Home page logo
/

pen-test logo Penetration Testing mailing list archives

RE: Hidden Copying Software
From: Neil Moore <neil () droopy com>
Date: Tue, 25 Jul 2006 08:22:45 -0500 (CDT)

This task could be as easy as having a scheduled task on the windows box the prof is using.
for example:
create a scheduled task that xcopy's the usb drives contents to a local subdirectory on the hard disk drive. Then a person could get it later.

Or.. someone installed an ftp server on the machine.. then the drive could be accessed as soon as it is put into the machine.

Or.. someone turned on windows share for that device while it was plugged into the machine

Their are many-many not-so-super technical ways to get the data

Neil Moore  CCIE4 #10044


On Mon, 24 Jul 2006, R. DuFresne wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, 24 Jul 2006, Shenk, Jerry A wrote:

There are lots of other options too....maybe the exam was stored in a
temp file.  I guess you could say that software to copy a usb drive in
the background might be high tech but not that high tech...a vbscript
running on the machine could easily do it.  It (the software to do that)
certainly would NOT be expensive...free would be closer.


And the med stuent could easily ask someone in compsci to write it for him, perhaps for beer. Dou gain for the compsic there, he gets beer, and likely uses the program for class! Course, of the med student knows no compsci majors, he asks his little brother or a cousin to do it for him <smile>. Point being the med student is likely not the computer savvy one writing the nefarious tool, and might not even be the one that ends up placing it into use, directly...

Thanks,

Ron DuFresne



-----Original Message-----
From: Rocky [mailto:pixscreenpoint () gmail com]
Sent: Monday, July 24, 2006 9:20 AM
To: pen-test () securityfocus com
Subject: Hidden Copying Software

Hi list,

A friend of mine who is a medical professor asked me if
it is possible to copy his usb thumb drive from their
class room pc without knowing it? he told me maybe
there's a hidden software that copying it in the background?

His exam from his usb thumbdrive was exposed all over
to his student.I told him that you need a very high tech
software or expensive to do it? Is any such software capable
of this? this some kind of impossible task in my views.

Thanks.

------------------------------------------------------------------------
------
This List Sponsored by: Cenzic

Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the
Analyst's
Choice Award from eWeek. As attacks through web applications continue to
rise,
you need to proactively protect your applications from hackers. Cenzic
has the
most comprehensive solutions to meet your application security
penetration
testing and vulnerability management needs. You have an option to go
with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service
can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm
your
results from other product. Contact us at request () cenzic com for
details.
------------------------------------------------------------------------
------




**DISCLAIMER
This e-mail message and any files transmitted with it are intended for the use of the individual or entity to which they are addressed and may contain information that is privileged, proprietary and confidential. If you are not the intended recipient, you may not use, copy or disclose to anyone the message or any information contained in the message. If you have received this communication in error, please notify the sender and delete this e-mail message. The contents do not represent the opinion of D&E except to the extent that it relates to their official business.



------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request () cenzic com for details.

------------------------------------------------------------------------------



- -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
       admin & senior security consultant:  sysinfo.com
                       http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A  E838 B2DF AFCC 94B0 6629

...We waste time looking for the perfect lover
instead of creating the perfect love.

               -Tom Robbins <Still Life With Woodpecker>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFExVNvst+vzJSwZikRAtNUAJ9chHkD3r25/YqCdB/hSOTStxg8JQCguBJY
Mi2rPRoX9t8mbsKEimZntjY=
=4RO8
-----END PGP SIGNATURE-----

------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details.
------------------------------------------------------------------------------


------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details.
------------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault