LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Closed Thread
 
Search this Thread
Old 10-07-2010, 10:30 AM   #16
allend
Senior Member
 
Registered: Oct 2003
Location: Melbourne
Distribution: Slackware-current
Posts: 3,432

Rep: Reputation: 849Reputation: 849Reputation: 849Reputation: 849Reputation: 849Reputation: 849Reputation: 849

Not sure how this fits with the rules, but there are always screen dumps. In the not unheard of case of a salesperson with legitimate access to commercially sensitive customer information in a database, a page could be legitimately displayed and captured as an image. If this was dumped into word processing software with autosave turned on, then the backup file could be saved to removable media. Change the image to something innocuous in the final copy and save that as well.
 
Old 10-19-2010, 07:08 PM   #17
frieza
Senior Member
 
Registered: Feb 2002
Location: harvard, il
Distribution: Ubuntu 11.4,DD-WRT micro plus ssh,lfs-6.6,Fedora 15,Fedora 16
Posts: 3,101

Rep: Reputation: 369Reputation: 369Reputation: 369Reputation: 369
Quote:
Originally Posted by Guttorm View Post
hmm if you are going do that you might as well just build a pair of transceivers out of an infra red laser and detector and put one in the window of your office hidden in some innocuous object and the other one on the dash of your car (disguised as a fuzz buster perhaps where such are legal), of course this can be hampered by people walking past the signal but oh well.
 
Old 10-20-2010, 06:57 AM   #18
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,785
Blog Entries: 1

Rep: Reputation: 414Reputation: 414Reputation: 414Reputation: 414Reputation: 414
Quote:
Originally Posted by frieza View Post
hmm if you are going do that you might as well just build a pair of transceivers out of an infra red laser and detector and put one in the window of your office hidden in some innocuous object and the other one on the dash of your car (disguised as a fuzz buster perhaps where such are legal), of course this can be hampered by people walking past the signal but oh well.

How about a slightly simpler version. Grab a smartphone with Wifi, root it and turn it into a wifi hotspot. If your target computer has wireless capability (most corporations do have lots of laptops lying around) you now have your laptop connected not only to the corporate network, but also to the 3G network which is completely outside of the company's control.
 
Old 10-21-2010, 02:17 AM   #19
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
Engage in a stock take over attempt, which entitles you to learn many of the targets secrets in order to evaluate the true value of the company. Then after learning the secrets, simply walk away. ( mega social engineering )
 
Old 10-21-2010, 02:45 AM   #20
hairysocks
Member
 
Registered: May 2002
Location: Thorverton, Near Exeter, Devon, England
Distribution: Ubuntu 10.04 (used to be Red Hat 7.1, then Red Hat 9, then FC 2, FC 5, FC 6, FC 9 and Ubuntu 8.04)
Posts: 103

Rep: Reputation: 16
Have a program that monitors a directory at some hour early in the morning, when you are not in the office. If there is a file in that directory then email it, then clean up the mail log file, and stop. So your file you are smuggling out is dropped into the directory at some point in the day, then late at night when you have an alibi, the file is emailed out.
 
Old 10-21-2010, 02:47 AM   #21
H_TeXMeX_H
Guru
 
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,928
Blog Entries: 2

Rep: Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269
Laser data transmission ... yes, it does exist, search for it. I saw it on TV too, and it does work.

Maybe a variation, but I would put the data on a USB stick and drop it out the window to waiting courier. Or if it is small enough attach to paper airplane and throw it out, just have someone out there to catch it.
 
Old 10-21-2010, 02:56 AM   #22
sag47
Senior Member
 
Registered: Sep 2009
Location: Philly, PA
Distribution: Kubuntu x64, RHEL, Fedora Core, FreeBSD, Windows x64
Posts: 1,431
Blog Entries: 33

Rep: Reputation: 358Reputation: 358Reputation: 358Reputation: 358
delete

Last edited by sag47; 10-23-2010 at 11:39 PM.
 
Old 10-21-2010, 08:07 AM   #23
H_TeXMeX_H
Guru
 
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,928
Blog Entries: 2

Rep: Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269
Quote:
Originally Posted by sag47 View Post
Is this thread even in line with the LQ rules? I would consider it cracking since it involves illegally moving data where otherwise prohibited.
Well, I guess it might, unless we assume it is done to somehow prevent this ... to cover all bases, which of course is impossible.
 
Old 10-21-2010, 11:01 AM   #24
frieza
Senior Member
 
Registered: Feb 2002
Location: harvard, il
Distribution: Ubuntu 11.4,DD-WRT micro plus ssh,lfs-6.6,Fedora 15,Fedora 16
Posts: 3,101

Rep: Reputation: 369Reputation: 369Reputation: 369Reputation: 369
Quote:
Originally Posted by Hangdog42 View Post
How about a slightly simpler version. Grab a smartphone with Wifi, root it and turn it into a wifi hotspot. If your target computer has wireless capability (most corporations do have lots of laptops lying around) you now have your laptop connected not only to the corporate network, but also to the 3G network which is completely outside of the company's control.
assuming the machine HAS a wifi adapter which is unlikely in such a case as a machine that might deal with sensitive information that a company or government organization wouldn't want leaked

no the most effective way would be something nobody would suspect to check for such as a transceiver attached to the serial or parallel port, especially since such ports aren't commonly used any more and certainly not in such a fashion, thus someone later on investigating a possible leak might overlook such ports until it's too late and the evidence is already gone.

Quote:
Originally Posted by H_TeXMeX_H View Post
Quote:
Originally Posted by sag47 View Post
Another method is to:
Is this thread even in line with the LQ rules? I would consider it cracking since it involves illegally moving data where otherwise prohibited.
Well, I guess it might, unless we assume it is done to somehow prevent this ... to cover all bases, which of course is impossible.
H_TeXMeX_H has a valid point
granted it's impossible to cover all possibilities of data theft but this is a Linux security forum and as they say, to catch a thief you have to think like a thief, that's what this exercise is about

Last edited by frieza; 10-21-2010 at 11:07 AM.
 
