Joerg Over wrote: > > Make sure you're showing the room-sound-recording available through Sub7 > with a soundcard(+ mike) installed on the compromised host. > I don't know why, but from my experience that's shocking the unsavvy more'n > anything else. I'll second that. It seemed to be a shocker here. I found creating an entire scenario helpful. I spoofed email from department heads and "Information Security" saying a new virus was spreading rapidly through campus and that the user needed to use the attached program to update their anti-virus software. I had previously attached subseven to a Norton Anti-virus update program. I had two computers set up projected on the wall. On one of them, I said "Oh, my god" and clicked the attachment. It looked like a standard Norton update. On the other computer I got email from the subseven server and took over from there...grabbing account passwords to the financial system, taking action from the compromised computer for which the owner would have been blamed, digging through the My Documents and email folders, screen shots, etc. It was particularly effective because the compromised computer showed no signs of all the activity going on. Previously skeptical people became believers. Then we talked about what ILOVEYOU, CodeRed, and other "damaging" worms might have done. I didn't include the microphone in the demo because of the equipment I had but word got back to me that was a major concern. -- Gary Flynn Security Engineer - Technical Services James Madison University Please R.U.N.S.A.F.E. http://www.jmu.edu/computing/runsafe ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Thu Oct 04 2001 - 12:05:54 PDT