evesdropping a computer how is it possible, how can it be prevented ?

How do people evesdrop on a computer ?
How can it be protected from hard drive scanning and keyboard
survellience ?

Re: evesdropping a computer how is it possible, how can it be prevented ?

"D" writes:

> How do people evesdrop on a computer ?
> How can it be protected from hard drive scanning and keyboard
> survellience ?

What other questions are on your homework? Is your teacher cute?

--
Todd H.
http://www.toddh.net/

Re: evesdropping a computer how is it possible, how can it be prevented ?

On 19 Oct 2006, in the Usenet newsgroup comp.security.misc, in article
<1161247006.645154.206490@b28g2000cwb.googlegroups.com>, D wrote:

>How do people evesdrop on a computer ?

You are using windoze - the easiest way is to have the user install some
wonderful program that is actually spyware. Contrary to popular belief,
there really isn't a "Mal-ware Fairy" that flies around, and waves her
magic wand over your computer to install garbage. It gets installed by
users who have no idea what they are doing.

>How can it be protected from hard drive scanning and keyboard
>survellience ?

Who are you worried about? If it's the police, then it may be to late
already. If it's mum - who's going to find out you've been visiting
the naughty web sites, then wipe the system, reinstall, and don't go to
those web sites. Otherwise,

Don't use a computer. If that is to tough an answer, then

Don't connect the computer to a network/Internet. If that is to tough
an answer, then

Don't install spyware. If that is to tough an answer, then

Don't allow ANY other person to have physical access to your computer.

Don't forget to keep your system up to date with security updates. _DO_
spend time learning about your computer and operating system. They lied
to you when they told you even an untrained monkey high on drugs can use
a computer. Yes, there's a lot to learn.

Old guy

Re: evesdropping a computer how is it possible, how can it be prevented?

D wrote:
> How do people evesdrop on a computer ?
> How can it be protected from hard drive scanning and keyboard
> survellience ?
>

Eavesdrop:
Inspect shared resources.
"Sniff" network activity.
Exploit security flaws in the OS to gain access to the system.
Lure the user to install "nice" utilities with a not-so-nice hidden payload.

Protect:
Don't share confidential data on the network.
Avoid wireless networking.
Encrypt network activity.
Apply security patches.
Install additional protection from a trusted source.
Don't install anything from sites you're not absolutely sure about.

Re: evesdropping a computer how is it possible, how can it be prevented ?

OK, well alot of those are obvious things, but what about free anti
virus and firewall software ?

Re: evesdropping a computer how is it possible, how can it be prevented ?

On 20 Oct 2006, in the Usenet newsgroup comp.security.misc, in article
<1161335870.157146.49770@m7g2000cwm.googlegroups.com>, Greg wrote:

>OK, well alot of those are obvious things, but what about free anti
>virus and firewall software ?

Isn't it interesting that people would rather install more garbage that
they hope might protect them from their own stupidity, rather than using
their brain and not installing the mal-ware in the first place.

Old guy

Re: evesdropping a computer how is it possible, how can it be prevented ?

Moe Trin wrote:
>
> Isn't it interesting that people would rather install more garbage that
> they hope might protect them from their own stupidity, rather than using
> their brain and not installing the mal-ware in the first place.
>
> Old guy

Yes, that sounds cynical, but about right. If it is paid for then it
is not neccessarily "mal ware", except it might become such if it an
update is ignored. So my last question is how do I find what is mal
ware and what is not ?

Re: evesdropping a computer how is it possible, how can it be prevented?

Greg wrote:
> OK, well alot of those are obvious things, but what about free anti
> virus and firewall software ?
>

I did advise to "install additional protection from a trusted source",
right?
If you trust the free ones (I do), then go ahead and use them.

Re: evesdropping a computer how is it possible, how can it be prevented?