Old 10-21-2010, 12:08 PM   #25
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,264
Blog Entries: 54

Original Poster
Rep: Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852
Questioning this threads validity is futile as are any distractions like meta-comments. If you still feel compelled to do so then please report instead of post. TIA.
 
Old 10-21-2010, 12:11 PM   #26
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,785
Blog Entries: 1

Rep: Reputation: 414Reputation: 414Reputation: 414Reputation: 414Reputation: 414
Quote:
Originally Posted by frieza
assuming the machine HAS a wifi adapter which is unlikely in such a case as a machine that might deal with sensitive information that a company or government organization wouldn't want leaked
Fair point. However my experience in businesses and organizations is that laptops are a highly desired computing platform, so wifi adapters are really pretty common and the only real obstacle to sensitive information is proper credentials. A lot of sensitive information physically resides on servers that likely don't have wifi cards, but are very accessible from within the company network. I have yet to run into a situation where accessing sensitive information requires you to sit at a specific workstation. You might also be able to tether to a phone via a USB cable, though that is probably easier to prevent by disabling USB ports.

I kinda of suspect that where unSpawn was going with this was that the avenues of attack are much, much greater than the defenses put in place and that a lot of what are considered standard corporate security precautions really don't envisions a lot of the vectors that attackers have at their disposal. In fact I would argue (particularly after reading the suggestions in this thread) that trying to accomplish data security through physical/IT methods is largely a waste of time (or at very least subject to the 80/20 rule) and instead companies need to really focus on the personnel involved. Phishing has always been a highly successful attack vector.
 
Old 10-23-2010, 12:21 PM   #27
frieza
Senior Member
 
Registered: Feb 2002
Location: harvard, il
Distribution: Ubuntu 11.4,DD-WRT micro plus ssh,lfs-6.6,Fedora 15,Fedora 16
Posts: 3,101

Rep: Reputation: 369Reputation: 369Reputation: 369Reputation: 369
Quote:
Originally Posted by Hangdog42 View Post
In fact I would argue (particularly after reading the suggestions in this thread) that trying to accomplish data security through physical/IT methods is largely a waste of time (or at very least subject to the 80/20 rule) and instead companies need to really focus on the personnel involved.
indeed, if data can be accessed it can be copied, plain and simple, which is the same argument against all of the DRM schemes used by dvd/blu ray/cd manufacturers, they are a waste of time, the best bet for protection against data theft is to simply make sure the employees who have access to the sensitive material (and even those who don't) are trustworthy, not I say even those who don't because given the time and resources it would be a trivial matter for someone who knows what they are doing to gain access to sensitive material they shouldn't' have access to. not to say that the sensitive data should be left unsecured as that would be an invitation to outsiders to steal it but when it comes to insiders, there is almost nothing that can be done to stop the data from being stolen.

Last edited by frieza; 10-23-2010 at 12:22 PM.
 
Old 10-23-2010, 03:07 PM   #28
John VV
Guru
 
Registered: Aug 2005
Posts: 12,901

Rep: Reputation: 1713Reputation: 1713Reputation: 1713Reputation: 1713Reputation: 1713Reputation: 1713Reputation: 1713Reputation: 1713Reputation: 1713Reputation: 1713Reputation: 1713
print screen ( atl pr/scr) import clipboard in gimp
and run a fft on the image
send it to any hosting ( imagebam , say)
or zip it and use z-share
at home dl it and run a inverse fft
http://www.imagebam.com/image/644471103520920
the fft
http://www.imagebam.com/image/2c8f34103520950
 
Old 08-16-2011, 05:25 PM   #29
tredegar
LQ 5k Club
 
Registered: May 2003
Location: London, UK
Distribution: Debian "Jessie"
Posts: 6,011

Rep: Reputation: 367Reputation: 367Reputation: 367Reputation: 367
unSpawn,

Your post here, reminded me of this thread. Whilst I was a bit unsettled at the time when my earlier post was chucked ungraciously into moderator's limbo-land earlier in this thread, I'll now suggest you consider gently procuring, and paying well for, the services of a suitably gifted idiot savant

That is a very cruel term, but it is what wikipedia references it as.

Memorise a telephone directory or two, or three? No problem.
Memorise a database? No problem.

It will need to be displayed before it can be read and memorised though.
 
Old 08-17-2011, 06:55 PM   #30
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,264
Blog Entries: 54

Original Poster
Rep: Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852
Quote:
Originally Posted by tredegar View Post
I'll now suggest you consider
After giving this careful thought I maintain my position. I asked every contributor to please play the game or please don't play and you did not. In closing please do not necro-post again with a reply that has no bearing on the threads original question. If you have any follow up comments please email me or any of my fellow forum moderators.
Case and thread closed.
 
  


Closed Thread

Tags
hiding data


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Cheap ways to produce lots of truly random data Ulysses_ Linux - Security 2 09-22-2010 04:19 PM
LXer: 15 Ways Nokia’s N900 Is Better Than Apple’s iPhone (and 5 ways it’s not) LXer Syndicated Linux News 0 11-14-2009 08:20 AM
what are the ways i can back up my data in external media kumars.nitin123 Linux - Desktop 3 11-06-2009 01:05 AM
LXer: Securing your network premises with Endian LXer Syndicated Linux News 0 09-16-2008 02:00 AM
ways to secure data and information of corporate g_arun22 Linux - Security 3 06-01-2003 01:43 PM


All times are GMT -5. The time now is 11:23 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration