|
|
backdoor screenshots
|
|
|
|
Senior User
Join Date: Apr 2001
Location: Palo Alto, CA
Status:
Offline
|
|
On one of the machines in our office in the shared user folder I discovered 2 text files with keyboard captures and hundreds of sequential screenshots. These were in a folder named Monitorer.
Does anyone know what spyware installed this (and how is it removed).
|
|
|
|
|
|
|
|
|
Senior User
Join Date: Nov 2000
Location: san fran, ca
Status:
Offline
|
|
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Jan 2003
Location: 127.0.0.1
Status:
Offline
|
|
Spector maybe?
Edit: Never mind
|
|
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Jan 2003
Location: ~/
Status:
Offline
|
|
Originally posted by barbarian:
On one of the machines in our office in the shared user folder I discovered 2 text files with keyboard captures and hundreds of sequential screenshots. These were in a folder named Monitorer.
Does anyone know what spyware installed this (and how is it removed).
Sounds like your company is keeping tabs on what you do on that (and perhaps other) machine(s).
I'm surprised, however, to see that this kind of potentially private information was dumped in to a shared folder. Perhaps the system auditor forgot (s)he put it there...
|
|
|
|
|
|
|
|
|
Junior Member
Join Date: Nov 2003
Status:
Offline
|
|
ho-ly-crap.
as much as i hate the idea of an app like that, i understand why a company might install it.
however, writing key logs to a public share is amazingly stupid. think about how many times a day you type your passwords.
perhaps someone should be watching whoever it is that's trying to watch you.
*baffled*
andrew davidoff
|
|
|
|
|
|
|
|
|
Senior User
Join Date: Apr 2001
Location: Palo Alto, CA
Status:
Offline
|
|
As I control the computers (well the applications not the network). It wasn't the company... it was some employee keeping tabs on another employee... or possibly someone from outside the company. This employee had his own private DSL line with a fixed ip address and a very insecure password.
Anyway thanks for the help locating the program... now we're going back in the logs and trying to find out how the program got installed.
|
|
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Jan 2003
Location: ~/
Status:
Offline
|
|
Quis custodiet ipsos custodes?
Who watches the watchers?
|
|
|
|
|
|
|
|
|
Dedicated MacNNer
Join Date: Sep 2003
Location: Louisiana, US
Status:
Offline
|
|
i'd love to hear how this one turns out. The interoffice drama where I work gets old and monotonous. I wanna hear about other offices!!!
|
|
|
|
|
|
|
|
|
Senior User
Join Date: Apr 2001
Location: Palo Alto, CA
Status:
Offline
|
|
It turns out that the woman's husband had installed the software as a way of spying on his wife.
Our question do we tell the woman that it was her husband or just give him a warning.
For all you IT guys this shows the danger of letting your workers install their own connections! We would have caught this if it was on the main network.
As an aside we did a review of passwords and 60% were insecure. And we're a tech company where people should know better!
|
|
|
|
|
|
|
|
|
Moderator
Join Date: Jan 2001
Location: Atlanta, GA
Status:
Offline
|
|
I'd say tell the lady there was some suspicious software installed on her computer, but unless her husband works at the same company and has violated a company policy, I wouldn't get involved in their personal lives. I'd just let her know that she needs to be more careful where she surfs, and that b/c there's not a lot of spyware out there for Macs, someone must have installed it on her machine. Let her come to her own conclusions.
And don't be so shocked by the lack of secure passwords. At the software company where I work, I'm regularly guessing people passwords so I can unlock their workstations (Call it a hobby. ). Most people have no idea what constitutes security....
And if you want to check out the security of your password, check out the feature built into Keychain.
|
|
|
|
|
|
|
|
|
Dedicated MacNNer
Join Date: Sep 2003
Location: Louisiana, US
Status:
Offline
|
|
its often helpful to make it manditory that passwords meet certain criteria. In our network, our users must have passwords with one capital letter, and one number. with an eight character length. The only problem with that though is that I am CONSTANTLY resetting passwords, because the users can't remember them.
|
|
|
|
|
|
|
|
|
Senior User
Join Date: Nov 2000
Location: san fran, ca
Status:
Offline
|
|
Originally posted by barbarian:
It turns out that the woman's husband had installed the software as a way of spying on his wife.
and did he catch her doing anything untoward?
|
|
|
|
|
|
|
|
|
Dedicated MacNNer
Join Date: Sep 2003
Location: Louisiana, US
Status:
Offline
|
|
Originally posted by mattyd:
and did he catch her doing anything untoward?
yeah for real.
|
|
|
|
|
|
|
|
|
Grizzled Veteran
Join Date: May 1999
Location: Seattle
Status:
Offline
|
|
This is proabably another example of why most users should not use admin accounts on thier systems for daily use.
