[barbarian]

On one of the machines in our office in the shared user folder I discovered 2 text files with keyboard captures and hundreds of sequential screenshots. These were in a folder named Monitorer.

Does anyone know what spyware installed this (and how is it removed).

[mattyd]

the app is called Monitorer. check it out here... http://www.versiontracker.com/php/se...at=0&x=18&y=12

[alphasubzero949]

Spector maybe?

Edit: Never mind

[Cadaver]

Originally posted by barbarian:
On one of the machines in our office in the shared user folder I discovered 2 text files with keyboard captures and hundreds of sequential screenshots. These were in a folder named Monitorer.

Does anyone know what spyware installed this (and how is it removed).

Sounds like your company is keeping tabs on what you do on that (and perhaps other) machine(s).

I'm surprised, however, to see that this kind of potentially private information was dumped in to a shared folder. Perhaps the system auditor forgot (s)he put it there...

[andrew davidoff]

ho-ly-crap.

as much as i hate the idea of an app like that, i understand why a company might install it.

however, writing key logs to a public share is amazingly stupid. think about how many times a day you type your passwords.

perhaps someone should be watching whoever it is that's trying to watch you.

*baffled*

andrew davidoff

[barbarian]

As I control the computers (well the applications not the network). It wasn't the company... it was some employee keeping tabs on another employee... or possibly someone from outside the company. This employee had his own private DSL line with a fixed ip address and a very insecure password.

Anyway thanks for the help locating the program... now we're going back in the logs and trying to find out how the program got installed.

[Cadaver]

Quis custodiet ipsos custodes?
Who watches the watchers?

[pwolfe1]

i'd love to hear how this one turns out. The interoffice drama where I work gets old and monotonous. I wanna hear about other offices!!!

[barbarian]

It turns out that the woman's husband had installed the software as a way of spying on his wife.

Our question do we tell the woman that it was her husband or just give him a warning.

For all you IT guys this shows the danger of letting your workers install their own connections! We would have caught this if it was on the main network.

As an aside we did a review of passwords and 60% were insecure. And we're a tech company where people should know better!

[-Q-]

I'd say tell the lady there was some suspicious software installed on her computer, but unless her husband works at the same company and has violated a company policy, I wouldn't get involved in their personal lives. I'd just let her know that she needs to be more careful where she surfs, and that b/c there's not a lot of spyware out there for Macs, someone must have installed it on her machine. Let her come to her own conclusions.

And don't be so shocked by the lack of secure passwords. At the software company where I work, I'm regularly guessing people passwords so I can unlock their workstations (Call it a hobby. ). Most people have no idea what constitutes security....

And if you want to check out the security of your password, check out the feature built into Keychain.

[pwolfe1]

its often helpful to make it manditory that passwords meet certain criteria. In our network, our users must have passwords with one capital letter, and one number. with an eight character length. The only problem with that though is that I am CONSTANTLY resetting passwords, because the users can't remember them.

[mattyd]

Originally posted by barbarian:
It turns out that the woman's husband had installed the software as a way of spying on his wife.

and did he catch her doing anything untoward?

[pwolfe1]

Originally posted by mattyd:
and did he catch her doing anything untoward?

yeah for real.

[Boondoggle]

This is proabably another example of why most users should not use admin accounts on thier systems for daily use.

If she was a Standard User and not admin, then her husband knowing her password would probably have been insufficient for him to install the software, or at least not system wide.

He probably dumped the files in the Shared folder because that is where a guest could log in and read them with more annonymity.

[tooki]

Originally posted by pwolfe1:
its often helpful to make it manditory that passwords meet certain criteria. In our network, our users must have passwords with one capital letter, and one number. with an eight character length. The only problem with that though is that I am CONSTANTLY resetting passwords, because the users can't remember them.

Then you urgently need to loosen up your password requirements, because people WILL write down difficult-to-remember passwords, which is a far larger security risk (to most organizations) than slack-er password rules!! (Start looking for post-it notes under keyboards, on monitors, etc.)

It's always hard to strike a balance between secure passwords and passwords that are easy enough to remember that they won't be forgotten and written down. Either extreme is not a good place to be. If you *need* security beyond relatively trivial passwords, then you may want to consider implementing security with RSA SecurID codes, cards, biometrics, etc.

tooki

[Drizzt]

Originally posted by tooki:
Then you urgently need to loosen up your password requirements, because people WILL write down difficult-to-remember passwords, which is a far larger security risk (to most organizations) than slack-er password rules!! (Start looking for post-it notes under keyboards, on monitors, etc.)

It's always hard to strike a balance between secure passwords and passwords that are easy enough to remember that they won't be forgotten and written down. Either extreme is not a good place to be. If you *need* security beyond relatively trivial passwords, then you may want to consider implementing security with RSA SecurID codes, cards, biometrics, etc.

tooki

I've got the same problem at work. The passwords are changed monthly, but most users don't even remmember it!

At least, some where more original and chose a word for pasword and wrote the number of the month with it. It makes passwords like fido02 or 9mouse.

Since I use a 8 random caracters passwords, I can't get to work with this policy..

[Link]

I have very awkward passwords that I just remember in my head.. random combination of letters and numbers that have absolutely nothing to do with each other.

The funny thing is I remember them well :shrugs:

[sniffer]

Same here. But I forget them easily if I stop using them for a month or so. Funny thing is. With some phone numbers I don't remember the combination at all in my head, but I do know the comination in my fingers when I need to call them. Quite amuzing somehow.

[parsec_kadets]

Originally posted by -Q-:
And if you want to check out the security of your password, check out the feature built into Keychain.

What feature are you referring to?

[darrick]

i forget how it works exactly, but there's a way to rate how secure your password choice is. i think this is what he means.

[-Q-]

Originally posted by darrick:
i forget how it works exactly, but there's a way to rate how secure your password choice is. i think this is what he means.

Yep. Open your Keychain App and then from the edit menu, select 'Change password for <current user>.' Click the button with the lower case 'i' and you'll see the 'Password Assistant' that will tell you, in its approximation, how secure your password is.

[parsec_kadets]

That is useful, thanks.