Tips and Tricks for Detecting Eavesdropping Devices

First of all, let me thank the many of you who have requested that we
produce a "Tips and Tricks for Eavesdropping Detection" video similar
to award winning issue awareness video, The Red Balloon about
industrial espionage and eavesdropping (http://www.tscmvideo.com).

Then answer is yes and we are in the script development stage of what
will probably be a two to four hour video. While I am relatively sure
that we have covered most areas, I also accept that sometimes you can
be too close to the tress to see the forest. What I need from the
groups are ideas about what specifics you would like to see covered.

Also, we are going to press next week for the Spanish version of
Telephone Eavesdropping and Detection, which is the textbook I used at
the Texas A&M's Advanced Telephone Eavesdropping Detection 40 hour
seminars. The book will cost the same prices as the English version,
but will have a red cover. All 300 original technical illustrations
have been converted to Spanish also. (http://www.tscmvideo.com/book-
telephone-eavesdropping.html).

Since we do not have a Spanish website, we are currently looking for
distributors/dealers in Latin America.

Thank you,

Charlie Taylor

(E-Mail Removed)

(E-Mail Removed) hath wroth:

>First of all, let me thank the many of you who have requested that we
>produce a "Tips and Tricks for Eavesdropping Detection" video

I don't recall anyone requesting such a thing, but if you want to
proceed, I'll try to help.

>What I need from the
>groups are ideas about what specifics you would like to see covered.

I see. I get to do your work for you. No problem. It's actually a
good idea as I need something to terrorize the suits and PHB's. In
random order:

- List of exploits and corresponding effects on the target. For
example, if someone were to impliment a WEP cracking exercise, using
various active scanners, what would it look like on a laptop being
targeted?

- How to detect a trojan horse or keyboard logger on your computer
using various software firewall products.

- How to detect arp poisoning and man in the middle attacks.

- How to detect spoofed or faked web pages used by phishers. Various
anti-phishing tools (Netcraft Toolbar).

- What's secure and what's not? For example, are SSL encrypted web
pages safe? POP3? SMTP? TLS? etc...

- How does SSH2 and VPN clients work when logging into a corporate
LAN?

- Intrusion Detection Systems (IDS) and what do the reports look like?
Snort.

- Is a wired ethernet network safer than wireless? (Hint: It's not).
What can be sniffed with a hub, switch, or ethernet tap?

- Once the encryption key(s) are recovered, examples of email and
documents sniffed across the network.

- What's legal and what's not? Examples of successful espionage and
legal actions.

- Rogue access points and why they're a problem.

- Cellular data sniffing.

--
Jeff Liebermann (E-Mail Removed)
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

On Thu, 17 Aug 2006 08:07:26 -0700 Jeff Liebermann <(E-Mail Removed)> wrote:

| - Is a wired ethernet network safer than wireless? (Hint: It's not).
| What can be sniffed with a hub, switch, or ethernet tap?

It is in fact somewhat safer in that it confines the scope of area one
needs to check into, as compared to wireless. But all of the security
diligence is stil necessary to be sure nothing is tapped, and nothing
is in control of something existant on the network that could be made
to act as a tap. By no means should a wired (or even fiber) network be
skipped over.

--
|---------------------------------------/----------------------------------|
| Phil Howard KA9WGN (ka9wgn.ham.org) / Do not send to the address below |
| first name lower case at ipal.net / spamtrap-2006-08-17-(E-Mail Removed) |
|------------------------------------/-------------------------------------|