funsec mailing list archives
RE: guilty until proven innocent?
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Sun, 29 Jan 2006 18:47:19 +1300
Larry Seltzer wrote:
It's been a while since I looked at them, but I remember that there were content filtering programs for the PC (Net Nanny and the like) that take periodic screen shots. It's an expensive practice in terms of the storage of course. And it is of value as compared to a simple list of URLs, since the content of a web page can change over time.
Yep, and can also change depending on who you logged into the target _site_ as...
How do you know who is actually using the computers at the time? There could be some sort of sign-in system; it's a potential weakness of course. If someone gets my login and then starts surfing porn, the records look bad for me.
Yep. But, screenshotting shows _what the user at the machine was seeing_, whereas URL (or even content) logging at a proxy or other network edge device only tells you what the machine with that IP was "traficking". Do we really think your typical school computer is not compromised, at least part of the time? If I were in such a school _AND_ didn't know about screenshotting activity loggers, I'd be looking to get proxies setup on several machines in the labs then, when I wanted to surf to bombs_r_us.com I'd do it via those proxies so it looked to the edge devices like "the other machine" (and thus that machine's current user) was surfing that site... Regards, Nick FitzGerald _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Re[2]: guilty until proven innocent?, (continued)
- Re: Re[2]: guilty until proven innocent? Mary Landesman (Jan 24)
- RE: guilty until proven innocent? Gary Funck (Jan 24)
- Re: guilty until proven innocent? Drsolly (Jan 24)
- Re: guilty until proven innocent? Blue Boar (Jan 24)
- Re: guilty until proven innocent? Drsolly (Jan 24)
- Re: guilty until proven innocent? Blue Boar (Jan 24)
- Re: guilty until proven innocent? Austin (Jan 24)
- Re: guilty until proven innocent? Dude VanWinkle (Jan 27)
- RE: guilty until proven innocent? Gary Funck (Jan 28)
- RE: guilty until proven innocent? Larry Seltzer (Jan 28)
- RE: guilty until proven innocent? Nick FitzGerald (Jan 29)
- Re: guilty until proven innocent? David Lodge (Jan 28)
- RE: guilty until proven innocent? Nick FitzGerald (Jan 28)
- RE: guilty until proven innocent? Nick FitzGerald (Jan 24)
- Re: guilty until proven innocent? Mary Landesman (Jan 23)