From: Pretorius, Wynand (ZA - Johannesburg) (wpretorius@deloitte.co.za)
Date: Wed Apr 11 2007 - 05:58:41 EDT
Have you tried knoppix?
You can boot and mount/copy files without changing the timestamps. Make sure
you cover the legal aspects.
Regards
-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com] On
Behalf Of Anders Thulin
Sent: 11 April 2007 08:53 AM
To: pen-test@securityfocus.com
Subject: Re: Boot floppy
Mifa wrote:
> We have a user who takes a company computer home with them (no its
> not a lap top). We have a good reason to need to look at their files.
> However, we want to do so without that employ knowing. They seem to
> know something about security becasue auto runs is disabled and the
> workstation is always locked with a third party software. INserting a
> U3 drive will not run a program either. Are there any programs that will
boot from a floppy then copy a program to the c drive then wite an auto
start entry into the registry? This was the only way I can think of to get
the user to install a program..
>
> Any other ideas how we maight gain access? It has to be fast
> (bathroom breaks ect). I dont have time to load a live cd. Further,
robooting would cause the user to loose work.
I don't like the sound of this. You want to install software on a company
computer, but are afraid to tip the user off that you are doing so? And you
don't want to reboot the system in the process, and you only have short
periods of time, such as bath-room breaks to your disposal? And who exactly
are 'we'?
Get in touch with a good security consultant -- someone who can get the
whole picture, including the parts you're not discussing here. If there is a
legitimate threat, it need to be considered in toto.
On the assumption that this is above the board: if you don't have time to
do the job, make it. Get the IT department to do a hardware upgrade, say,
larger disks, for everyone in his work group. Or get the user into a
full-day meeting on very short notice. Or ask if he wouldn't actually
*prefer* a laptop, seeing how he's moving this computer to and from work
every day (something I find *rather* difficult to believe). Or use some
similar excuse to get sufficient hands-on time for a disk bitcopy to examine
at your leisure.
Apart from that, there is (or should be) an employer-employee relationship
in place here:
use it. If you are afraid of tipping the user off, make sure you have
identified the correct
threat: it may not be files on a disk, but the fact that you need to be
tiptoeing around an employee at all. In that case, it's not a problem to be
solved by bootdisks.
--
Anders Thulin anders.thulin@sentor.se 070-757 36 10
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=70160000
0008bOW
------------------------------------------------------------------------
Important Notice: This email is subject to important restrictions, qualifications and disclaimers ("the Disclaimer") that must be accessed and read by visiting our website and viewing the webpage at the following address: http://www.deloitte.com/za/disclaimer. The Disclaimer is deemed to form part of the content of this email in terms of Section 11 of the Electronic Communications and Transactions Act, 25 of 2002. If you cannot access the Disclaimer, please obtain a copy thereof from us by sending an email to ClientServiceCentre@Deloitte.co.za.
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:43 EDT