Penetration Testing mailing list archives
RE: Covert Microphone Application
From: "Craig Wright" <cwright () bdosyd com au>
Date: Mon, 31 Jul 2006 18:43:52 +1000
Why should we assume this? I can have a PC "listen" and record without a network. Again, nothing of how the host is configured is being asked. Nothing on the OS, the apps etc. Next you are stating that as a trusted sys admin you can break an organisations security. Wow, good for you. Without a network there is IR. Possibly the host has bluetooth. Maybe the network is off, but it has a built in wireless card. One of the key requirements of a good Security person is that they ASK QUESTIONS. Craig ________________________________ From: Mike Kuriger [mailto:m () wb com] Sent: Sat 29/07/2006 3:40 AM To: Craig Wright Cc: Matt Burnett; shiri_yacov () yahoo com; pen-test () securityfocus com Subject: Re: Covert Microphone Application The whole point of the challenge is that the employee told his boss that a hacker could get into the laptop and spy on meetings. We should assume that the laptop is on the network, and that the challenge requires making the recording from a remote location. Anyone can plant a bug, but the employee is making a case that there already is a bug in place (the laptop) ~Mike~ Craig Wright wrote:
How about not all making assumptions on how the machine is configured etc. No body has asked if the machine is networked- you are all making an assumption that may be invalid. What O/S is the host running. Statistically the likelihood is XP not Linux. Thus telnet is likely disabled. Even if it is XP, is Remote admin/desktop enabled or disabled by policy. Is the host on a domain etc etc etc. Ask some questions, don't make assumptions. Craig -----Original Message----- From: Matt Burnett [mailto:marukka () mac com] Sent: Friday, 28 July 2006 1:58 AM To: shiri_yacov () yahoo com Cc: pen-test () securityfocus com Subject: Re: Covert Microphone Application Wouldnt it just be a lot easier for you or your boss to disconnect the microphone cable than going though some elaborate scheme to prove it could possibly be done? If they can "ruled" any laptop at will then couldnt they also get into your mail servers? Wouldnt anything that would be discussed in your meeting generate followups in a email? On Jul 26, 2006, at 4:55 AM, shiri_yacov () yahoo com wrote:Hi all, I have recently entered with my boss to our corp. conference roomto discover a new (shining) internet laptop on a side desk in theroom. During our chat I mentioned that the laptop has a builtinmicrophone and therefore enables covert eavsdropping in case thelaptop is "ruled" from remote position, and therefore, a conferenceroom PC should have no builtin mic. My sceptic boss replied instantly - "I challange you, bring me arecording of any meeting - I`ll replace the laptop, and you`ll receive it." I therefore need a small covert application (no need in processhiding), which will record microphone input to file. command lineapplication is perfect. Do any of you know any ? Guys, I gotta have this laptop... Regards, Shiri ------------------------------------------------------------------------------ This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win theAnalyst's Choice Award from eWeek. As attacks through web applicationscontinue to rise, you need to proactively protect your applications from hackers.Cenzic has the most comprehensive solutions to meet your application securitypenetration testing and vulnerability management needs. You have an option togo with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managedservice can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you toconfirm your results from other product. Contact us at request () cenzic com fordetails. ------------------------------------------------------------------------------------------------------------------------------------------------------ ------ This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details. ------------------------------------------------------------------------ ------ Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within those States and Territories of Australia where such legislation exists. DISCLAIMER The information contained in this email and any attachments is confidential. If you are not the intended recipient, you must not use or disclose the information. If you have received this email in error, please inform us promptly by reply email or by telephoning +61 2 9286 5555. Please delete the email and destroy any printed copy. Any views expressed in this message are those of the individual sender. You may not rely on this message as advice unless it has been electronically signed by a Partner of BDO or it is subsequently confirmed by letter or fax signed by a Partner of BDO. BDO accepts no liability for any damage caused by this email or its attachments due to viruses, interference, interception, corruption or unauthorised access. ------------------------------------------------------------------------------ This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details. ------------------------------------------------------------------------------
-- Mike Kuriger Sr. Systems Engineer WarnerBros Online 818-977-8198 m () wb com aim - mikekuriger ------------------------------------------------------------------------------ This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details. ------------------------------------------------------------------------------ Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within those States and Territories of Australia where such legislation exists. DISCLAIMER The information contained in this email and any attachments is confidential. If you are not the intended recipient, you must not use or disclose the information. If you have received this email in error, please inform us promptly by reply email or by telephoning +61 2 9286 5555. Please delete the email and destroy any printed copy. Any views expressed in this message are those of the individual sender. You may not rely on this message as advice unless it has been electronically signed by a Partner of BDO or it is subsequently confirmed by letter or fax signed by a Partner of BDO. BDO accepts no liability for any damage caused by this email or its attachments due to viruses, interference, interception, corruption or unauthorised access. ------------------------------------------------------------------------------ This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details. ------------------------------------------------------------------------------
Current thread:
- RE: Covert Microphone Application, (continued)
- RE: Covert Microphone Application Shenk, Jerry A (Jul 27)
- RE: Covert Microphone Application Miguel Valentin (Jul 27)
- Re: Covert Microphone Application s-williams (Jul 27)
- RE: Covert Microphone Application Mermod, Denis (Jul 27)
- RE: Covert Microphone Application Mark Teicher (Jul 27)
- Re: RE: Covert Microphone Application mr . nasty (Jul 27)
- Re: Covert Microphone Application Krpata, Tyler (Jul 27)
- RE: Covert Microphone Application Craig Wright (Jul 27)
- Re: Covert Microphone Application Mike Kuriger (Jul 29)
- RE: Covert Microphone Application Craig Wright (Jul 29)
- RE: Covert Microphone Application Craig Wright (Jul 31)
- Re: Covert Microphone Application Mike Kuriger (Jul 29)
- Re: Covert Microphone Application barcajax (Jul 27)
- RE: Covert Microphone Application Jacob, Pete (Jul 29)
- re: Covert Microphone Application gg (Jul 30)
- RE: Covert Microphone Application Shenk, Jerry A (Jul 27)