Greg wrote:

> Moe Trin wrote:
>
>>Isn't it interesting that people would rather install more garbage that
>>they hope might protect them from their own stupidity, rather than using
>>their brain and not installing the mal-ware in the first place.
>>
>> Old guy
>
>
> Yes, that sounds cynical, but about right. If it is paid for then it
> is not neccessarily "mal ware", except it might become such if it an
> update is ignored. So my last question is how do I find what is mal
> ware and what is not ?
>

Please read my recent post about what packages HP gave me when I bought
a new HP paillion dv8310. The good guys are no longer desrving of
"trusted source".
I am convinced that the only reason there are exploits is because the
"good guys" need them. Data is money...maybe more valuable than the
device that enables it.
Miffed!

Re: evesdropping a computer how is it possible, how can it be prevented ?

On Wed, 13 Dec 2006, in the Usenet newsgroup comp.security.misc, in article
, warf wrote:

>Please read my recent post about what packages HP gave me when I bought
>a new HP paillion dv8310. The good guys are no longer desrving of
>"trusted source".

You state that it's phoning home (or trying to), but you don't indicate
why, and how you have determined it's spyware. There is one very valid
reason for the software to do so, and another that claims to be valid.
The valid reason is to check for security updates because the average
luser doesn't understand the concept of keeping the software up to date.
There are more than enough horror stories reported where klowns think
their computers are "protected" because it came with a 90 day demo of
some anti-malware when they bought it five years ago.

Other software phones home as a license check - to prevent the rather
rampant piracy problem costing the companies like microsoft untold
millions in software rental income. Do read the various End User
Agreements that come with the software and hardware - you might be
surprised at what you've agreed to.

>I am convinced that the only reason there are exploits is because the
>"good guys" need them. Data is money...maybe more valuable than the
>device that enables it.

While I don't disagree with your 'data is money' point, the reason that
the exploits exist is because of the increase in the number of features
that have been added, not because there is a demonstrated need, but
because someone requested it, and the software companies implemented it
and include it for all to use on the chance that a second person may
find the feature useful. This is why your system defaults to trying to
share everything with everyone - some may find it useful, and lack the
skills/knowledge to enable it. Don't you find that so "helpful"?

Do you remember when your operating system came on _two_ floppies, and
your desktop on six? That's a total of just under ten megabytes. Two
weeks ago, I installed a new release, and had seven CDs (or an optional
one DVD and one CD). There's more chances to screw up - and unless your
O/S starts from scratch (eliminating ALL backwards compatibility), it's
carrying holes from code that was written twenty years ago by people
long gone from the company. The result is that no one knows what's in
there, and they can't eliminate it because they don't know what that
will break.

But the reason the holes are exploited by the bad guys is much more
simple to explain. The users have no idea what they are doing with the
computer. Instruction manuals are lousy, because the manufacturers know
that NO ONE is ever going to read them. The manuals are now used to tell
you not to immerse the electronic device in the bath tub, and other useful
clues. Instead, the user will download a "helper" program/application
from under some rock out in cyberspace and hope that it does what they
imagine they need to do. Free Clue: There is no Mal-ware Fairy that comes
around when you aren't looking, and installs spybots, mal-wares, zombies
and other bad stuff.

Old guy

Re: evesdropping a computer how is it possible, how can it be prevented ?

ibuprofin@painkiller.example.tld (Moe Trin) writes:

>On Wed, 13 Dec 2006, in the Usenet newsgroup comp.security.misc, in article
>, warf wrote:

>>Please read my recent post about what packages HP gave me when I bought
>>a new HP paillion dv8310. The good guys are no longer desrving of
>>"trusted source".

>You state that it's phoning home (or trying to), but you don't indicate
>why, and how you have determined it's spyware. There is one very valid
>reason for the software to do so, and another that claims to be valid.
>The valid reason is to check for security updates because the average
>luser doesn't understand the concept of keeping the software up to date.
>There are more than enough horror stories reported where klowns think
>their computers are "protected" because it came with a 90 day demo of
>some anti-malware when they bought it five years ago.

>Other software phones home as a license check - to prevent the rather
>rampant piracy problem costing the companies like microsoft untold
>millions in software rental income. Do read the various End User
>Agreements that come with the software and hardware - you might be
>surprised at what you've agreed to.

