!!Email snooping question

We use a microsoft exchange server at our office, and everyone's password is
a certain combination of letters from their first and last name - same for
everyone, so everyone knows each others password. I have noticed that I can,
if I want to, access anyone's e-mail. And of course, the situation is also
reversed. My question is this - if i go into someone else's mailbox, via
internet explorer and through the exchange server, am I easily detected by
our IT guys? And how do i know someone is not in mine?

Shenan
Wed Feb 01 17:39:17 CST 2006

snoopkilla wrote:
> We use a microsoft exchange server at our office, and everyone's
> password is a certain combination of letters from their first and
> last name - same for everyone, so everyone knows each others
> password. I have noticed that I can, if I want to, access anyone's
> e-mail. And of course, the situation is also reversed. My question
> is this - if i go into someone else's mailbox, via internet
> explorer and through the exchange server, am I easily detected by
> our IT guys? And how do i know someone is not in mine?


First - the fact that your passwords are like you describe is moronic.
Someone should be fired.

Second - you don't - and neither do *your* "IT" guys (IT used very loosely.)
With that sort of password policy, I cannot imagine them putting much effort
into anything like detection.

While will give politics and red-tape and such the blame on many things -
allowing a policy such as the one you describe is just beyond dumb. For
everyone involved. I can see using a password system like that for "initial
account setup" and forcing a change for the first logon - but making the
passwords static like that....

Sorry - in your system anyone can do just about anything they want with
whomever's email and pretty well get away with it.

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html

Tom
Wed Feb 01 17:39:15 CST 2006

If your IT guys were stupid enough to set up passwording as you have
described, I don't think you'll have to worry too much about them being
smart enough to detect it ;-)

Tom

"snoopkilla" <snoopkilla@discussions.microsoft.com> wrote in message
news:9F3AC6CA-0005-4534-84CF-BDF0BB16FCBB@microsoft.com...
> We use a microsoft exchange server at our office, and everyone's password
> is
> a certain combination of letters from their first and last name - same for
> everyone, so everyone knows each others password. I have noticed that I
> can,
> if I want to, access anyone's e-mail. And of course, the situation is also
> reversed. My question is this - if i go into someone else's mailbox, via
> internet explorer and through the exchange server, am I easily detected by
> our IT guys? And how do i know someone is not in mine?

snoopkilla
Wed Feb 01 17:54:17 CST 2006

So you are seriously saying I would leave no trace if I decided to cruise
around various people's mailboxs? surely not - there has to be a catch...?????

"Tom [Pepper] Willett" wrote:

> If your IT guys were stupid enough to set up passwording as you have
> described, I don't think you'll have to worry too much about them being
> smart enough to detect it ;-)
>
> Tom
>
> "snoopkilla" <snoopkilla@discussions.microsoft.com> wrote in message
> news:9F3AC6CA-0005-4534-84CF-BDF0BB16FCBB@microsoft.com...
> > We use a microsoft exchange server at our office, and everyone's password
> > is
> > a certain combination of letters from their first and last name - same for
> > everyone, so everyone knows each others password. I have noticed that I
> > can,
> > if I want to, access anyone's e-mail. And of course, the situation is also
> > reversed. My question is this - if i go into someone else's mailbox, via
> > internet explorer and through the exchange server, am I easily detected by
> > our IT guys? And how do i know someone is not in mine?
>
>
>

Robert
Wed Feb 01 18:46:38 CST 2006

Read what Tom said again carefully.

He never said that you would leave no trace. He said that if we use their
password policy as a yardstick, they wouldn't be smart enough to pick up on
what people are doing.

I agree with everything he wrote.

If they thought that something was going on and hired someone who knows what
they're doing, (like me or Tom, for example) to fix the issue then once i
finished laughing myself into a choking fit at their current setup, I'd be
able to get a handle on who is doing what quite easily.

snoopkilla wrote:
> So you are seriously saying I would leave no trace if I decided to
> cruise around various people's mailboxs? surely not - there has to be
> a catch...?????
>
> "Tom [Pepper] Willett" wrote:
>
>> If your IT guys were stupid enough to set up passwording as you have
>> described, I don't think you'll have to worry too much about them
>> being smart enough to detect it ;-)
>>
>> Tom
>>
>> "snoopkilla" <snoopkilla@discussions.microsoft.com> wrote in message
>> news:9F3AC6CA-0005-4534-84CF-BDF0BB16FCBB@microsoft.com...
>>> We use a microsoft exchange server at our office, and everyone's
>>> password is
>>> a certain combination of letters from their first and last name -
>>> same for everyone, so everyone knows each others password. I have
>>> noticed that I can,
>>> if I want to, access anyone's e-mail. And of course, the situation
>>> is also reversed. My question is this - if i go into someone else's
>>> mailbox, via internet explorer and through the exchange server, am
>>> I easily detected by our IT guys? And how do i know someone is not
>>> in mine?

