I'm more interested in seeing who opens a doc, someone else brought up the idea of lojacking a laptop.
Thanks, Adrian On Mon, Sep 21, 2009 at 3:19 PM, Tim Krabec <[email protected]> wrote: > just use a dynamic dns client and have it report the IP of the machine > a simple script in the startup of windows or a > > http://adeona.cs.washington.edu/ is a "freeware" that attempts to do what > lojack for laptops does > > also just add in a simple fake email server throw some spam and other > "valid" emails in the box. > > > On Mon, Sep 21, 2009 at 12:49 PM, Harley Green > <[email protected]>wrote: > >> There are certainly some PDF capabilities that would meet this criteria >> but it is not transparent to the end-user. >> One example is official electronic transcripts. In order to view the file >> the PDF calls home to the certificate server and makes sure the document has >> >> not reached the maximum viewing limit, there may be other possible >> restrictions or checks it can do at the same time as well. >> It could be presented to the end-user as an authenticity mechanism >> ensuring you view the verified original content, rather than a "call-home" >> mechanism. >> >> >> On Mon, Sep 21, 2009 at 7:47 AM, Allen Deryke >> <[email protected]>wrote: >> >>> I admit, it does take some social engineering for both cases to work. >>> >>> You just need to make the webcontent seem critical to the message. In an >>> email a sentence like "your new acess code is:" followed by you bugged >>> image. >>> >>> Have it set up so that if the macro isn't run make the excel data seem >>> invalid, mess with formating ect. >>> >>> -- Allen Deryke >>> >>> On Sep 21, 2009, at 10:33 AM, Adrian Crenshaw <[email protected]> >>> wrote: >>> >>> I've done the webbugs in emails before, the problem is anymore most email >>> clients seem to turn off image loading by default. >>> >>> Adrian >>> >>> On Mon, Sep 21, 2009 at 10:07 AM, Allen Deryke <<[email protected]> >>> [email protected]> wrote: >>> >>>> Yeah, but excel prompts about this stuff so much that most people would >>>> just click "ok". >>>> >>>> Also links to external images in emails or docs is a great way to pull >>>> this off. >>>> >>>> -- Allen Deryke >>>> >>>> On Sep 21, 2009, at 9:47 AM, Adrian Crenshaw < <[email protected]> >>>> [email protected]> wrote: >>>> >>>> But would that illicit a warning? >>>> >>>> Adrian >>>> >>>> On Mon, Sep 21, 2009 at 3:23 AM, Dimitrios Kapsalis >>>> <<[email protected]><[email protected]> >>>> [email protected]> wrote: >>>> >>>>> The only way I can think of this occuring in a word doc is to write a >>>>> macro. >>>>> >>>>> The macro can just ping your box, this should be enough to get the IP. >>>>> >>>>> On Mon, Sep 21, 2009 at 2:56 AM, Andrew Ellis >>>>> <<[email protected]><[email protected]> >>>>> [email protected]> wrote: >>>>> >>>>>> You could add a tab to firefox's default tabs (the ones it loads on a >>>>>> new session) that points to a webserver you control. Eventually, the >>>>>> stolen laptop's new user will open firefox anew and you'll have the >>>>>> new IP. Obviously if the person stealing your box mounts the drive >>>>>> rather than logging in, this won't help. >>>>>> >>>>>> -andrew >>>>>> >>>>>> On Sun, Sep 20, 2009 at 3:49 PM, Adrian Crenshaw >>>>>> <<[email protected]><[email protected]> >>>>>> [email protected]> wrote: >>>>>> > I recently had a conversation with an author about webbugs, and >>>>>> it brought >>>>>> > another idea to mind. I seem to remember John Strand saying >>>>>> something about >>>>>> > Val Smith doing something with detecting insider threats by leaking >>>>>> a >>>>>> > document and seeing who opens it. (sorry I can't remember more). >>>>>> > >>>>>> > Here is the question, anyone know how to make a doc/docx/pdf load >>>>>> something >>>>>> > from an external site so you can at least find the ip of someone who >>>>>> opened >>>>>> > the document? >>>>>> > >>>>>> > Thanks, >>>>>> > Adrian >>>>>> > >>>>>> > _______________________________________________ >>>>>> > Pauldotcom mailing list >>>>>> > <[email protected]> <[email protected]> >>>>>> [email protected] >>>>>> > <http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom><http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom> >>>>>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>>>>> > Main Web Site: <http://pauldotcom.com/> <http://pauldotcom.com> >>>>>> http://pauldotcom.com >>>>>> > >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Andrew Ellis >>>>>> <http://www.samurainet.org/blog> <http://www.samurainet.org/blog> >>>>>> http://www.samurainet.org/blog >>>>>> _______________________________________________ >>>>>> Pauldotcom mailing list >>>>>> <[email protected]> <[email protected]> >>>>>> [email protected] >>>>>> >>>>>> <http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom><http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom> >>>>>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>>>>> Main Web Site: <http://pauldotcom.com/> <http://pauldotcom.com> >>>>>> http://pauldotcom.com >>>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> Pauldotcom mailing list >>>>> <[email protected]> <[email protected]> >>>>> [email protected] >>>>> >>>>> <http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom><http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom> >>>>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>>>> Main Web Site: <http://pauldotcom.com> <http://pauldotcom.com> >>>>> http://pauldotcom.com >>>>> >>>> >>>> _______________________________________________ >>>> Pauldotcom mailing list >>>> <[email protected]>[email protected] >>>> <http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom> >>>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>>> Main Web Site: <http://pauldotcom.com> <http://pauldotcom.com> >>>> http://pauldotcom.com >>>> >>>> >>>> _______________________________________________ >>>> Pauldotcom mailing list >>>> <[email protected]>[email protected] >>>> <http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom> >>>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>>> Main Web Site: <http://pauldotcom.com>http://pauldotcom.com >>>> >>> >>> _______________________________________________ >>> Pauldotcom mailing list >>> [email protected] >>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>> Main Web Site: <http://pauldotcom.com>http://pauldotcom.com >>> >>> >>> _______________________________________________ >>> Pauldotcom mailing list >>> [email protected] >>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>> Main Web Site: http://pauldotcom.com >>> >> >> >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> > > > > -- > Tim Krabec > Kracomp > 772-597-2349 > smbminute.com > kracomp.blogspot.com > www.kracomp.com > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
