Sign in to follow this  
Followers 0
Panda

Cookies?

5 posts in this topic

Trying to find some information regarding this:

My mother has been having some shit thrown at her in work today for visiting sites she's not been on, basically besides doing her work she's visited a few websites (as you do) and they've managed to check some logs and it's came up with shit loads of url's and they're going to use this against her and maybe try sacking her.

Of course I was wondering why is it showing up so many url's that's she had supposed to have visited. Would it be in the cookies?

My mother goes through the Tools > Internet Options > Deletes browsing history (cookies etc) each day but I'm sure it would be logged on her server yeah? but would that show up more url's than it's supposed to? e.g. going on a website which has loads of advertising and it saving those advertising sites (hence my mother not knowing half of the sites they thrown at her in the list)

Any help would be greatly appreciated to try and give my mother

(Admins move this to the appropriate forum if it don't fit here) :)

-Panda

0

Share this post


Link to post
Share on other sites

It's possible that this particular company has gathered these logs from an internal proxy or a potentially transparent web cache. It's also possible that they are fake.

It's not easy to determine what exactly the case is without knowing who the employer is, or anything about their network topography.

If her workstation has a static internal IP address, then perhaps they are assuming that because her IP address is shown in the logs that she browsed the sites in question. Otherwise, if your mother's workstation's IP address is dynamically assigned from a pool (via dhcp more than likely) then they should be able to produce logs of the dhcp lease assignments which will correlate with the timestamps on the supposed webcache/proxy logs in question.

Though, neither both dhcp and web traffic logs will be able to guarantee that she was viewing the sites, even if they want to produce some form of network-wide authentication logs proving that she was logged in from that particular workstation at the time, it still doesn't prove anything, as it is quite possible that someone else on the network may have used ARP poisoning to perform a man-in-the-middle attack which would allow them to alter, deny, and inject traffic to and from her workstation.

It's important that the logs presented have time stamps which correlate with the hours she was around her office or place of work on the particular days in which this extra browsing occured.

Otherwise it's quite possible that some form of malware installed is facilitating someone (or something) else's browsing via her box.

Though if all else fails, and she did actually view this pages, whether by accident or not. It'd be wise for her to use some form of tunneling in future, like a connection to a VPN (see http://www.secureix.com/) or an onion-routing network (http://tor.eff.org/).

In any case, good luck.

Edited by Inode
0

Share this post


Link to post
Share on other sites

If you're mother's company use a proxy server, they could be getting the logs from that.

0

Share this post


Link to post
Share on other sites

it was me sorry ... I was using your intertubes as a proxy

* proxy server

* screen capture

* cam's

* network sniff

* HDD forensics

thats just some of the many ways you can find out where somebody has been in the intertubes

tell her to get a laptop and use torpark :) or set her up a nice tunnel

Edited by operat0r
0

Share this post


Link to post
Share on other sites

Tunnelling to avoid detection when you know you are being monitored is a good-way to get shit-canned, real fast.

Most work places don't mind occasional browsing, if you want to game or whatever else I know my previous employers were all for it - during your lunch hour or on breaks. For corporate to be concerned somebody around the office would have had to taken notice of all the time being wasted and potentially inappropriate sites being visited, that or somebody there hates her and wants her gone.

If 'she' (you?) have an eBay/gambling/gaming addiction - get it under control, it's bad enough don't bring it to work.

If she has a porn addiction - sleep with someone around the office (maybe the person in charge of web filtering, you know, unless she is fugly).

Assuming she has to login to her workstation, authenticate with a server and the login hours are stored somewhere. All access taking place during those hours would be her responsibility and any logging software or server in place won't care if you clear the local cache - the traffic is stored elsewhere. Any savvy employer would disallow laptops and third-party devices, give users limited accounts without the ability to install software (like Tor), potentially screen-capturing software that will capture regardless of whatever proxies you use, and have a policy in place restricting the use of proxies or attempting to hide evidence - usually as grounds for immediate dismissal.

0

Share this post


Link to post
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  
Followers 0