Tom
Wed Feb 01 18:50:51 CST 2006

Exactly, Robert.

Tom

"Robert Moir" <robspamtrap+msnews@gmail.com> wrote in message
news:ezSohI5JGHA.1760@TK2MSFTNGP10.phx.gbl...
> Read what Tom said again carefully.
>
> He never said that you would leave no trace. He said that if we use their
> password policy as a yardstick, they wouldn't be smart enough to pick up
> on what people are doing.
>
> I agree with everything he wrote.
>
> If they thought that something was going on and hired someone who knows
> what they're doing, (like me or Tom, for example) to fix the issue then
> once i finished laughing myself into a choking fit at their current setup,
> I'd be able to get a handle on who is doing what quite easily.
>
> snoopkilla wrote:
>> So you are seriously saying I would leave no trace if I decided to
>> cruise around various people's mailboxs? surely not - there has to be
>> a catch...?????
>>
>> "Tom [Pepper] Willett" wrote:
>>
>>> If your IT guys were stupid enough to set up passwording as you have
>>> described, I don't think you'll have to worry too much about them
>>> being smart enough to detect it ;-)
>>>
>>> Tom
>>>
>>> "snoopkilla" <snoopkilla@discussions.microsoft.com> wrote in message
>>> news:9F3AC6CA-0005-4534-84CF-BDF0BB16FCBB@microsoft.com...
>>>> We use a microsoft exchange server at our office, and everyone's
>>>> password is
>>>> a certain combination of letters from their first and last name -
>>>> same for everyone, so everyone knows each others password. I have
>>>> noticed that I can,
>>>> if I want to, access anyone's e-mail. And of course, the situation
>>>> is also reversed. My question is this - if i go into someone else's
>>>> mailbox, via internet explorer and through the exchange server, am
>>>> I easily detected by our IT guys? And how do i know someone is not
>>>> in mine?
>
>

Galen
Wed Feb 01 21:11:30 CST 2006

In news:OvmWnK5JGHA.648@TK2MSFTNGP14.phx.gbl,
Tom [Pepper] Willett had this to say:

My reply is at the bottom of your sent message:

> Exactly, Robert.
>
> Tom

Boy I wonder how hard it would be to grab admin rights and just do as they
pleased? I really worked in a call center where the password for EVERYTHING
was a football team name. Everyone knew that so anyone could do anything. It
took nearly 3 months to get all the stuff off the system (it was Unix) and
another 6 months to get people to stop coming to me asking how come they
couldn't fix it themselves any more. Fortunately it was MOSTLY (other than
some people hosting stuff in handy directories) harmless and, of the 2 1/2
shifts of 750 seats most end-users just used it to do stuff like check their
time clocks or elevate their rights to resolve caller issues.

Root, yes root, was dallas... Yup... Just plain dallas - no caps...

--
Galen - MS MVP - Windows (Shell/User & IE)
http://dts-l.org/
http://kgiii.info/

"I am glad of all details, whether they seem to you to be relevant or
not." - Sherlock Holmes

Phillip
Thu Feb 02 08:40:30 CST 2006

I don't have the silly password policies that are described here,...but if
one user knew another user's credentials and got into the email I wouldn't
know how to find a "trail". The mail server would have no way to distinguish
the wrong user from the right user since they are both using the same
credentials, and I have never seen any "trail" recorded in Exchange that
would tell me anything anyway. The only thing I ever saw was the last
Access time/date, the last logon time/date, and the user account used for
it,...it doesn't even have the IP# or machine name they came from.

Now in Hollywood movies and TV its just a little "tickita-tickita-tikita" on
the key board and the whole thing pops up on the screen with full details
clearly formated for easy reading in full living color,...probably even
tells what color shirt the guy was wearing. But in the real world it is a
diffent story.

