RE: How to obtain a yahoo username off a computer

["Dan Bartley" <bartleyd () corp netcarrier com>]

Been watching this one. There are numerous loggers out there, just do a
google.

However, you better check criminal, HR and labor laws where this is
occurring. If you have clearly stated policies regarding the use of a
company computer you can just walk up and tell the employee to logon to
Yahoo and see what it is.

However again, you better check applicable laws and precedents in your
area or you may handing the employee a nice little civil suit retirement
egg. 

Even things like premise security cameras are being required to have
stated policies and wall postings to be usable against employees.
Keystroke logging falls in to the area of wire tapping and can and has
been viewed by the courts in this context. If you do not have warnings
or policies that computer activity may be monitored and logged you may
be setting yourself up for legal woes if you try to act on it.

On the other hand most areas now have stronger laws about computer
crimes committed by employees these days. If these emails you are
concerned with in any way contained or may have compromised sensitive
company or customer data you likely have a criminal case against them in
which case the local DA can subpoena the records from Yahoo as to the
originating source of the emails.

We just successfully completed a criminal case against an employee who
tried to email customer logons to his Hotmail account.

The point I'm trying to convey is better play this one close to the
chest and according to the applicable laws or you may find the company
on the short end of the stick.  

Best Regards, 

Dan Bartley

-----Original Message-----
From: Potter, Tim [mailto:Tim.Potter () clarkconsulting com] 
Sent: Thursday, June 12, 2003 13:50
To: security-basics () securityfocus com

Okay - things have changed quite bit.  What is a good keystroke-logger?
Thanks!

-----Original Message-----
From: Jon Baer [mailto:security () jonbaer net] 
Sent: Wednesday, June 11, 2003 9:06 PM
To: security-basics () securityfocus com
Subject: Re: How to obtain a yahoo username off a computer


You could do it with a sniffer but if that's if you want to sit around
for 24x7 and wait for it to happen in which case Id download Snort
(www.snort.org) and write a sig to trap the user, something like:

alert tcp $MY_NET any -> $YAHOO_SERVERS any (msg:"CHAT YAHOO my guy";
flow:to_server,established; content:"username";
classtype:policy-violation;)

I checked chat.rules off snort but they don't have any Yahoo rules yet,
but not hard to write :-\

- Jon

> particular Yahoo user ID from within our company.  We are about 90% 
> certain of the person's identity.  This user has been deleting his 
> cookies and temp Internet files.  We want to search his computer to
see
> if Yahoo ID xxxx is somewhere on his computer.   We know the Yahoo
user
> ID - we just need to confirm that this person is using it.  We don't 
> want to contact Yahoo because we don't want to go down the legal road 
> needed to get them to release the info.  Any ideas?


------------------------------------------------------------------------
---
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top
analysts! The Gartner Group just put Neoteris in the top of its Magic
Quadrant, while InStat has confirmed Neoteris as the leader in
marketshare.
     
Find out why, and see how you can get plug-n-play secure remote access
in about an hour, with no client, server changes, or ongoing
maintenance.
          
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
------------------------------------------------------------------------
----



------------------------------------------------------------------------
---
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top
analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
     
Find out why, and see how you can get plug-n-play secure remote access
in
about an hour, with no client, server changes, or ongoing maintenance.
          
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
------------------------------------------------------------------------
----




---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.

Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.

Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------