[Wolves] Consultancy work thingie for union office. BAMBAM!

sparkes sparkes at phreaker.net
Thu Jan 8 13:27:16 GMT 2004

On Thu, 2004-01-08 at 09:49, Old Dan wrote:
> Hi all
> I've been asked to do a security consultancy thingie for a union buddy 
> of mine who works as a part-time union official in a particularly 
> bolshie union office.
talking of which (in typical lug style to hijack a legit post and turn
it into a polical debate)
it seems that article 11's freedom of association really just means the
freedom to carry a union card :-( thank you house of lords, don't forget
your time is up and you are first against the metaphorical (or actual)
come the revolution.

> They have this problem - they believe their computers are being spied on 
> by management.  I think I concur - I looked at the machines a few months 
> ago and found WinVNC running on them.  The computers belong to the union 
> office, not the organisation, but they have a service agreement with 
> them which restricts what they can do.
Check the service aggrement if they do not agree to the computer in
question being monitored then the employer should be in hot water.  If
they do then... balls.

There might be some data protection act things that can be done to get
the firm to tell the union what they process and how it is stored.  This
is the reason for adding BAMBAM to the message.  If it wakes him up he
could have advice on this

> Now I've got rid of WinVNC from their machines but they still are 
> paranoid management are nicking off with their files when they aren't 
> there.  What they want is unmonitored (at least by management) internet 
> access and a way to secure their files so management don't get a 
> look-see.  I was thinking smoothie for the internet access and maybe the 
> use of an external hosting service running tikiwiki or somesuch for the 
> files - it will slow them down I know but at least they'd be sure there 
> is no snooping going on, and they'd have external access.  (I'll give 
> them a crash course in secure passwords... :) )  They are running XP.
disconnect the machine from the lan if that is allowed under the service
aggrement.  Holding the data on another machine (such as the webserver
wiki) and connecting to this via ssl should help a little.  Check for
hard ware keyloggers.  blitz xp and reinstall (if allowed) or even
better migrate to a different os.  

In fact just tell them they are breaking european law and will get their
asses busted if they continue.  encrypt everything and store the keys in
usb keyfobs.  In fact move to linux and refuse to boot or decrypt the
filesystems without one of the fobs containing the keys. I think fizzy
can help with the last suggestion.



More information about the Wolves mailing list