RE: [squid-users] grab password from url

Why not pick up a keystroke logger and install it on the employee's
computer? That will log all keystrokes he makes. If you know the name of the
virtual hard drive site, then just search for that and you'll be in the
right section of the log file the logger creates. If the user has the site
bookmarked with a saved password/url then it would be just as easy to access
the PC and have access to the bookmark/favorite and find out the password
that way too.

Chris

-----Original Message-----
From: Luca Marchiori [mailto:luca@logicasas.it]
Sent: Friday, January 07, 2005 6:49 AM
To: Henrik Nordstrom
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] grab password from url

Hi Henrik.

> So your real question is if it is possible to determine with the help
> of Squid if this employee is uploading confidential information to a
> third party web site.

No ! My REAL (and original) question is if it is possible to grab user and
password from an url.
Sorry, but I heat when one change my question because "I'm sure you intend
this question and not the original one you made".
I am a consultant, my customer wanna know user and password for the virtual
hard drive and I have to give it him. Stop.
We already know the employee is uploading confidential information to the
internet.

> >From the Squid logs you can easily tell what web sites the user is
> visiting, and how often.

Already done! This is the way I discovered the abnormal traffic.

> If you think this is being done and is done in good faith then the
> best action is to simply ask the employee if he is doing this or if he
> is aware what the implications of doing so would be.

Not technical and/or squid matters. I'm not payed for asking employees, I'm
payed for discover the password.

> Generally speaking, if the web site is https based then all you can
> see is the amount of traffic going in both directions, but if it is
> http based then everything can be seen (just dump the network traffic
> and analyze it). This is not directly related to Squid but any Internet
usage.

Already done! HTTPS. Traffic confirm our suspect. We need user/password,
remember ? :-)

> In an ethical point of view stealing the users personal login details
> to this third party web site by analyzing his traffic is very dubious
> in my view, and probably illegal in many countries.

My customer knows all. He pays me for technical things and he will pay
lawers for them things.

>You surely should be able to
> make up better approaches in proving/disproving the claims of
>Internet connection abuse.

Already done with a HW keylogger (fantastic toy !).

Sorry again If i was acid in this mail.

Bye from Italy and Happy 2005 !!!
LM
Received on Fri Jan 07 2005 - 06:18:30 MST