How easy or difficult for one to capture/sniff/reconstruct graphic
files, e.g., tiff, jpeg, traversing an ethernet network?
Let say, a medical record is scanned and being e-mail it to a patient,
if someone in the clinic sets up to capture/sniff data transversing the
ethernet network, could this person to view the medical record of the
patient?
Any comments are appreciated.
Thanks,
A Monk
a_monk wrote:
> How easy or difficult for one to capture/sniff/reconstruct graphic
> files, e.g., tiff, jpeg, traversing an ethernet network?
Colored GUI with two mouse clicks? What do you want more?
> Let say, a medical record is scanned and being e-mail it to a patient,
> if someone in the clinic sets up to capture/sniff data transversing the
> ethernet network, could this person to view the medical record of the
> patient?
Assuming that no encryption was used: trivial.
> Any comments are appreciated.
Google is your friend. 'Pikachu' and 'EtherPEG' are the first results on
searching "JPEG sniffer".
In article <1148674550.140003.169680@j55g2000cwa.googlegroups.com>,
a_monk
>How easy or difficult for one to capture/sniff/reconstruct graphic
>files, e.g., tiff, jpeg, traversing an ethernet network?
It isn't trivial, but with the right tools it isn't particularily hard
either.
>Let say, a medical record is scanned and being e-mail it to a patient,
>if someone in the clinic sets up to capture/sniff data transversing the
>ethernet network, could this person to view the medical record of the
>patient?
Most networks these days are "fully switched", and in order to
capture the data, one would need to have access to the infrastructure
on the direct route between sender and receiver. If someone does
manage to get control of a router or switch on the direct path,
then Yes, the data being sent could be decoded.
Any email system that is used to transfer medical information
should be using encryption, even if the email system is only
"in-house". I have been told (but have not verified) that MS Exchange
encrypts the data transmission and that it stores the files in
encrypted format on the server.
Sensitive medical records should not be emailed to patients, unless
perhaps they are protected by encryption. There are just too many
places along the route where the data could be captured.
If I understand correctly, in all of the USA, and in several provinces
in Canada, it would be illegal to email sensitive patient information
through non-protected means. (But I don't beleive the restrictions
apply to fax.)
"a_monk"
> How easy or difficult for one to capture/sniff/reconstruct graphic
> files, e.g., tiff, jpeg, traversing an ethernet network?
>
Pretty damned easy actually:
http://ex-parrot.com/~chris/driftnet/
> Let say, a medical record is scanned and being e-mail it to a patient,
> if someone in the clinic sets up to capture/sniff data transversing the
> ethernet network, could this person to view the medical record of the
> patient?
>
> Any comments are appreciated.
To transmit such sensitive data over a public network of any kind
without the use of SSL or TLS is irresponsible. I hope it'd also be
begging for stiff HIPPA fines for stupidity.
Best Regards,
--
Todd H.
http://www.toddh.net/
Walter Roberson wrote:
> Most networks these days are "fully switched", and in order to
> capture the data, one would need to have access to the infrastructure
> on the direct route between sender and receiver.
access = MAC flooding?
Data become packets. Packets become signals. Signals become intercepted
data.
Kind regards
Ludovic Joly
But that's not as hard for attackers to obtain as you might think.
One user in your organization uses a swiss knife to cut a cable and
grab the signals out of it...
Kind regards
Ludovic Joly
Sebastian Gottschalk
> Walter Roberson wrote:
>
> > Most networks these days are "fully switched", and in order to
> > capture the data, one would need to have access to the infrastructure
> > on the direct route between sender and receiver.
But that's not as hard for attackers to obtain as you might think.
One user in your organization clicks the wrong thing with a web
browser that's either not fully patched, or hits a zero day exploit
the vendors don't even know about, pushes a remote shell to the
attacker, or full gui access. From this machine, perhaps completely
unbeknownst to the unwary users's, remote attacker fires up a sniffing
tool like the ones described here, and fires up freely available tools
to perform arp cache poisoning or cam table flooding to dumb the
switch down to hub mode or to route all switch packets through the
compromised host, and voila, remote sniffing of your local network.
If you see your entire bank of led's flashing simultaneously on your
switch and you're not sure why, worry.
Best Regards,
--
Todd H.
http://www.toddh.net/
comphelp@toddh.net (Todd H.) writes:
> Sebastian Gottschalk
> > Walter Roberson wrote:
> >
> > > Most networks these days are "fully switched", and in order to
> > > capture the data, one would need to have access to the infrastructure
> > > on the direct route between sender and receiver.
>
> But that's not as hard for attackers to obtain as you might think.
And I neglected to mention the trivially simple scenario of Dr. Ed
sipping his vente cappacino moca choka latte with cinnamon swirl in
Starbucks and accessing the website via wireless there. Unless Dr. Ed
is VPN'd into the environment where these images are flying over the
wire unencrypted, everyone at starbucks can help themselves to the
patient records in a passive and quite undetectable way.
--
Todd H.
http://www.toddh.net/
Todd H. wrote:
> Sebastian Gottschalk
>> Walter Roberson wrote:
>>
>>> Most networks these days are "fully switched", and in order to
>>> capture the data, one would need to have access to the infrastructure
>>> on the direct route between sender and receiver.
>
> But that's not as hard for attackers to obtain as you might think.
>
> One user in your organization clicks the wrong thing with a web
> browser that's either not fully patched, or hits a zero day exploit
> the vendors don't even know about,
What about IE? It has 50+ exploits the vendor knows about and doesn't
provide any patches for them. Lots of them have been zero-day, some
years ago. :-)
> If you see your entire bank of led's flashing simultaneously on your
> switch and you're not sure why, worry.
RAmen!
BTW, this is also true for network printers. Lots of them do run Java VMs.
Sincerely thanks to all responded!
"Todd H."
news:84irnsmrkw.fsf@ripco.com...
> "a_monk"
>
> > How easy or difficult for one to capture/sniff/reconstruct graphic
> > files, e.g., tiff, jpeg, traversing an ethernet network?
> >
>
> Pretty damned easy actually:
> http://ex-parrot.com/~chris/driftnet/
>
Which is a nice program. Had to modify a few lines for OpenBSD, but aside
from
that, it makes a great point in demonstrating insecurity.
> > Let say, a medical record is scanned and being e-mail it to a patient,
> > if someone in the clinic sets up to capture/sniff data transversing the
> > ethernet network, could this person to view the medical record of the
> > patient?
> >
> > Any comments are appreciated.
>
> To transmit such sensitive data over a public network of any kind
> without the use of SSL or TLS is irresponsible. I hope it'd also be
> begging for stiff HIPPA fines for stupidity.
>
> Best Regards,
> --
> Todd H.
> http://www.toddh.net/