August 21st, 2003, 11:41 PM
I have a little querstion. Here is a quote from the site
How could that be true i thought PGP could be cracked?
PGPDisk - As an additional security feature, to all P2P programs, is that ES5 integrates seamlessly with PGPDisk (which is a free program and will be provided by ES5 to its users) that lets you encrypt your disk drives to store your P2P content. No one except you will ever be able to see your files
, not your kids, your spouse, your mother, your boss, the FBI
, the KGB or anyone else!
August 21st, 2003, 11:47 PM
With a good encryption and a good passphrase, PGP can be cracked...after something like 50 years of computer calculations.
Life is boring. Play NetHack... --more--
August 21st, 2003, 11:49 PM
The idea is not new... it is just now being applied to p2p fileswap programs.
I was wondering when something like this would come out.
To see a similar project... check out freenet.
I was able to install as a "poweruser", but not as just a "user".
Think about it. How the hell would you discover this on your network? Protocol analyzers will be useless, sniffers, yep, they'll be worthless. Firewalls - a trivial joke. If you walk up to the workstation, the damn thing is locked up using PGP keys.
Hmm... maybe an asset manager... to audit every workstaiton and then you can create a report for the workstations whose software changed.
I use TrackIT to keep track of workstations, system info, help desk calls, software installed on each machine, etc. Nice product... though, I'm not sure the price of it.
The BSA also has some free tools... maybe incorporate them with a logon script and then maybe look for offending or unauthorized programs. I'm not sure if this process can be automated... as I've never used the tools that the BSA offers. I just use TrackIT and then create reports.
August 22nd, 2003, 12:27 AM
Did not know that thx for the info.
Originally posted here by KissCool
after something like 50 years of computer calculations.
August 22nd, 2003, 05:03 AM
I completly agree with you on this, but check this out:
And It is always dangerous to let p2p programs on a computers without good protections.
go to http://www.earthstation5.com/stealth.html to check out more that es5 has to offer to its users.
PGPDisk - As an additional security feature, to all P2P programs, is that ES5 integrates seamlessly with PGPDisk (which is a free program and will be provided by ES5 to its users) that lets you encrypt your disk drives to store your P2P content. No one except you will ever be able to see your files, not your kids, your spouse, your mother, your boss, the FBI, the KGB or anyone else!
EDIT: woops sorry all of these posts came in so fast, i didnt know someone posted the same stuff i posted above me. sorry about that.
Support your right to arm bears.
^^This was the first video game which i played on an old win3.1 box
August 22nd, 2003, 05:40 AM
I've been playing around with this software, and one thing I don't like about it, is I had to start forwarding ports on my router. So once I start doing this, wouldn't open up several new ways for people to get into my computer using tools such as fpipe?
To me, its not worth the risk
August 22nd, 2003, 08:33 AM
pslist -t \\WorkStationName
incorporate this in a script or for loop and run it
periodicly and | it threw find "ProcessName" im sure the
process still shows up.
for /F "tokens=1" %X in (workstations.txt) do pslist -t %X |find "ProcessName" >>some.txt
should tell you if its on the network
haven't tried trackit yet phish but pslist is free from systernals
if someone would be so kind as to supply the process name !?!
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
August 22nd, 2003, 10:11 AM
Okay, so stopping this is going to be a pain in the @$$
How about preventing it from being installed in the first place.
We could all ask our AV providers to provide extra signature files that identify the apps/install themselves and treat them as a virus - hence the P2P stuff doesn't get onto the network to start with.
IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com
August 22nd, 2003, 12:40 PM
I was able to install as a "poweruser", but not as just a "user".
this looks like one way to stop it, personally the only people on the business network that are power users are myslef and a manager that has no clue about computers, and even his login is restricted using GPO.
so as long as you set everyones rights to 'user', you should be okay
What colour do smurfs go when they hold there breath???
August 22nd, 2003, 02:11 PM
This kind of thing usually gets me in trouble...... but sometimes the direct approach works....
I wrote the following email to ES5's contact, Ras:
I will wait to hear his uncontrollable laughter........
While I appreciate the work you have done with ES5 and fully appreciate any and all efforts to thwart the somewhat idiotic attempts by the MPAA and RIAA to have government enforce their own profit gathering I also have a responsibility to my company to enforce it’s policies within our own network. One of those policies is that copyrighted material may not be downloaded and utilized in breach of any law. We are a non-profit organization, (read: we have no money….<s>), and downloading files such as those ES5 would provide causes clogging of our already limited bandwidth and potentially opens my company up to liability should we be discovered. I appreciate that they way you have written ES5 is quite close to “bullet-proof” but my company can still be sued on verbal evidence, (User X goes running around telling the wrong people how he uses ES5 at work and it can’t be stopped or detected).
My question: Is there a consistent signature(s) in the initial packets, or subsequent packets that I, as a systems administrator, can capture with an IDS to alert me to your product’s use?
As I said above, I personally commend you for your work and would recommend your product to any of my users that wish to use a P2P network from their home but I do have a responsibility to my company and I would be negligent should I not try to properly enforce the policies I myself wrote.
Any assistance in this would be greatly appreciated,
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides