Security Basics mailing list archives
Re: How to obtain a yahoo username off a computer
From: "Matthew Durkin" <matthew_durkin () hotmail com>
Date: Sat, 14 Jun 2003 09:39:47 +0100
Just to add my 2 penneth: Targetting an individual in this way has definite legal implications. I work for a large company, and we have to be *very* careful when doing any kind of investigation on an individual. Involve your HR department (They ought to already be involved and should have expertise in this area), and also your legal department. To the best of my knowledge, you are able to use system logs that are collected generally from all systems, and for all employees, but there's a huge can of worms if you target an individual by adding extra logging. I don't think it would be an unreasonable exercise if you added monitoring for all employees and made all employees aware that their activites will be monitered and action taken agains said activities. This is seen to be fairer, and less likely to land you in mess re privacy regs etc. I am by no means the expert on this, but in previous investigations at my company, we have had to be very careful in these areas. Matthew ----- Original Message ----- From: "Potter, Tim" <Tim.Potter () clarkconsulting com> To: <security-basics () securityfocus com> Sent: Thursday, June 12, 2003 5:12 PM Subject: RE: How to obtain a yahoo username off a computer Hmmm.. Don't know if I should be offended or not :) But since I'm paranoid as well, I won't be offended. Seriously, I appreciate all the responses. Sniffing traffic has always been at the top of the list, but I wasn't sure that yahoo usernames would be passed through in the clear. We could care less about he password, we just want to verify this person used this username. So I think we'll go down the sniffer route unless that doesn't work for some reason. Thanks for your help! By the way - cookies, .dat files, etc. don't help. They can tell us this person has been to Yahoo, but will not reveal the username they used. Inside the Yahoo cookie is what looks like an encrypted string that Yahoo will understand when they log on. -Tim -----Original Message----- From: Curt Seeliger [mailto:seeliger.curt () epa gov] Sent: Wednesday, June 11, 2003 6:53 PM To: security-basics () securityfocus com Subject: Re: How to obtain a yahoo username off a computer There's been a variety of helpful responses to the original request now. There are good reasons for doing what he wants to do, but (and I'm in no way impuning the original poster by asking this) there are some crummy reasons as well. How do any of you know this isn't part of a stalking, or background info for more social engineering, or yada? Near as I know, you don't. Sure, this is worst case scenario, but isn't paranoia part of the game?
-----Original Message----- To: security-basics () securityfocus com Subject: How to obtain a yahoo username off a computer Hello! We have a security issue and need to know who is using a particular Yahoo user ID from within our company. We are about 90% certain of the person's identity. This user has been deleting his cookies and temp Internet files. We want to search his computer to
see
if Yahoo ID xxxx is somewhere on his computer. We know the Yahoo
user
ID - we just need to confirm that this person is using it. We don't want to contact Yahoo because we don't want to go down the legal road needed to get them to release the info. Any ideas? Thanks,
-- Curt Seeliger, Data Ranger CSC, EPA/WED contractor 541/754-4638 seeliger.curt () eqa gov ------------------------------------------------------------------------ --- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------
Current thread:
- RE: How to obtain a yahoo username off a computer, (continued)
- RE: How to obtain a yahoo username off a computer matt willson (Jun 12)
- Re: How to obtain a yahoo username off a computer Richard H. Cotterell (Jun 12)
- Re: How to obtain a yahoo username off a computer Anders Reed Mohn (Jun 12)
- RE: How to obtain a yahoo username off a computer Nycum, Joe (Jun 11)
- RE: How to obtain a yahoo username off a computer Kerberus (Jun 11)
- RE: How to obtain a yahoo username off a computer Carpio, Brian (Jun 11)
- Re: How to obtain a yahoo username off a computer Chris Berry (Jun 11)
- RE: How to obtain a yahoo username off a computer Rodrigo (Jun 12)
- Re: How to obtain a yahoo username off a computer Times Enemy (Jun 12)
- RE: How to obtain a yahoo username off a computer Potter, Tim (Jun 12)
- Re: How to obtain a yahoo username off a computer Matthew Durkin (Jun 16)
- RE: How to obtain a yahoo username off a computer Potter, Tim (Jun 12)
- Re: How to obtain a yahoo username off a computer Luciano Miguel Ferreira Rocha (Jun 12)
- Re: How to obtain a yahoo username off a computer Callan K L Tham (Jun 13)
- RE: How to obtain a yahoo username off a computer Townson, Glenn A (Jun 12)
- RE: How to obtain a yahoo username off a computer Kerberus (Jun 12)
- RE: How to obtain a yahoo username off a computer Times Enemy (Jun 12)
- RE: How to obtain a yahoo username off a computer Potter, Tim (Jun 12)
- RE: How to obtain a yahoo username off a computer dave (Jun 13)
- RE: How to obtain a yahoo username off a computer Christian Freas (Jun 12)
- RE: How to obtain a yahoo username off a computer Wiest, Damian (Jun 12)
(Thread continues...)