Now if there is a way to track such things, a would like to know how to make
use of it,...it bothers me that I can't,...but I sure don't see a way to do
it. And when I mean a "way" I mean a way to is easy for an admin to get to
and be able to clearly see in the normal GUI. If I have to deal with some
obscure little-known-about commandline tool then that just infuriates me and
isn't a good "solution" to me,...these types of things should be built right
into the Management GUI from day-one.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com


"Robert Moir" <robspamtrap+msnews@gmail.com> wrote in message
news:ezSohI5JGHA.1760@TK2MSFTNGP10.phx.gbl...
> Read what Tom said again carefully.
>
> He never said that you would leave no trace. He said that if we use their
> password policy as a yardstick, they wouldn't be smart enough to pick up
on
> what people are doing.
>
> I agree with everything he wrote.
>
> If they thought that something was going on and hired someone who knows
what
> they're doing, (like me or Tom, for example) to fix the issue then once i
> finished laughing myself into a choking fit at their current setup, I'd be
> able to get a handle on who is doing what quite easily.
>
> snoopkilla wrote:
> > So you are seriously saying I would leave no trace if I decided to
> > cruise around various people's mailboxs? surely not - there has to be
> > a catch...?????
> >
> > "Tom [Pepper] Willett" wrote:
> >
> >> If your IT guys were stupid enough to set up passwording as you have
> >> described, I don't think you'll have to worry too much about them
> >> being smart enough to detect it ;-)
> >>
> >> Tom
> >>
> >> "snoopkilla" <snoopkilla@discussions.microsoft.com> wrote in message
> >> news:9F3AC6CA-0005-4534-84CF-BDF0BB16FCBB@microsoft.com...
> >>> We use a microsoft exchange server at our office, and everyone's
> >>> password is
> >>> a certain combination of letters from their first and last name -
> >>> same for everyone, so everyone knows each others password. I have
> >>> noticed that I can,
> >>> if I want to, access anyone's e-mail. And of course, the situation
> >>> is also reversed. My question is this - if i go into someone else's
> >>> mailbox, via internet explorer and through the exchange server, am
> >>> I easily detected by our IT guys? And how do i know someone is not
> >>> in mine?
>
>

snoopkilla
Thu Feb 02 09:32:55 CST 2006

I read what he wrote carefully, thank you sir.

"Tom [Pepper] Willett" wrote:

> Exactly, Robert.
>
> Tom
>
> "Robert Moir" <robspamtrap+msnews@gmail.com> wrote in message
> news:ezSohI5JGHA.1760@TK2MSFTNGP10.phx.gbl...
> > Read what Tom said again carefully.
> >
> > He never said that you would leave no trace. He said that if we use their
> > password policy as a yardstick, they wouldn't be smart enough to pick up
> > on what people are doing.
> >
> > I agree with everything he wrote.
> >
> > If they thought that something was going on and hired someone who knows
> > what they're doing, (like me or Tom, for example) to fix the issue then
> > once i finished laughing myself into a choking fit at their current setup,
> > I'd be able to get a handle on who is doing what quite easily.
> >
> > snoopkilla wrote:
> >> So you are seriously saying I would leave no trace if I decided to
> >> cruise around various people's mailboxs? surely not - there has to be
> >> a catch...?????
> >>
> >> "Tom [Pepper] Willett" wrote:
> >>
> >>> If your IT guys were stupid enough to set up passwording as you have
> >>> described, I don't think you'll have to worry too much about them
> >>> being smart enough to detect it ;-)
> >>>
> >>> Tom
> >>>
> >>> "snoopkilla" <snoopkilla@discussions.microsoft.com> wrote in message
> >>> news:9F3AC6CA-0005-4534-84CF-BDF0BB16FCBB@microsoft.com...
> >>>> We use a microsoft exchange server at our office, and everyone's
> >>>> password is
> >>>> a certain combination of letters from their first and last name -
> >>>> same for everyone, so everyone knows each others password. I have
> >>>> noticed that I can,
> >>>> if I want to, access anyone's e-mail. And of course, the situation
> >>>> is also reversed. My question is this - if i go into someone else's
> >>>> mailbox, via internet explorer and through the exchange server, am
> >>>> I easily detected by our IT guys? And how do i know someone is not
> >>>> in mine?
> >
> >
>
>
>

Robert
Thu Feb 02 12:46:11 CST 2006

Phillip Windell wrote:
> I don't have the silly password policies that are described
> here,...but if one user knew another user's credentials and got into
> the email I wouldn't know how to find a "trail". The mail server
> would have no way to distinguish the wrong user from the right user
> since they are both using the same credentials, and I have never seen
> any "trail" recorded in Exchange that would tell me anything anyway.
> The only thing I ever saw was the last Access time/date, the last
> logon time/date, and the user account used for it,...it doesn't even
> have the IP# or machine name they came from.

