Re: Catching a sneak

From: Tarapia Tapioco (comesefosse_at_ntani.firenze.linux.it)
Date: 06/05/04 

Date: Sat,  5 Jun 2004 23:10:12 +0200 (CEST)

On 4 Jun 2004, grasshopper wrote:
>Me and 4 of my highschool friends post word documents to each other in
>a password-protected web folder. We share info on homework and
>sometimes just post general stuff.... (yes, and sometimes gossip), but
>mostly homework stuff.
>

it is best to protect the confidentiality of the data with encryption

encrypted data is of no value to adversary with out key

you 5 conspirators learn PGP or GPG

encrypt data to group of 5 conspirators

only 5 conspirators have access to clear data

forget trapping your adversary

>The problem is that we think someone has found out the correct
>username and password to get into our site. In fact, we're pretty sure
>we know who it is, but what we'd like to do is secretly find out if
>he's looking in our folder (but we want to do it without him knowing).
>Once we find out if it's him, we can plant fake homework stuff for him
>to use, and he will never know!
>
>We have inserted code from a 'Hit Counter' that will find out his IP
>address, but have not detected him. Someone said he can get around
>that by turning off his Java. What can we do to find him and confirm
>he's sneaking in (without him knowing)?
>
>We've already set up a new site with a new password. We just want to
>teach this guy a lesson.
>P.S. We're not experts at this so the simpler, the better.
>
>
>grasshopper