Re: Boot floppy

From: Curt Purdy (purdy@tecman.com)
Date: Thu Apr 12 2007 - 09:44:25 EDT

• Next message: Mifa: "RE: Boot floppy"
• Previous message: Thomas W Shinder: "RE: publications concerning port forwarding"
• In reply to: Chris Zevlas: "Re: Boot floppy"
• Next in thread: berg: "Re: Boot floppy"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Absolutely Chris. If they have Enterprise EnCase, they have complete
control, IF it is a company PC, and IF they have a written policy of no
expected privacy. Barring the Navy case that had a questionable ruling, I
know of no other case that questioned the authority to do that with EnCase.
I have not worked with V6 yet, but V5 has about all the capability I could
ask for.

Curt Purdy CISSP, GSNA, GSEC, CNE, MCSE+I, CCDA
Information Security Officer
Information Systems Security
Columbia, MD
infosysec@gmail.com
purdy@tecman.com

-------------

If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- former White House cybersecurity czar Richard Clarke
 

> -----Original Message-----
> From: listbounce@securityfocus.com
> [mailto:listbounce@securityfocus.com] On Behalf Of Chris Zevlas
> Sent: Wednesday, April 11, 2007 4:14 AM
> To: Shreyas Zare; Pen-Testing
> Subject: [lists] Re: Boot floppy
>
> How about you doing a remote image with Encase this way he
> will never know
> what you did.
>
> ----- Original Message -----
> From: "Shreyas Zare" <shreyas@technitium.com>
> To: "Pen-Testing" <pen-test@securityfocus.com>
> Sent: Tuesday, April 10, 2007 10:48 PM
> Subject: Re: Boot floppy
>
>
> > Hi,
> >
> > Try using social engineering. Tell him you are given a job to patch
> > all machines in the company for some security update then patch his
> > machine with a good rootkit. You may give him the update
> (infected) in
> > any CD or USB media so that he would install it himself. Or use any
> > idea which will not look suspicious to the target.
> >
> > Regards,
> >
> > On 4/10/07, Mifa <mifa@stangercorp.com> wrote:
> >> We have a user who takes a company computer home with
> them (no its not a
> >> lap top). We have a good reason to need to look at their files.
> >> However, we want to do so without that employ knowing.
> They seem to know
> >> something about security becasue auto runs is disabled and the
> >> workstation is always locked with a third party software.
> INserting a U3
> >> drive will not run a program either. Are there any
> programs that will
> >> boot from a floppy then copy a program to the c drive then
> wite an auto
> >> start entry into the registry? This was the only way I
> can think of to
> >> get the user to install a program..
> >>
> >> Any other ideas how we maight gain access? It has to be
> fast (bathroom
> >> breaks ect). I dont have time to load a live cd. Further,
> robooting
> >> would cause the user to loose work.
> >>
> >>
> >>
> >>
> --------------------------------------------------------------
> ----------
> >> This List Sponsored by: Cenzic
> >>
> >> Need to secure your web apps?
> >> Cenzic Hailstorm finds vulnerabilities fast.
> >> Click the link to buy it, try it or download Hailstorm for FREE.
> >>
> >>
> http://www.cenzic.com/products_services/download_hailstorm.php
> ?camp=701600000008bOW
> >>
> --------------------------------------------------------------
> ----------
> >>
> >>
> >
> >
> >
> > --
> > (This e-mail was composed and sent completely using
> recycled electrons)
> >
> > Shreyas Zare
> > Co-Founder, Technitium
> > eMail: shreyas@technitium.com
> >
> > ..::< The Technitium Team >::..
> > Visit us at www.technitium.com
> > Contact us at theteam@technitium.com
> >
> > Technitium Personal Computers
> > We belive in quality.
> > Visit http://pc.technitium.com for details.
> >
> >
> --------------------------------------------------------------
> ----------
> > This List Sponsored by: Cenzic
> >
> > Need to secure your web apps?
> > Cenzic Hailstorm finds vulnerabilities fast.
> > Click the link to buy it, try it or download Hailstorm for FREE.
> >
> >
> http://www.cenzic.com/products_services/download_hailstorm.php
> ?camp=701600000008bOW
> >
> --------------------------------------------------------------
> ----------
> >
> >
>
>
>
> --------------------------------------------------------------
> ----------
> This List Sponsored by: Cenzic
>
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download Hailstorm for FREE.
>
> http://www.cenzic.com/products_services/download_hailstorm.php
> ?camp=701600000008bOW
> --------------------------------------------------------------
> ----------
>
>

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------

• Next message: Mifa: "RE: Boot floppy"
• Previous message: Thomas W Shinder: "RE: publications concerning port forwarding"
• In reply to: Chris Zevlas: "Re: Boot floppy"
• Next in thread: berg: "Re: Boot floppy"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:43 EDT