Ah but the IIS logs will have that. Depending on how the permissions are set
they might even show pass-through auth for the "attacker" user's account
just before the login attempt with the "victim" account

> Now if there is a way to track such things, a would like to know how
> to make use of it,...it bothers me that I can't,...but I sure don't
> see a way to do it. And when I mean a "way" I mean a way to is easy
> for an admin to get to and be able to clearly see in the normal GUI.
> If I have to deal with some obscure little-known-about commandline
> tool then that just infuriates me and isn't a good "solution" to
> me,...these types of things should be built right into the Management
> GUI from day-one.

No, it isn't a good solution - you'd need to take the IIS log and search
through it - but its not impossible.


--
--
Rob Moir, MS MVP
Blog Site - http://www.robertmoir.com
Virtual PC 2004 FAQ - http://www.robertmoir.co.uk/win/VirtualPC2004FAQ.html
I'm always surprised at "professionals" who STILL have to be asked "Have you
checked (event viewer / syslog)".

Phillip
Thu Feb 02 16:42:37 CST 2006

"Robert Moir" <robspamtrap+msnews@gmail.com> wrote in message
news:eaHQwjCKGHA.2828@TK2MSFTNGP12.phx.gbl...
> Phillip Windell wrote:
> > I don't have the silly password policies that are described
> > here,...but if one user knew another user's credentials and got into
> > the email I wouldn't know how to find a "trail". The mail server
> > would have no way to distinguish the wrong user from the right user
> > since they are both using the same credentials, and I have never seen
> > any "trail" recorded in Exchange that would tell me anything anyway.
> > The only thing I ever saw was the last Access time/date, the last
> > logon time/date, and the user account used for it,...it doesn't even
> > have the IP# or machine name they came from.
>
> Ah but the IIS logs will have that.

With SMTP, yes
POP3? Maybe, but doesn't that depend on what version of IIS? The IIS on
Server2003 was the first with a POP3 service, but does Exchange use that one
or use one of its own (like Server2000/IIS which had no POP3 service).
With MAPI (Outlook) running on the internal LAN?, I don't think that will be
in the IIS log.

I think the best way to monitor it would be to use some kind of method at
the Database level of Exchange, rather than the transport level before it
gets to the database.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

Robert
Thu Feb 02 17:30:23 CST 2006

Phillip Windell wrote:
> "Robert Moir" <robspamtrap+msnews@gmail.com> wrote in message
> news:eaHQwjCKGHA.2828@TK2MSFTNGP12.phx.gbl...
>> Phillip Windell wrote:
>>> I don't have the silly password policies that are described
>>> here,...but if one user knew another user's credentials and got into
>>> the email I wouldn't know how to find a "trail". The mail server
>>> would have no way to distinguish the wrong user from the right user
>>> since they are both using the same credentials, and I have never
>>> seen any "trail" recorded in Exchange that would tell me anything
>>> anyway. The only thing I ever saw was the last Access time/date,
>>> the last logon time/date, and the user account used for it,...it
>>> doesn't even have the IP# or machine name they came from.
>>
>> Ah but the IIS logs will have that.
>
> With SMTP, yes
> POP3? Maybe, but doesn't that depend on what version of IIS? The IIS
> on Server2003 was the first with a POP3 service, but does Exchange
> use that one or use one of its own (like Server2000/IIS which had no
> POP3 service). With MAPI (Outlook) running on the internal LAN?, I
> don't think that will be in the IIS log.

You're right, I'm thinking of the sort of casual browing in OWA that people
might indulge in, without worrying about it too much or thinking they're
leaving a trace because they don't alter any of their settings. You've got
the log of all HTTP transactions if this is what they're doing.

> I think the best way to monitor it would be to use some kind of
> method at the Database level of Exchange, rather than the transport
> level before it gets to the database.

For sure - and this is where it gets tricky... you can audit damn near
everything that happens of course but good luck seperating the wheat from
the chaff at this point, God knows its difficult enough with my suggestion!

Rob

snoopkilla
Fri Feb 03 09:05:56 CST 2006

Ok, so from a non-techy point of view.

I am at the office, using my iBook on the airport, connected to the internet.
Presumably my activites online can be traced, and the sites I visit can be
monitored.
I use http://exchange.xxxxx.com/exchange. I am asked for a user name and
password.
I give it, i'm in.
Now what is showing up and where?
What are the ISS logs?
Can normal monitoring of my http activity reveal what I am doing if I had to
use a password to get to where I am - is it not secure?
Am I being flagged at all on the exchange server itself?

