Shostack + Friends Blog Archive

 

Rootkit on a Stick

SS.jpg

The SnoopStick offers full realtime monitoring of another computer. It’s Vista-ready, too, which perhaps says something about Vista security, or perhaps about people who have had trouble working with Vista, or both.

Any time you want to see what web sites your kids or employees are visiting, who they are chatting with, and what they are chatting about, simply plug in your SnoopStick to any Windows based computer with an Internet connection and a USB port. SnoopStick will automatically connect to the target computer.

There is other amusing information on the web site, such as:

All SnoopStick monitoring messages are sent through our data centers, and none of the information is stored here locally at any time. Additionally, all SnoopStick messages passing through our systems are encrypted with an industry standard encryption algorithm.

Solid Oak and its employees are not able to view any SnoopStick activity sent through our networks because of the encryption used by all components of the system. You can rest assured that the information gathered by SnoopStick is only accessible by the owner of that particular SnoopStick.

What a relief! An industry-standard encryption algorithm. Wanna bet it’s in ECB mode, with known headers? And what about the IP addresses the messages are coming from, and so on. I’d love to see a security analysis of this thing. Even better would be to see what AV and anti-spyware systems will catch it, and if not then why not?

Picture of the SnoopStick shamelessly appropriated from their web site, because I didn’t want their weblogs to get the information. It’s bad enough to write about them at all.