Well, no, you almost certainly have NOT agreed to it, anymore than by
reading this post you have agreed that you owe me $1000. (please send it to
the address below if you believe that I can bind you with kind of contract).

While "piracy" may or may not be a problem (I have not noticed that
Microsoft is close to going bankrupt), that is no excuse for violating the
privacy and security of their customers.


>imagine they need to do. Free Clue: There is no Mal-ware Fairy that comes
>around when you aren't looking, and installs spybots, mal-wares, zombies
>and other bad stuff.


Well, that is not clear. In fact most malware is installed precisely out of
sight and mind-- masquarading behind other useful stuff.

So yes, there are lots of Mal-ware Fairies.

> Old guy

Re: evesdropping a computer how is it possible, how can it be prevented?

Unruh wrote:

> ibuprofin@painkiller.example.tld (Moe Trin) writes:
>
>
>>On Wed, 13 Dec 2006, in the Usenet newsgroup comp.security.misc, in article
>>, warf wrote:
>
>
>>>Please read my recent post about what packages HP gave me when I bought
>>>a new HP paillion dv8310. The good guys are no longer desrving of
>>>"trusted source".
>
>
>>You state that it's phoning home (or trying to), but you don't indicate
>>why, and how you have determined it's spyware. There is one very valid
>>reason for the software to do so, and another that claims to be valid.
>>The valid reason is to check for security updates because the average
>>luser doesn't understand the concept of keeping the software up to date.
>>There are more than enough horror stories reported where klowns think
>>their computers are "protected" because it came with a 90 day demo of
>>some anti-malware when they bought it five years ago.
>
>
>>Other software phones home as a license check - to prevent the rather
>>rampant piracy problem costing the companies like microsoft untold
>>millions in software rental income. Do read the various End User
>>Agreements that come with the software and hardware - you might be
>>surprised at what you've agreed to.
>
>
> Well, no, you almost certainly have NOT agreed to it, anymore than by
> reading this post you have agreed that you owe me $1000. (please send it to
> the address below if you believe that I can bind you with kind of contract).
>
> While "piracy" may or may not be a problem (I have not noticed that
> Microsoft is close to going bankrupt), that is no excuse for violating the
> privacy and security of their customers.
>
>
>
>>imagine they need to do. Free Clue: There is no Mal-ware Fairy that comes
>>around when you aren't looking, and installs spybots, mal-wares, zombies
>>and other bad stuff.
>
>
>
> Well, that is not clear. In fact most malware is installed precisely out of
> sight and mind-- masquarading behind other useful stuff.
>
> So yes, there are lots of Mal-ware Fairies.
>
>
>> Old guy
>
>

I appreciate your 'takes' on my musings, which are somewhat rhetorical
but mostly serious, i will have to agree with Unrah here O'G.
I suspect that the ol' Guile or ineptitude axiom' no longer applies.
With something as complex as an OS and associated 'productivity
packages'[ See how productive we are being now...?] that ineptitude must
be guilefully orchestrated in order to perpetuate.no, increase
exponentially.... the types of intrusions available for all to partake of.

No, i didnt agree with the EULA i was forced under duress to check a box
or be denied the pleasure of a good phuking by the provider of said
EULA. A contact is on binding of both parties benefit..B.T.A.Discussion.

I do read them now and i am amazed at the sophistication of the
obfuscation... The fact that my 'box' came preloaded with trialwear
means the malware fairies arrived in situ. To clarify my originating
bitch {not you mom, I gotta go now...} I am a 20 yr user of
computers with an MSC [but no claim to programming or internet mastery]
and I still feel unable to keep my mail key or personal files 'personal'
because such great efforts are made to swipe them...by the White HATS!

