ingenious social enginering to know when your network traffic is being watched

Monday, April 18. 2005

ingenious social enginering to know when your network traffic is being watched

from Tao of security blog, I came across this

One of the details that emerged from Curt's monitoring of the Invita Security network involved a password used by Alexey Ivanov. When accessing one of his drop sites, Alexey's FTP password was www.pidor.com (Internet Archive available). Think of what an unwary analyst might do with that information. Only someone who is monitoring Alexey's actions might know about www.pidor.com. Say that unwary analyst decides to visit www.pidor.com to learn more about the site. If Alexey or a friend is monitoring Web accesses to www.pidor.com, they could learn that they are being monitored. This case demonstrates how important it is for analysts to not "touch" remote or foreign sites involved in intrusions. You may tip your hand to the attacker and ruin an investigation or recovery effort.

Defined tags for this entry: geek stuff

Related entries by tags:

Posted by Raj Shekhar in geek stuff at 14:52 | Comments (0) | Trackbacks (0)

< Previous | egrep - searching for more than one pattern at a time >

Trackbacks

Trackback specific URI for this entry

No Trackbacks

Comments

Display comments as (Linear | Threaded)

No comments

Add Comment

~

See my main site
See my other articles
Stuff that ranks highly
See my wiki - a collection of useful nuggets

Contact me

Calendar

Quicksearch

Syndicate This Blog

Copy-left

Everything written by me and placed on this site is in the public domain , except for any express restrictions included in them . Hack them further and enjoy :-)