RE: guilty until proven innocent?

[Nick FitzGerald <nick () virus-l demon co uk>]

Larry Seltzer wrote:

> It's been a while since I looked at them, but I remember that there were
> content filtering programs for the PC (Net Nanny and the like) that take
> periodic screen shots. It's an expensive practice in terms of the storage of
> course. And it is of value as compared to a simple list of URLs, since the
> content of a web page can change over time. 

Yep, and can also change depending on who you logged into the target 
_site_ as...

> How do you know who is actually using the computers at the time? There could
> be some sort of sign-in system; it's a potential weakness of course. If
> someone gets my login and then starts surfing porn, the records look bad for
> me.

Yep.

But, screenshotting shows _what the user at the machine was seeing_, 
whereas URL (or even content) logging at a proxy or other network edge 
device only tells you what the machine with that IP was "traficking".  
Do we really think your typical school computer is not compromised, at 
least part of the time?  If I were in such a school _AND_ didn't know 
about screenshotting activity loggers, I'd be looking to get proxies 
setup on several machines in the labs then, when I wanted to surf to 
bombs_r_us.com I'd do it via those proxies so it looked to the edge 
devices like "the other machine" (and thus that machine's current user) 
was surfing that site...


Regards,

Nick FitzGerald

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.