This is forest and trees...I look over the withering slew of code and
look for Motive, capability, 'history' and benefit through intent. In
every instance I come up with, HP has the history, the capability,
proven intent [for eg:7150 printer, CEO bugging...] and stand to benefit
greatly.
This brings to the for our divergent views of 'purpose' and 'value'.
I respect your opinion and god knows I need you expertise, BUT, I did
not imagine that DATA is the most powerful draw today. Even Mafia types
have switched tactics in the last number of 'years?' and the Russians
have just opened a 500million industrial spy center and the
Chinese...[nuff said?] Consumer trends drive this desire for predictive
and indicative data. The mafia found it is easier to siphon 5% of bank
and credit card money than steel it from physical locations. Your ID is
as precious as your spoofable internetbox.

So my originating reasons:
To fight the man [no, wait- I was high in the 70s and..]
To sort the noise from the serious intrusions.
Others may want to avoid a $200,000 payoff to the RIAA for a few
MP3s...they found.
MOST IMPORTANTLY: just to have the choice. if for no other reason than
to have the choice.
IF, cookies are really for MY enhanced experience online, let me decide
when I want to be 'enhanced'.
IF, I am too stupid to know my 5 yr old trial version of Snorton
Pneumatic is as incapable at detecting rootkits, so be it.
IF, I have to be told every 30 seconds that 135 modules might want to be
updated for my own good...I want to have some say in that,
IF, corporate loss is that great it trumps honest and upfront [thats
important, UPFRONT] license confirmation I know there are better ways to
go about it.......and how is that AVG and the purportedly best utilities
and OS are still free????

On a somewhat more serious note, A large and powerful country[s]
think[s] that the lives of thousands of soldiers are worth the 'denial
of choice' masquerading as 'choice' is worth perusing, I have no doubt
industry is just playing catchup....or leading from behind. Did I say
that out loud?

IF....I don't take a leak I will ask my firewall for a shot at it.
Miffed but resigned.

ps.
[i hope you see the humor and the serious side of this. Pragmatically I
guess I am asking not "am I weird for wanting the veto?" but " am I
deluding myself by thinking I have a hope in hell of secure and private
internet usage?"

Re: evesdropping a computer how is it possible, how can it be prevented ?

On 14 Dec 2006, in the Usenet newsgroup comp.security.misc, in article
, Unruh wrote:

>ibuprofin@painkiller.example.tld (Moe Trin) writes:

>> Do read the various End User Agreements that come with the software
>> and hardware - you might be surprised at what you've agreed to.
>
>Well, no, you almost certainly have NOT agreed to it, anymore than by
>reading this post you have agreed that you owe me $1000. (please send it to

Well, we both know that such a legal condition would be thrown out of any
court because I would not be able to see this condition until I had read
this far - but the obvious solution for me is to stop reading the post
and return it for a refund.

That was simple.

Old guy

Re: evesdropping a computer how is it possible, how can it be prevented ?

On Thu, 14 Dec 2006, in the Usenet newsgroup comp.security.misc, in article
, warf wrote:

>I appreciate your 'takes' on my musings, which are somewhat rhetorical
>but mostly serious, i will have to agree with Unrah here O'G.
>I suspect that the ol' Guile or ineptitude axiom' no longer applies.
>With something as complex as an OS and associated 'productivity
>packages'[ See how productive we are being now...?] that ineptitude must
>be guilefully orchestrated in order to perpetuate.no, increase
>exponentially.... the types of intrusions available for all to partake of.

You may want to look at the headers from his post as well as mine. Neither
of us are using windoze.

>No, i didnt agree with the EULA i was forced under duress to check a box
>or be denied the pleasure of a good phuking by the provider of said
>EULA. A contact is on binding of both parties benefit..B.T.A.Discussion.

You agreed voluntarily. Would the alternative be acceptable to you? I
don't know. Did you explore (were you aware of) the alternatives?

>The fact that my 'box' came preloaded with trialwear means the malware
>fairies arrived in situ.

Part of that is the convenience you are buying. Installing software can
be a hassle, especially if you don't know what the software is, and why
it needs to be installed. You _can_ buy computers without installed
software, or with alternatives. May not be easy or convenient to you,
but it can be done. The last system I bought with software installed
was a 486 in 1992. I still have it (it's one of the file servers), but
the software was replaced within a month.