Sorry but I am somewhat of a tech neophyte but I find this all fascinationg.


"Robert Moir" wrote:

> Phillip Windell wrote:
> > "Robert Moir" <robspamtrap+msnews@gmail.com> wrote in message
> > news:eaHQwjCKGHA.2828@TK2MSFTNGP12.phx.gbl...
> >> Phillip Windell wrote:
> >>> I don't have the silly password policies that are described
> >>> here,...but if one user knew another user's credentials and got into
> >>> the email I wouldn't know how to find a "trail". The mail server
> >>> would have no way to distinguish the wrong user from the right user
> >>> since they are both using the same credentials, and I have never
> >>> seen any "trail" recorded in Exchange that would tell me anything
> >>> anyway. The only thing I ever saw was the last Access time/date,
> >>> the last logon time/date, and the user account used for it,...it
> >>> doesn't even have the IP# or machine name they came from.
> >>
> >> Ah but the IIS logs will have that.
> >
> > With SMTP, yes
> > POP3? Maybe, but doesn't that depend on what version of IIS? The IIS
> > on Server2003 was the first with a POP3 service, but does Exchange
> > use that one or use one of its own (like Server2000/IIS which had no
> > POP3 service). With MAPI (Outlook) running on the internal LAN?, I
> > don't think that will be in the IIS log.
>
> You're right, I'm thinking of the sort of casual browing in OWA that people
> might indulge in, without worrying about it too much or thinking they're
> leaving a trace because they don't alter any of their settings. You've got
> the log of all HTTP transactions if this is what they're doing.
>
> > I think the best way to monitor it would be to use some kind of
> > method at the Database level of Exchange, rather than the transport
> > level before it gets to the database.
>
> For sure - and this is where it gets tricky... you can audit damn near
> everything that happens of course but good luck seperating the wheat from
> the chaff at this point, God knows its difficult enough with my suggestion!
>
> Rob
>
>
>

Patrick
Fri Feb 03 13:36:22 CST 2006

snoopkilla wrote:
> Ok, so from a non-techy point of view.
>
> I am at the office, using my iBook on the airport, connected to the internet.
> Presumably my activites online can be traced, and the sites I visit can be
> monitored.
> I use http://exchange.xxxxx.com/exchange. I am asked for a user name and
> password.
> I give it, i'm in.
> Now what is showing up and where?
> What are the ISS logs?
> Can normal monitoring of my http activity reveal what I am doing if I had to
> use a password to get to where I am - is it not secure?
> Am I being flagged at all on the exchange server itself?
>
> Sorry but I am somewhat of a tech neophyte but I find this all fascinationg.
>
>
> "Robert Moir" wrote:
>
>> Phillip Windell wrote:
>>> "Robert Moir" <robspamtrap+msnews@gmail.com> wrote in message
>>> news:eaHQwjCKGHA.2828@TK2MSFTNGP12.phx.gbl...
>>>> Phillip Windell wrote:
>>>>> I don't have the silly password policies that are described
>>>>> here,...but if one user knew another user's credentials and got into
>>>>> the email I wouldn't know how to find a "trail". The mail server
>>>>> would have no way to distinguish the wrong user from the right user
>>>>> since they are both using the same credentials, and I have never
>>>>> seen any "trail" recorded in Exchange that would tell me anything
>>>>> anyway. The only thing I ever saw was the last Access time/date,
>>>>> the last logon time/date, and the user account used for it,...it
>>>>> doesn't even have the IP# or machine name they came from.
>>>> Ah but the IIS logs will have that.
>>> With SMTP, yes
>>> POP3? Maybe, but doesn't that depend on what version of IIS? The IIS
>>> on Server2003 was the first with a POP3 service, but does Exchange
>>> use that one or use one of its own (like Server2000/IIS which had no
>>> POP3 service). With MAPI (Outlook) running on the internal LAN?, I
>>> don't think that will be in the IIS log.
>> You're right, I'm thinking of the sort of casual browing in OWA that people
>> might indulge in, without worrying about it too much or thinking they're
>> leaving a trace because they don't alter any of their settings. You've got
>> the log of all HTTP transactions if this is what they're doing.
>>
>>> I think the best way to monitor it would be to use some kind of
>>> method at the Database level of Exchange, rather than the transport
>>> level before it gets to the database.
>> For sure - and this is where it gets tricky... you can audit damn near
>> everything that happens of course but good luck seperating the wheat from
>> the chaff at this point, God knows its difficult enough with my suggestion!
>>
>> Rob
>>
>>
>>

While I can't answer your original question (or this one in that
context) I can say this much. I wouldn't be using your laptop anywhere,
but at the office to access your mail. Especially NOT an airport or
anywhere public.

