Capture doesnt have that level of granularity, so maybe its not able to do what you have in mind...with my previous email I meant that capture could be configured to check for unauthorized access to user data (for instance documents on the harddrive, etc)
Christian On Thu, Apr 3, 2008 at 4:57 AM, Seung Wook Jung < [EMAIL PROTECTED]> wrote: > Hi, > > First of all, thank you for your quick answer. > > I am not familiar with programming espacially window programming. > > How to know the access is authorized or unauthorized? > When a user access A web page and A web page include XSS that read the > cookie for A web site and send B web site the cookie. > I guess , read event to cookie by unauthorized access cannot be > distinguish from authorized access. I mean read event itself is neutral, I > think. > If we can distinguish between authorized access and unauthorized access, > it is wonderful. > > Best Regards > > Christina wrote: > > >Hi there, you could certainly configure capture to check for unauthorized > >access to confidential data. You could setup the exclusion list to > trigger > >on read events to confidential files. > > >Has anybody on the list gone down this route and want to share their > >experience? > > _______________________________________________ > Capture-HPC mailing list > Capture-HPC@public.honeynet.org > https://public.honeynet.org/mailman/listinfo/capture-hpc > > -- ---- Web: http://www.mcs.vuw.ac.nz/~cseifert PGP key http://www.mcs.vuw.ac.nz/~cseifert/pgpkey.txt Primary key fingerprint: E979 0D9A 9187 D821 F86F B712 C8DB 0583 B046 BAEF
_______________________________________________ Capture-HPC mailing list Capture-HPC@public.honeynet.org https://public.honeynet.org/mailman/listinfo/capture-hpc