>This is forest and trees...I look over the withering slew of code and
>look for Motive, capability, 'history' and benefit through intent. In
>every instance I come up with, HP has the history, the capability,
>proven intent [for eg:7150 printer, CEO bugging...] and stand to benefit
>greatly.

And the reason you went ahead and bought HP anyway is...

>[i hope you see the humor and the serious side of this. Pragmatically I
>guess I am asking not "am I weird for wanting the veto?" but " am I
>deluding myself by thinking I have a hope in hell of secure and private
>internet usage?"

But are you willing to do the work to attain that goal? Remember the last
point I included in the Wednesday reply to 'Plausible reasons for http
access?'. This stuff isn't simple, and you do need to have an understanding
of what's going on. You don't need to be able to write your own operating
system and applications, but without understanding some of the fundamentals
you are at the mercy of those who do.

Old guy

Re: evesdropping a computer how is it possible, how can it be prevented ?

Unruh wrote:
>
> ibuprofin@painkiller.example.tld (Moe Trin) writes:
>
> >On Wed, 13 Dec 2006, in the Usenet newsgroup comp.security.misc, in article
> >, warf wrote:
>
> >>Please read my recent post about what packages HP gave me when I bought
> >>a new HP paillion dv8310. The good guys are no longer desrving of
> >>"trusted source".
>
> >You state that it's phoning home (or trying to), but you don't indicate
> >why, and how you have determined it's spyware. There is one very valid
> >reason for the software to do so, and another that claims to be valid.
> >The valid reason is to check for security updates because the average
> >luser doesn't understand the concept of keeping the software up to date.
> >There are more than enough horror stories reported where klowns think
> >their computers are "protected" because it came with a 90 day demo of
> >some anti-malware when they bought it five years ago.
>
> >Other software phones home as a license check - to prevent the rather
> >rampant piracy problem costing the companies like microsoft untold
> >millions in software rental income. Do read the various End User
> >Agreements that come with the software and hardware - you might be
> >surprised at what you've agreed to.
>
> Well, no, you almost certainly have NOT agreed to it, anymore than by
> reading this post you have agreed that you owe me $1000. (please send it to
> the address below if you believe that I can bind you with kind of contract).
>
>

You certainly have!

Most, if not all, licenses have a "By using this software, you agree to..."
statement.

Reading the entire license, no matter how long and incomprehensible, is the
responsibilty of the buyer. The seller, by supplying a copy of the license
to you, has met his burden.

Notan

Re: evesdropping a computer how is it possible, how can it be prevented ?

ibuprofin@painkiller.example.tld (Moe Trin) writes:

>On 14 Dec 2006, in the Usenet newsgroup comp.security.misc, in article
>, Unruh wrote:

>>ibuprofin@painkiller.example.tld (Moe Trin) writes:

>>> Do read the various End User Agreements that come with the software
>>> and hardware - you might be surprised at what you've agreed to.
>>
>>Well, no, you almost certainly have NOT agreed to it, anymore than by
>>reading this post you have agreed that you owe me $1000. (please send it to

>Well, we both know that such a legal condition would be thrown out of any
>court because I would not be able to see this condition until I had read
>this far - but the obvious solution for me is to stop reading the post
>and return it for a refund.

Sorry, you read it, you keep it. No refunds.
Note that you do not have a chance to read most End User Agreements either
without opening the package ( and again the stores almost always impose a
"no refund" policy on opened software-- ie you are supposedly bound by
terms you could not have known about and cannot get a refund when you find
out about them).

>That was simple.

> Old guy

Re: evesdropping a computer how is it possible, how can it be prevented ?