Here's a scenario for you (and this is my opinion only). You are
sitting at an airport, and access http://exchange.xxxx.com/exchange and
log in. Then, you start playing around with other user accounts.
Meanwhile, someone else is sitting in the airport with their laptop, and
they're recording what other people are doing on THEIR laptops. Not
only do they have your username and password, but because you started
playing around, they have other usernames and passwords.

It's a safe bet, that if this happened, your company would do three
things. 1) Put a stop to the stupid password policy. 2) Fire the IT
people and bring in a consultant to find out who was hacking their
systems. 3) Fire you, when the consultant finds that your username and
password are the ones that were used to log in. **Note, this wouldn't
happen overnight, but would eventually happen when the person 'sniffing'
your original access starts causing damage.***

So, truth be known, my recommendation is this. Even if your company
puts out a newsletter showing what everyone's username and password is,
leave it alone. Don't go playing where you don't belong. In the long
run, that's going to keep your job, while someone else loses theirs.

--
Patrick Dickey <pd1ckey43@removethis.msn.com>
http://www.pats-computer-solutions.com
Smile.. someone out there cares deeply for you.

Phillip
Fri Feb 03 13:50:19 CST 2006

"Robert Moir" <robspamtrap+msnews@gmail.com> wrote in message
news:O5v$kCFKGHA.4068@TK2MSFTNGP10.phx.gbl...
> > I think the best way to monitor it would be to use some kind of
> > method at the Database level of Exchange, rather than the transport
> > level before it gets to the database.
>
> For sure - and this is where it gets tricky... you can audit damn near
> everything that happens of course but good luck seperating the wheat from
> the chaff at this point, God knows its difficult enough with my
suggestion!

I guess in December when I sit on Santa's lap I'll ask that he get the
Exchange Development team to build more forensic abilities into the Exchange
MMC,...maybe even something that can be added "backwards" on to the
Exchange2000 MMC (that we are still using).
:-)

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

Phillip
Fri Feb 03 14:05:32 CST 2006

"snoopkilla" <snoopkilla@discussions.microsoft.com> wrote in message
news:D32A839F-EBFB-401B-AE4E-F29373940C77@microsoft.com...
> I am at the office, using my iBook on the airport, connected to the
internet.
> Presumably my activites online can be traced, and the sites I visit can be
> monitored.
> I use http://exchange.xxxxx.com/exchange. I am asked for a user name and
> password.

Since you would be using OWA,...which is just a glorified Website,...it
would show in the IIS logs as Robert said. It would show the IP that you
came from if you were not behind a NAT Firewall or a Proxy,...in which case
it would only show the IP of the NAT Firewall or Proxy. It would then show
the Username of the account you logged in with.

That's it,...the Username and the *percieved* IP#,...neither of which proves
who the real human really was. Anyone who knows the credentials of the
account can use the account. Now if the laptop took a snapshot of your face
and passed it to IIS and IIS stored it in the logs so someone could go back
an look at the picture,...then you could verify who the human was,...but the
Star-Trek era has not arrived yet.

Bio-authentication devices can prove who the human was to the laptop (unless
someone cut off your finger and used it),...but that still isn't going to
prove anything to IIS. Now in theory, you could match the event log's
"time" on the laptop when you logged in to the "time" in the IIS logs,...but
that could be a lot of work and you still couldn't prove that the IP in the
IIS log was actually that very same laptop since you would be using dymanic
IP#s while traveling that would be always changing.

Even the most "bumbling", non tecnical user is often more technically
accurate then how technically accurate Hollywood is in the movies. I
usually have a tough time watching such shows because I end up screaming at
the TV over how stupid and unrealistic all their BS really is. Unless you
are talking Sci-Fi, then it is meant to just be fantasy anyway and that's
ok.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Deployment Guidelines for ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/prodtechnol/isa/2004/deploy/dgisaserver.mspx
-----------------------------------------------------

Phillip
Fri Feb 03 14:20:31 CST 2006

"Patrick Dickey" <pd1ckey43@msn.com.removethis> wrote in message
news:OxuZekPKGHA.648@TK2MSFTNGP14.phx.gbl...
> Here's a scenario for you (and this is my opinion only). You are
> sitting at an airport, and access http://exchange.xxxx.com/exchange and
> log in. Then, you start playing around with other user accounts.
> Meanwhile, someone else is sitting in the airport with their laptop, and
> they're recording what other people are doing on THEIR laptops.

