniffers, or would
> not know how to go from 0% to 90% but be stuck after gathering so much
> intel.  I find weeding that first 10% to be much more difficult,
> technically, than the remaining 90%.
>
> And just for kicks, since the yahooligan is ninety percent id'ed, why
> not just walk up to them, and say, "Hey, stop using Yahoo, at work."
> If that doesn't work, draw the line, notify THE Powers that Be, and
> tell the yahooligan, "The company does not want to waste it's money
> recording everything you do with it's resources, so, i am telling you
> once again, stop using Yahoo, at work.  Continueing to do so, will be
> forcing the company to take the next step."  Oh, and make sure to look
> the
> yahooligan straight in the peepers and smile the whole time.  :)
>
> If they persist, pull the plug on their box.  That ninety percent of
> proof should be enough to have the company behind this.
>
>
> ciao
> .times enemy
>
> > > -----Original Message-----
> > > To: security-basics () securityfocus com
> > > Subject: How to obtain a yahoo username off a computer
> > >
> > > Hello!  We have a security issue and need to know who is using a
> > > particular Yahoo user ID from within our company.  We are about 90%
> > > certain of the person's identity.  This user has been deleting his
> > > cookies and temp Internet files.  We want to search his computer to
> > > see if Yahoo ID xxxx is somewhere on his computer.   We know the
> > > Yahoo user ID - we just need to confirm that this person is using
> > > it.
>
> > > We don't want to contact Yahoo because we don't want to go down the
> > > legal road needed to get them to release the info.  Any ideas?
> > > Thanks,
> >
> > --
> > Curt Seeliger, Data Ranger
> > CSC, EPA/WED contractor
> > 541/754-4638
> > seeliger.curt () eqa gov
>
>
>
>
> ------------------------------------------------------------------------
> ---
> Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top
> analysts! The Gartner Group just put Neoteris in the top of its Magic
> Quadrant, while InStat has confirmed Neoteris as the leader in
> marketshare.
>
> Find out why, and see how you can get plug-n-play secure remote access
> in about an hour, with no client, server changes, or ongoing
> maintenance.
>
> Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
> ------------------------------------------------------------------------
> ----




---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
     
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
          
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------