PaulDotCom mailing list archives

Dial Home Docs

From: tkrabec at gmail.com (Tim Krabec)
Date: Mon, 21 Sep 2009 15:19:35 -0400

just use a dynamic dns client and have it report the IP of the machine
a simple script in the startup of windows or a

http://adeona.cs.washington.edu/ is a "freeware" that attempts to do what
lojack for laptops does

also just add in a simple fake email server throw some spam and other
"valid" emails in the box.

On Mon, Sep 21, 2009 at 12:49 PM, Harley Green <harley.s.green at gmail.com>wrote:

There are certainly some PDF capabilities that would meet this criteria but
it is not transparent to the end-user.
One example is official electronic transcripts. In order to view the file
the PDF calls home to the certificate server and makes sure the document has

not reached the maximum viewing limit, there may be other possible
restrictions or checks it can do at the same time as well.
It could be presented to the end-user as an authenticity mechanism ensuring
you view the verified original content, rather than a "call-home" mechanism.


On Mon, Sep 21, 2009 at 7:47 AM, Allen Deryke <allen.deryke at hushmail.com>wrote:

I admit, it does take some social engineering for both cases to work.

You just need to make the webcontent seem critical to the message. In an
email a sentence like "your new acess code is:" followed by you bugged
image.

Have it set up so that if the macro isn't run make the excel data seem
invalid, mess with formating ect.

-- Allen Deryke

On Sep 21, 2009, at 10:33 AM, Adrian Crenshaw <irongeek at irongeek.com>
wrote:

I've done the webbugs in emails before, the problem is anymore most email
clients seem to turn off image loading by default.

Adrian

On Mon, Sep 21, 2009 at 10:07 AM, Allen Deryke <<allen.deryke at hushmail.com>
allen.deryke at hushmail.com> wrote:

Yeah, but excel prompts about this stuff so much that most people would
just click "ok".

Also links to external images in emails or docs is a great way to pull
this off.

-- Allen Deryke

On Sep 21, 2009, at 9:47 AM, Adrian Crenshaw < <irongeek at irongeek.com>
irongeek at irongeek.com> wrote:

But would that illicit a warning?

Adrian

On Mon, Sep 21, 2009 at 3:23 AM, Dimitrios Kapsalis <<dimitrios at gmail.com><dimitrios at gmail.com>
dimitrios at gmail.com> wrote:

The only way I can think of this occuring in a word doc is to write a
macro.

The macro can just ping your box, this should be enough to get the IP.

On Mon, Sep 21, 2009 at 2:56 AM, Andrew Ellis <<only.samurai at gmail.com><only.samurai at gmail.com>
only.samurai at gmail.com> wrote:

You could add a tab to firefox's default tabs (the ones it loads on a
new session) that points to a webserver you control. Eventually, the
stolen laptop's new user will open firefox anew and you'll have the
new IP. Obviously if the person stealing your box mounts the drive
rather than logging in, this won't help.

-andrew

On Sun, Sep 20, 2009 at 3:49 PM, Adrian Crenshaw <<irongeek at irongeek.com><irongeek at irongeek.com>
irongeek at irongeek.com> wrote:
  > I recently had a conversation with an author about webbugs, and it
brought

another idea to mind. I seem to remember John Strand saying something

about

Val Smith doing something with detecting insider threats by leaking a
document and seeing who opens it. (sorry I can't remember more).

Here is the question, anyone know how to make a doc/docx/pdf load

something

from an external site so you can at least find the ip of someone who

opened

the document?

Thanks,
Adrian

_______________________________________________
Pauldotcom mailing list
<Pauldotcom at mail.pauldotcom.com> <Pauldotcom at mail.pauldotcom.com>

Pauldotcom at mail.pauldotcom.com

<http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom><http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom>

http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom

Main Web Site: <http://pauldotcom.com/> <http://pauldotcom.com>

http://pauldotcom.com




--
Andrew Ellis
 <http://www.samurainet.org/blog> <http://www.samurainet.org/blog>
http://www.samurainet.org/blog
  _______________________________________________
Pauldotcom mailing list
<Pauldotcom at mail.pauldotcom.com> <Pauldotcom at mail.pauldotcom.com>
Pauldotcom at mail.pauldotcom.com
 
<http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom><http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom>
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: <http://pauldotcom.com/> <http://pauldotcom.com>
http://pauldotcom.com



_______________________________________________
Pauldotcom mailing list
 <Pauldotcom at mail.pauldotcom.com> <Pauldotcom at mail.pauldotcom.com>
Pauldotcom at mail.pauldotcom.com
 
<http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom><http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom>
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: <http://pauldotcom.com> <http://pauldotcom.com>
http://pauldotcom.com


_______________________________________________
Pauldotcom mailing list
<Pauldotcom at mail.pauldotcom.com>Pauldotcom at mail.pauldotcom.com
 <http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom>
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: <http://pauldotcom.com> <http://pauldotcom.com>
http://pauldotcom.com


_______________________________________________
Pauldotcom mailing list
 <Pauldotcom at mail.pauldotcom.com>Pauldotcom at mail.pauldotcom.com
 <http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom>
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: <http://pauldotcom.com>http://pauldotcom.com


_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: <http://pauldotcom.com>http://pauldotcom.com


_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com



_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com




-- 
Tim Krabec
Kracomp
772-597-2349
smbminute.com
kracomp.blogspot.com
www.kracomp.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090921/265934d9/attachment.htm

Current thread:

Dial Home Docs Adrian Crenshaw (Sep 20)
- Dial Home Docs Andrew Ellis (Sep 20)
  - Dial Home Docs Dimitrios Kapsalis (Sep 21)
    - Dial Home Docs Adrian Crenshaw (Sep 21)
    - Dial Home Docs Allen Deryke (Sep 21)
    - Dial Home Docs Adrian Crenshaw (Sep 21)
    - Dial Home Docs Allen Deryke (Sep 21)
    - Dial Home Docs Harley Green (Sep 21)
    - Dial Home Docs Tim Krabec (Sep 21)
    - Dial Home Docs Adrian Crenshaw (Sep 21)
- Dial Home Docs Michael Douglas (Sep 20)