The "recording" part of it is the real trick to perform though. That's
another one of those "Hollywood" things.

Sniffing only works on "hubbed" systems, not "switched" systems and "hubbed"
setups are pretty much a thing of the past. Sniffing only works on
"swtiched" network if the Switch doing the switching in the same Layer2 path
has a "monitoring port" configured (on purpose, ahead of time, by the
administrator of the system) for the specific switch port the "target" is
comming into the switch on. Wireless Devices also have their own way of
dealing with that,...otherwise I could sit ouside in my front yard with a
laptop and gather passwords all day long from people living near my house
(there is more to it than simply connecting to their unsecured wireless
LAN).

I'm not saying that their isn't a risk,..there are risks. But things just
aren't as simple as they appear in movies or in the literature trying to
sell you some kind of "security device". There is a ton of work that has to
go into it all so that the "perp" and make the risk "happen" in their favor,
and the people who have such skills are not really lurking around every
corner.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Deployment Guidelines for ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/prodtechnol/isa/2004/deploy/dgisaserver.mspx
-----------------------------------------------------

Robert
Sat Feb 04 04:13:46 CST 2006

Phillip Windell wrote:
> "Patrick Dickey" <pd1ckey43@msn.com.removethis> wrote in message
> news:OxuZekPKGHA.648@TK2MSFTNGP14.phx.gbl...
>> Here's a scenario for you (and this is my opinion only). You are
>> sitting at an airport, and access http://exchange.xxxx.com/exchange
>> and log in. Then, you start playing around with other user accounts.
>> Meanwhile, someone else is sitting in the airport with their laptop,
>> and they're recording what other people are doing on THEIR laptops.
>
> The "recording" part of it is the real trick to perform though. That's
> another one of those "Hollywood" things.
>
> Sniffing only works on "hubbed" systems, not "switched" systems and
> "hubbed" setups are pretty much a thing of the past.

Of course, if he's talking "Airport" in the context of an iBook, he's
talking about Apple's implementation of Wireless technology.

Wireless access points are hubs...

Phillip
Sun Feb 05 04:15:36 CST 2006

"Robert Moir" <robspamtrap+msnews@gmail.com> wrote in message
news:ee6DuOXKGHA.2040@TK2MSFTNGP14.phx.gbl...
> Of course, if he's talking "Airport" in the context of an iBook, he's
> talking about Apple's implementation of Wireless technology.
>
> Wireless access points are hubs...

All of them? I haven't experimented with Wireless much. I know you can
connect to about any unsecured Wifi LAN, but are they all open "hubs"
between the hosts connected to it. I haven't experimented with them because
I don't own any, and I don't own any because I don't trust them very much.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Deployment Guidelines for ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/prodtechnol/isa/2004/deploy/dgisaserver.mspx
-----------------------------------------------------

Robert
Sun Feb 05 16:19:24 CST 2006

Phillip Windell wrote:
> "Robert Moir" <robspamtrap+msnews@gmail.com> wrote in message
> news:ee6DuOXKGHA.2040@TK2MSFTNGP14.phx.gbl...
>> Of course, if he's talking "Airport" in the context of an iBook, he's
>> talking about Apple's implementation of Wireless technology.
>>
>> Wireless access points are hubs...
>
> All of them? I haven't experimented with Wireless much. I know you
> can connect to about any unsecured Wifi LAN, but are they all open
> "hubs" between the hosts connected to it. I haven't experimented with
> them because I don't own any, and I don't own any because I don't
> trust them very much.

And I guess the idea that they're all hubs is just proving that you're right
to be cautious about them ;-)

Yes, all the ones I've used are hubs.

If you think about it, to a certain extent they can do what they want with
the electronics on the access point all day but they can't stop people
sniffing the connections at the transport layer because anyone with a
receiver in the right frequency range can just sit there and let the signals
come to them with no bother.

All you can do is encrypt the signals and hope the cost/effort of decrypting
them is higher than the listener is willing to pay.

alun
Sun Feb 05 18:38:40 CST 2006

In article <OnXc4IqKGHA.3492@TK2MSFTNGP09.phx.gbl>, "Robert Moir"
<robspamtrap+msnews@gmail.com> wrote:
>Yes, all the ones I've used are hubs.
>
>If you think about it, to a certain extent they can do what they want with
>the electronics on the access point all day but they can't stop people
>sniffing the connections at the transport layer because anyone with a
>receiver in the right frequency range can just sit there and let the signals
>come to them with no bother.