Notan writes:

>Unruh wrote:
>>
>> ibuprofin@painkiller.example.tld (Moe Trin) writes:
>>
>> >On Wed, 13 Dec 2006, in the Usenet newsgroup comp.security.misc, in article
>> >, warf wrote:
>>
>> >>Please read my recent post about what packages HP gave me when I bought
>> >>a new HP paillion dv8310. The good guys are no longer desrving of
>> >>"trusted source".
>>
>> >You state that it's phoning home (or trying to), but you don't indicate
>> >why, and how you have determined it's spyware. There is one very valid
>> >reason for the software to do so, and another that claims to be valid.
>> >The valid reason is to check for security updates because the average
>> >luser doesn't understand the concept of keeping the software up to date.
>> >There are more than enough horror stories reported where klowns think
>> >their computers are "protected" because it came with a 90 day demo of
>> >some anti-malware when they bought it five years ago.
>>
>> >Other software phones home as a license check - to prevent the rather
>> >rampant piracy problem costing the companies like microsoft untold
>> >millions in software rental income. Do read the various End User
>> >Agreements that come with the software and hardware - you might be
>> >surprised at what you've agreed to.
>>
>> Well, no, you almost certainly have NOT agreed to it, anymore than by
>> reading this post you have agreed that you owe me $1000. (please send it to
>> the address below if you believe that I can bind you with kind of contract).
>>
>>

>You certainly have!

>Most, if not all, licenses have a "By using this software, you agree to..."
>statement.

Sorry, just as invalid as my -- by reading this you agreed to owing me
$1000.


>Reading the entire license, no matter how long and incomprehensible, is the
>responsibilty of the buyer. The seller, by supplying a copy of the license
>to you, has met his burden.

Read my entire post. It is not incomprehensible at all. I assume that I can
expect a cheque from you in the mail tomorrow.
He has not met his burden of entering an agreement. It is not a license, it
is a contract.

>Notan

Re: evesdropping a computer how is it possible, how can it be prevented ?

On 16 Dec 2006, in the Usenet newsgroup comp.security.misc, in article
, Unruh wrote:
>ibuprofin@painkiller.example.tld (Moe Trin) writes:

>>Well, we both know that such a legal condition would be thrown out of any
>>court because I would not be able to see this condition until I had read
>>this far - but the obvious solution for me is to stop reading the post
>>and return it for a refund.
>
>Sorry, you read it, you keep it. No refunds.

Yeah, my news provider already said they wouldn't refund the delivery
charge. But as you are in Canada, and I'm not - what court are you going
to try to enforce your demand?

>Note that you do not have a chance to read most End User Agreements either
>without opening the package

which renders them unenforceable in a number of countries - shrink wrapped
licenses would be a good term to google for. FOR EXAMPLE:

In the only case in Canada which has considered the question concluded
that software license terms printed inside a user's manual were not
enforceable, because the customer was not aware of the license terms
at the time the software was purchased. The court in the North
American Systemshops Ltd. v. King case held that there must be a clear
indication of the license terms on the outside of the package for the
shrink wrap license to be enforceable. The license terms are
effective only if they are brought to customer's attention before the
transaction occurs. It is not necessary for the customer to be aware
of all of the license terms before the purchase -- only that the
software is subject to a license. However, the customer must be given
a real opportunity to accept or reject the terms (for example, to
return software for full refund).

If a shrink wrap license is found to be unenforceable, the purchaser
is not subject to any restrictions on the use or transfer of the
software (other than limits on copying imposed by copyright law).
Therefore, it is important that software developers and publishers
carefully review the terms of their license agreements and ensure that
customers are made aware of the limitations imposed by the license.

It is also important to note that Canadian law may differ
significantly from United States law in this area. Therefore, software
developers and publishers should ensure that they obtain specific
advise for each country where they distribute their products.

Note: Similar considerations apply to "click wrap" licenses currently
being used with many on-line products and services.

Source: http://www.dww.com/faqs/it.htm See also
http://www.ulcc.ca/en/cls/index.cfm?sec=4!(C=4i

>( and again the stores almost always impose a "no refund" policy on opened
>software-- ie you are supposedly bound by terms you could not have known
>about and cannot get a refund when you find out about them).

which is why they've been overturned. Some retailers have been toasted
about not honoring the microsoft 'return it to your retailer for a full
refund' clause, and are instead demanding return of the computer as well
(sometimes, less a re-stocking fee). At work, we have enough purchasing
clout that that our vendors know we don't want windoze and will not pay
for it. The average consumer lacks that clout even if they are aware
of the choice.

Old guy