Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: securityfocus.com > security-basics > 03 > 086513.html (Request Expert securityfocus.com Support)

RE: Nessus/keyloggers

From: Andrew Pretzl <arp(at)norlight.com>
Date: Tue Aug 12 2003 - 09:59:51 EDT

I would like to interject a word of caution here to everyone regarding keylogging, scanning etc. While I believe that netsec novice and others have only good intentions at heart you must be careful to "CYA" when undertaking some of the actions that are being proposed. The use of keyloggers and other 'hacking' tools could be seen as an attack on the institution you are checking instead of a demonstration of security problems. If you are planning on setting up such a demonstration make sure that you have a detailed plan in place to show what you are doing and what tools you will be using. This plan should also address how you will handle data recovered from the keystroke logger such as personal information, PIN codes etc. Have you also considered what would happen if someone else noticed the thumb drive on the system and took it? How would you protect the data then? You MUST have buy in and approval of management prior to undertaking such scans or testing. I personally would make sure that you have signatures from at least 2 different corporate officers approving your scanning/testing plan prior to starting. For an example of good intentions gone bad check out what happened to Randal Schwartz when he attempted to demonstrate a security problem to his company: http://www.lightlink.com/spacenka/fors/

Please note I am not a lawyer nor do I play one on TV. The information above is not guaranteed to be accurate or foolproof. It is merely my rambling thoughts on a subject.


Andrew Pretzl - CISSP
Network Engineer
Norlight Telecommunications
http://www.norlight.com

"The opinions expressed here are my own and do not necessarily represent those of Norlight Telecommunications". 
                                                                                                                                        
                      "Simon"                                                                                                           
                      ,      
                      m>                       cc:       (bcc: Andrew Pretzl/Norlight)                                                  
                                               Fax to:                                                                                  
                      08/11/2003 01:43         Subject:  RE: Nessus/keyloggers                                                          
                      AM

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

Actually,

             While we are on the topic, I am looking for a keylogger that will
send keystrokes to a syslogd server for windows. Anyone got any ideas?

  • -----Original Message----- From: netsec novice [mailto:netsec9@hotmail.com] Sent: Thursday, August 07, 2003 6:35 PM To: security-basics@securityfocus.com Subject: Nessus/keyloggers

I would like to demonstrate the importance of physical security to management by presenting information I was able to easily obtain by accessing one of our 'publically' available PCs residing on our private
network. What I had in mind was to run a keylogger and perhaps nessus from
a machine for a short period of time and present the output. I pictured
installing a keylogger and a reconaissance type tool on a thumbdrive - - leave
it there for a period of days and then retrieve. Does anyone have suggestions on a keylogger or nessus type tool that could be easily installed on portable media that could then be carried away for analysis? I
want to provide as realistic scenario as possible. IE - someone leaves a
thumb drive attached for a day for keylogger or someone walks in and powers
the PC off and then boots of a Linux based CD to run a scan and then easily
collects data?

Thanks for any ideas!!


Add photos to your e-mail with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail
  • ----------------------------------------------------------------------
  • -----
  • ----------------------------------------------------------------------
  • ------
Do you need help?X

-----BEGIN PGP SIGNATURE-----

Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

iQA/AwUBPzc7ErR5YB3MHZrzEQLU/ACgqlmHn2VFVyI89KKurS/qB7Tdnt8AnRCK GqSdys6hG6umvsOWbQPCfMQE
=VRSb
-----END PGP SIGNATURE-----

Received on Tue Aug 12 13:32:11 2003

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:16 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library