Page 3 of 7 FirstFirst 12345 ... LastLast
Results 21 to 30 of 66

Thread: Fiction author needing help with research question...please...

  1. #21
    Member
    Join Date
    Apr 2003
    Posts
    95
    Most (even small) practices I have seen do have a small network. What about the scenario where theres a server but theres a huuuge giant lock on the door so the theif breaks into the doctors office and uses a boot cd aproach on the workstation. If the data was stored on the server then even if the local machine was compromised the server would still be able to log the file access. Of course the problem with this scenario is if its an outlook style contacts list i dont think it would be stored on the server. Although with it being in a medical establishment its possible they would use bespoke/specialist software to store the patients details and contacts etc could be a part of that.

  2. #22
    Antionline Herpetologist
    Join Date
    Aug 2001
    Posts
    1,165
    Hmm,
    Building on this, what if there was a secure server (maybe someone else set it up for him or maybe the doc was just a security enthusiast like us?) with all the data and the doc routinely used his laptop to establish a wireless connection with it. Thus, someone breaking in would simply connect his own laptop to the wireless LAN and pull the data off? Maybe the doc wrote down the password somewhere. Later, the guy who set it up for the doc can come and look at the logs if the doctor suspects a break-in...

    Cheers,
    cgkanchi
    Buy the Snakes of India book, support research and education (sorry the website has been discontinued)
    My blog: http://biology000.blogspot.com

  3. #23
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    I didn't read this whole thread, but I wanted to point you to some more info a weakness in swipe cards that may give your character an easy entry.

    Breaking into the office can mean a number of things, too. Use of a stolen swipe card? Surgically removed the eyeball of a high security tech for the company? Jimmied the security in the doors? Coattailed behind some sleepy tech or security guard on the way in?

    Depending on the building, the company's physical security and the ways that ingress and egress to the office/building is managed, that can help track the perp.

    Social Engineering, the Shoppers' Way
    http://www.darkreading.com/document....T.svl=tease3_2

    I've heard of other weaknesses of electronic locks that rely on RFID. It is possible to clone an RFID signal creating a duplicate keycard.
    http://www.wired.com/wired/archive/14.05/rfid_pr.html

    On my way to work, but that reply by rapier57 quoted above really peaked my interest since I was reading about electronic locks for a new facility I'm planning.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  4. #24
    If they were to boot from a live CD then they'd need some writable media to put the stolen infomation on, a floppy for instance. If the thief had to leave in a hurry they might be careless enough to take the infomation home on thier floppy but leave the live CD in the computer.

    Something I noticed my doctor using recently was a key card in a slot attached to thier keyboard, I would assume that the computer locks up without it, it seemed quite sensible but I could easily imagine a lazy doctor leaving thier key card in when they had to awnser natures call or whatever.
    \"Some say they go looking for Drugs, Dirty Dancing and Pounding, Pounding Techno Music.\"
    *ahem* contact me

  5. #25
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,243
    cgkanchi is correct, I do want the theft to be detected. The theives are smart, but not smarter than the hero.
    The thief's NOT the hero? What kind of story is this?
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  6. #26
    Junior Member
    Join Date
    Jul 2006
    Posts
    10
    I have to say that I'm amazed and thankful for everyone's willingness to help. I think that I have this sussed out...

    I'm going to fill in a bit of the back story for context. The main hero is a 379 year old vampire by the name of Byron Renfield. The heroine a human psychiatrist. My mythology is a bit unconventional. So often the vampire is the seducer. In my corner of the universe he's a good boy in search of redemption. He'd isolated himself away from society to avoid temptation, but our heroine shows up and "corrupts" him...or saves him...depending on your perspective. That's greatly simplified, but all the mythology isn't really of significance.

    Our hero, in choosing to give up his life of service to the clan in favor of his mate, pisses off the other immortals. There is a tremendous amount at stake...financially and spiritually. So, **** starts to happen. The bad guys go after the girl.

    One thread involves them gaining access to her appointments so that they know where she is going to be and when...that way they can possibly stage an abduction.

    Here's what I'm thinking about based on feedback. Will this ring true?

    The psychiatrist isn't all that savvy about computers, but suitably concerned about confidentiality and the current government regulations (HIPAA/SOX). She hires someone who is a friend of the receptionist to set up her computer system in the office.

    This "Friend" installs something that traces stuff like cyberuk mentioned. Perhaps StealthAudit and Wireshark (I have a character from an earlier work that would be fun to bring back for this.)

    When the break in happens a forensics type is called in. Forensic guy figures that the thief used a live CD to gain access to the system. The logs show there was a download through a USB device and that the calendar and contacts files were transmitted.

    Does that work? Am I understanding suggestions correctly?

    Sam

    P.S. For those that are curious...yes, there is hot sex in the book. Mostly because I write for an adult audience, so in the sex scenes I don't pull punches. I write stories about people...adult people (and vamps) have sex. I don't write about sex around which I try to create a flimsy plot. That should help explain my desire to do the necessary research. Admittingly, I don't profess to have this piece nailed down...quite the contrary...I'm working to make this story ring true to the extent possible and this aspect is something I need help with. I want to engage my readers and create something believable enough to captivate them. You've given me a fabulous start. I'm completely taken aback by how generous you all have been._ I don't want to make this unnecessarily complex. But I want it to feel real._

    P.S.S. Loved the bit about the swipe card...I'm going to use it. That's too good to pass up!

    Do they really call in penetration testing?

  7. #27
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    Do they really call in penetration testing?
    Yep...

    thats where they probe all the ports....

    for response...err vulnerabilities

    Sure sounds interesting...kinda like Ann Rices alter ego (I cant remember what name she used for her "adult" series)

    One thing is...if they use a live CD and a usb key...I am not sure there would be any trace of the breakin...because you wouldnt load the OS...hence the audit software...

    Maybe they could use the live cd to load a piece of malware onto the computer...and then the stealthaudit\wireshark software would find it calling home...or something like that.

    MLF

    edit>http://www.amazon.com/gp/product/045...lance&n=283155

    Ann Rice as A. N. Roquelaure
    How people treat you is their karma- how you react is yours-Wayne Dyer

  8. #28
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,243
    Just some suggestions, for plausibility's sake:

    This "Friend" installs something that traces stuff like cyberuk mentioned. Perhaps StealthAudit and Wireshark (I have a character from an earlier work that would be fun to bring back for this.)
    Have the 'friend' install a keylogger. A keylogger, hardware or software, would give a perp the info they need to track someone, even emailing the info to the perp. And they are not uncommon. I don't know about StealthAudit, but Wireshark is a good-sized program that would not be used as you are describing.

    Keyloggers are much more detectable than if someone used a live cd. As morganlefay says, use of a live cd is virtually undetectable. Keyloggers, being detectable, play better into your storyline.

    My limited knowledge of StealthAudit is that it is a Windows program and would be rendered useless by a live cd.
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  9. #29
    Junior Member
    Join Date
    Jul 2006
    Posts
    10
    Someone shows up at the office unexpectedly on a Sunday. The bad guy hears them enter through the reception area and clobbers her over the head as she walked into the inner office where the computer is and the patient's records. So they know that there was an intruder in there...that prompts them to look at the systems to see what's been accessed.

    Given that...does the scenario work?



    "thats where they probe all the ports....

    for response...err vulnerabilities"....can I steal that line?

    Sam

  10. #30
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    can I steal that line?
    LOL.............Sure

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •