Re: Security-Compromised NT System [what can they see?]

From: Michael Mayo (m.mayo@lacs.utexas.edu)
Date: 02/20/02 

From: Michael Mayo <m.mayo@lacs.utexas.edu>
Date: Wed, 20 Feb 2002 13:10:13 -0600

SN wrote:
>
> Hey all you Windows/NT gurus out there. Can you shed some light on
> this issue for me.
>
> I work on a company provided Windows NT4.0 computer that I didn't
> install the OS and the Administrator password [was] known by more than
> one person, although the computer is primarily to be used by me only
> as a development machine. It just so happens that I sometimes do
> fairly personal thing on this computer, e.g. read my web based email,
> etc. Since the computer is compromised. Can they also see what I am
> reading in my emails?

<snip>

Anything can be done to a computer, pure and simple.

The only way to be 100% safe is to not do anything on your work computer
that you wouldn't want your boss seeing you do.

Some simple steps you can take to *help* secure your privacy
1.) Use AV software to detect trojans (if you can)
2.) Download a personal firewall for your PC (if you can)
3.) Disable any caching in your web browsers
4.) Disable history in your web browser
5.) Don't use your password/CC#/SS#/etc. on the Internet unless you see the
little padlock thing at the bottom of your browser (SSL)

Speaking from an administrators POV, we don't want people installing
software on their machines because it usually messes the machine up in some
way. I've got someone in my organization that insists on running AIM, MSN,
and Comet Cursor. Everytime this person asks me to fix the computer "which
is always screwing up", I uninstall those three apps and voila, the problem
is gone. That is until this person reinstalls that software. I could
complain and become a facist admin, but I don't because I know it can go too
far.

BTW: Did you know there is a hardware device that plugs in between your
keyboard and your PC that will record your keystrokes? It's about the size
of a battery.

http://www.dansdata.com/keyghost.htm

And you're right, any networking activities (i.e. anything that
requires/allows communication with another computer) can be recorded and
stored.

Also, almost all of your Internet stuff travels from your computer to some
other computer in the form of packets. These packets can be examined by any
admins in your organization (and maybe more depending on how they do their
network). Often times, the contents of the packets are in plain ASCII or
encoded in some standard method that can be easily decoded.

One last thing in your favor, if they give you an NT machine that *lets* you
install software on it *and* they gave you the administrator password, then
you probably have no need to be paranoid (unless you think they're making it
easy on you so they can spy better...).

Just play it safe and do your job searching, pr0n surfing, boss joking,
online dating, movie plans, etc. at home. :D 

--
Mike