One of the signs of a well-thought-out solution is that things that are
impossible to effectively hide are not ineffectively hidden. As you say, in
wireless, everyone can sniff the traffic - radio broadcasts are clearly
publicly receivable. So, if you want any kind of security...

>All you can do is encrypt the signals and hope the cost/effort of decrypting
>them is higher than the listener is willing to pay.

You can increase that cost by improving the quality of the encryption, of
course.

Consider, too, the different kinds of encryption likely to be in place:

Weak access-point-level encryption segregates those who have access to the
network from those who do not have access to the network.

Strong access-point-level encryption segregates each client from each other
client, so that they use different session keys.

Alun.
~~~~

[Please don't email posters, if a Usenet response is appropriate.]
--
Texas Imperial Software | Find us at http://www.wftpd.com or email
23921 57th Ave SE | alun@wftpd.com.
Washington WA 98072-8661 | WFTPD, WFTPD Pro are Windows FTP servers.
Fax/Voice +1(425)807-1787 | Try our NEW client software, WFTPD Explorer.

Mister
Mon Feb 06 14:03:44 CST 2006


"Phillip Windell" <@.> wrote in message
news:ulBNRsPKGHA.2628@TK2MSFTNGP15.phx.gbl...
>
> I guess in December when I sit on Santa's lap ...


That's an awfully progressive admission from an avowed right-winger like
your self, Phillip.

:-)

--
MK

Phillip
Mon Feb 06 14:54:54 CST 2006

"Mister Murtz" <misterkurtz@invalid.com> wrote in message
news:%239B$zh1KGHA.916@TK2MSFTNGP10.phx.gbl...
>
> "Phillip Windell" <@.> wrote in message
> news:ulBNRsPKGHA.2628@TK2MSFTNGP15.phx.gbl...
> >
> > I guess in December when I sit on Santa's lap ...

> That's an awfully progressive admission from an avowed right-winger like
> your self, Phillip

Hows that?

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

Patrick
Fri Feb 10 11:21:48 CST 2006

Phillip Windell wrote:
> "Patrick Dickey" <pd1ckey43@msn.com.removethis> wrote in message
> news:OxuZekPKGHA.648@TK2MSFTNGP14.phx.gbl...
>> Here's a scenario for you (and this is my opinion only). You are
>> sitting at an airport, and access http://exchange.xxxx.com/exchange and
>> log in. Then, you start playing around with other user accounts.
>> Meanwhile, someone else is sitting in the airport with their laptop, and
>> they're recording what other people are doing on THEIR laptops.
>
> The "recording" part of it is the real trick to perform though. That's
> another one of those "Hollywood" things.
>
> Sniffing only works on "hubbed" systems, not "switched" systems and "hubbed"
> setups are pretty much a thing of the past. Sniffing only works on
> "swtiched" network if the Switch doing the switching in the same Layer2 path
> has a "monitoring port" configured (on purpose, ahead of time, by the
> administrator of the system) for the specific switch port the "target" is
> comming into the switch on. Wireless Devices also have their own way of
> dealing with that,...otherwise I could sit ouside in my front yard with a
> laptop and gather passwords all day long from people living near my house
> (there is more to it than simply connecting to their unsecured wireless
> LAN).
>
> I'm not saying that their isn't a risk,..there are risks. But things just
> aren't as simple as they appear in movies or in the literature trying to
> sell you some kind of "security device". There is a ton of work that has to
> go into it all so that the "perp" and make the risk "happen" in their favor,
> and the people who have such skills are not really lurking around every
> corner.
>

While this scenario started a debate, I have a feeling the most
important point of my original post was lost. So, I'll just reemphasize
it, instead of contributing more to the debate, as I don't have
wireless, and haven't used the access in airports, schools, or even rest
stops along the Interstate.

The important point from my original post is this. If it's not yours,
don't mess with it. Or, as I put it in the original post,
> Don't go playing where you don't belong. In the long run, that's going to keep your job, while someone else loses theirs.

If you don't mess around with other people's accounts, then you don't
have to worry about whether or not someone will 'sniff' your
transmission at a public airport (or anywhere) and use your account to
mess with the accounts that you played with. And, you won't have to
worry about whether or not someone can (or will) detect your activities.
In other words, STAY OUT.

--
Patrick Dickey <pd1ckey43@removethis.msn.com>
http://www.pats-computer-solutions.com
Smile.. someone out there cares deeply for you.