Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Covert Microphone Application
From: Mike Kuriger <m () wb com>
Date: Fri, 28 Jul 2006 10:40:44 -0700

The whole point of the challenge is that the employee told his boss that
a hacker could get into the laptop and spy on meetings.  We should
assume that the laptop is on the network, and that the challenge
requires making the recording from a remote location.  Anyone can plant
a bug, but the employee is making a case that there already is a bug in
place (the laptop)

~Mike~

Craig Wright wrote:

How about not all making assumptions on how the machine is configured
etc.

No body has asked if the machine is networked- you are all making an
assumption that may be invalid. What O/S is the host running.
Statistically the likelihood is XP not Linux. Thus telnet is likely
disabled.

Even if it is XP, is Remote admin/desktop enabled or disabled by policy.
Is the host on a domain etc etc etc.

Ask some questions, don't make assumptions.


Craig

-----Original Message-----
From: Matt Burnett [mailto:marukka () mac com]

Sent: Friday, 28 July 2006 1:58 AM
To: shiri_yacov () yahoo com
Cc: pen-test () securityfocus com
Subject: Re: Covert Microphone Application

Wouldnt it just be a lot easier for you or your boss to disconnect 

the microphone cable than going though some elaborate scheme to prove 

it could possibly be done? If they can "ruled" any laptop at will 

then couldnt they also get into your mail servers? Wouldnt anything 

that would be discussed in your meeting generate followups in a email?

On Jul 26, 2006, at 4:55 AM, shiri_yacov () yahoo com wrote:

 

Hi all,

I have recently entered with my boss to our corp. conference room 
   


 

to discover a new (shining) internet laptop on a side desk in the 
   


 

room.

During our chat I mentioned that the laptop has a builtin 
   


 

microphone and therefore enables covert eavsdropping in case the 
   


 

laptop is "ruled" from remote position, and therefore, a conference 
   


 

room PC should have no builtin mic.

My sceptic boss replied instantly - "I challange you, bring me a 
   


 

recording of any meeting - I`ll replace the laptop, and you`ll receive

it."


I therefore need a small covert application (no need in process 
   


 

hiding), which will record microphone input to file. command line 
   


 

application is perfect.


Do any of you know any ?


Guys, I gotta have this laptop...


Regards,

Shiri

----------------------------------------------------------------------
   


 

--------
This List Sponsored by: Cenzic

Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the 
   


 

Analyst's
Choice Award from eWeek. As attacks through web applications 
   


 

continue to rise,
you need to proactively protect your applications from hackers. 
   


 

Cenzic has the
most comprehensive solutions to meet your application security 
   


 

penetration
testing and vulnerability management needs. You have an option to 
   


 

go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed 
   


 

service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to 
   


 

confirm your
results from other product. Contact us at request () cenzic com for 
   


 

details.
----------------------------------------------------------------------
   


 

--------

   



------------------------------------------------------------------------
------
This List Sponsored by: Cenzic

Concerned about Web Application Security?

Why not go with the #1 solution - Cenzic, the only one to win the
Analyst's

Choice Award from eWeek. As attacks through web applications continue to
rise,

you need to proactively protect your applications from hackers. Cenzic
has the

most comprehensive solutions to meet your application security
penetration

testing and vulnerability management needs. You have an option to go
with a

managed service (Cenzic ClickToSecure) or an enterprise software

(Cenzic Hailstorm). Download FREE whitepaper on how a managed service
can

help you: http://www.cenzic.com/news_events/wpappsec.php

And, now for a limited time we can do a FREE audit for you to confirm
your

results from other product. Contact us at request () cenzic com for
details.
------------------------------------------------------------------------
------


Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within 
those States and Territories of Australia where such legislation exists.

DISCLAIMER
The information contained in this email and any attachments is confidential. If you are not the intended recipient, 
you must not use or disclose the information. If you have received this email in error, please inform us promptly by 
reply email or by telephoning +61 2 9286 5555. Please delete the email and destroy any printed copy. 


Any views expressed in this message are those of the individual sender. You may not rely on this message as advice 
unless it has been electronically signed by a Partner of BDO or it is subsequently confirmed by letter or fax signed 
by a Partner of BDO.

BDO accepts no liability for any damage caused by this email or its attachments due to viruses, interference, 
interception, corruption or unauthorised access.

------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security? 
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's 
Choice Award from eWeek. As attacks through web applications continue to rise, 
you need to proactively protect your applications from hackers. Cenzic has the 
most comprehensive solutions to meet your application security penetration 
testing and vulnerability management needs. You have an option to go with a 
managed service (Cenzic ClickToSecure) or an enterprise software 
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can 
help you: http://www.cenzic.com/news_events/wpappsec.php 
And, now for a limited time we can do a FREE audit for you to confirm your 
results from other product. Contact us at request () cenzic com for details.
------------------------------------------------------------------------------




 


-- 
Mike Kuriger
Sr. Systems Engineer
WarnerBros Online
818-977-8198
m () wb com
aim - mikekuriger


------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security? 
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's 
Choice Award from eWeek. As attacks through web applications continue to rise, 
you need to proactively protect your applications from hackers. Cenzic has the 
most comprehensive solutions to meet your application security penetration 
testing and vulnerability management needs. You have an option to go with a 
managed service (Cenzic ClickToSecure) or an enterprise software 
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can 
help you: http://www.cenzic.com/news_events/wpappsec.php 
And, now for a limited time we can do a FREE audit for you to confirm your 
results from other product. Contact us at request () cenzic com for details.
------------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]