If she was a Standard User and not admin, then her husband knowing her password would probably have been insufficient for him to install the software, or at least not system wide.
He probably dumped the files in the Shared folder because that is where a guest could log in and read them with more annonymity.
|
1.25GHz PowerBook
i vostri seni sono spettacolari
|
|
|
|
|
|
|
|
Admin Emeritus
Join Date: Oct 1999
Location: Zurich, Switzerland
Status:
Offline
|
|
Originally posted by pwolfe1:
its often helpful to make it manditory that passwords meet certain criteria. In our network, our users must have passwords with one capital letter, and one number. with an eight character length. The only problem with that though is that I am CONSTANTLY resetting passwords, because the users can't remember them.
Then you urgently need to loosen up your password requirements, because people WILL write down difficult-to-remember passwords, which is a far larger security risk (to most organizations) than slack-er password rules!! (Start looking for post-it notes under keyboards, on monitors, etc.)
It's always hard to strike a balance between secure passwords and passwords that are easy enough to remember that they won't be forgotten and written down. Either extreme is not a good place to be. If you *need* security beyond relatively trivial passwords, then you may want to consider implementing security with RSA SecurID codes, cards, biometrics, etc.
tooki
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Jan 2001
Location: Saint-Jean-sur-Richelieu, Québec, Canada
Status:
Offline
|
|
Originally posted by tooki:
Then you urgently need to loosen up your password requirements, because people WILL write down difficult-to-remember passwords, which is a far larger security risk (to most organizations) than slack-er password rules!! (Start looking for post-it notes under keyboards, on monitors, etc.)
It's always hard to strike a balance between secure passwords and passwords that are easy enough to remember that they won't be forgotten and written down. Either extreme is not a good place to be. If you *need* security beyond relatively trivial passwords, then you may want to consider implementing security with RSA SecurID codes, cards, biometrics, etc.
tooki
I've got the same problem at work. The passwords are changed monthly, but most users don't even remmember it!
At least, some where more original and chose a word for pasword and wrote the number of the month with it. It makes passwords like fido02 or 9mouse.
Since I use a 8 random caracters passwords, I can't get to work with this policy..
|
|
|
|
|
|
|
|
|
Professional Poster
Join Date: Jun 2003
Location: Hyrule
Status:
Offline
|
|
I have very awkward passwords that I just remember in my head.. random combination of letters and numbers that have absolutely nothing to do with each other.
The funny thing is I remember them well :shrugs:
|
Aloha
|
|
|
|
|
|
|
|
Professional Poster
Join Date: Nov 2000
Location: Norway (I eat whales)
Status:
Offline
|
|
Same here. But I forget them easily if I stop using them for a month or so. Funny thing is. With some phone numbers I don't remember the combination at all in my head, but I do know the comination in my fingers when I need to call them. Quite amuzing somehow.
|
Sniffer gone old-school sig
|
|
|
|
|
|
|
|
Senior User
Join Date: Mar 2002
Location: Golden, CO
Status:
Offline
|
|
Originally posted by -Q-:
And if you want to check out the security of your password, check out the feature built into Keychain.
What feature are you referring to?
|
|
|
|
|
|
|
|
|
Forum Regular
Join Date: Nov 2002
Location: at my desk, laptop on my lap
Status:
Offline
|
|
i forget how it works exactly, but there's a way to rate how secure your password choice is. i think this is what he means.
|
|
|
|
|
|
|
|
|
Moderator
Join Date: Jan 2001
Location: Atlanta, GA
Status:
Offline
|
|
Originally posted by darrick:
i forget how it works exactly, but there's a way to rate how secure your password choice is. i think this is what he means.
Yep. Open your Keychain App and then from the edit menu, select 'Change password for <current user>.' Click the button with the lower case 'i' and you'll see the 'Password Assistant' that will tell you, in its approximation, how secure your password is.
|
|
|
|
|
|
|
|
|
Senior User
Join Date: Mar 2002
Location: Golden, CO
Status:
Offline
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Rules
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|