Remotely viewing the Internet activity on another computer

As long as you have an account on the computer, and the computer is linux or Mac (unix), and it is an admin account, this is what you can do:

First, you will need to be on the computer and enable remote access. On a mac, it is not enabled by default.

STEP 1 : Enable Remote Login on subject computer

Hit Splat (⌘) -spacebar, type ‘terminal’, and hit enter.  A bash shell will open.  Welcome to command line 🙂  Enter the following command (the ‘>’ denotes a prompt.  Don’t type that):

> systemsetup -setremotelogin on

 

STEP 2 : Figure out its IP address

While you are in terminal, get the IP address:

> ifconfig | grep ‘inet ‘

This will get you the IP address of the machine.  It’s not 127.0.0.1.  It’s the other one 🙂

If it changes later, from your terminal window on your own mac you can scan the network and find it with this:

> sudo nmap -sP 192.168.2.1/24

NOTE: 192.168.2.1 might not be your IP address range.  Whatever the IP address is that you located earlier, change this so it’s right.  

STEP 3 : Access the subject computer remotely

Now, from the terminal window on your mac, open a shell to the other mac, the one you are surveilling, using the ipAddress that you discovered in step 2:

> ssh yourUserNameOnOtherMachine@ipAddress

Next you will be asked for a password.  It won’t see the usual Password: •••••••• where a bullet appears with each keystroke.  You’ll just see Password:•  But don’t worry, your keys strokes are going in.

Monitoring

Now that you are connected, there are a few interesting things you can do.  When it comes to the tcpdump command, these commands are simplistic and just the tip of the iceberg of what it can do.

DNS Requests

This command will get you DNS calls.  Whenever the subject opens a new page or browses to a new website, you will see stuff here:

> tcpdump -vvv -s 0 -l -n port 53

control (^) – c to quit

 

HTTPS Requests

This one will get all HTTPS headers so you can see what websites are being accessed, as they are accessed, and basically every request sent out (somewhat noise).  Since it is HTTPS, you won’t be able to see the exact request, you’ll only see the site being accessed.  Google and Youtube properties all look like they are from 1e100.net.

> sudo tcpdump dst port 443

HTTP Requests

> sudo tcpdump dst port 80

You can open multiple windows and run both.  

Good luck, and don’t forget:  accessing a system that you neither have permission to access nor own is ILLEGAL.  Spy on your SO at your own risk. I won’t go into the morality of spying on your children or employees.  It’s too murky and really depends on the situation.

Looe Key Reef Resort – Florida Keys on Ramrod Key, Florida – Review

Last year, in early June of 2014, my son (12 at the time) and I took a birding expedition to Florida.  We started in Jacksonville, and worked our way all the way down to the Dry Tortugas over a period of 13 days.  One lodging location stood out, beneath all the rest.

After over a year of submitting my initial review to Expedia, I received the notification from them that it was finally published.  I went to the site to see it, but it wasn’t there.  Here is my unabashed, honest review of possibly the shittiest roadside roadhouse roach motel at which I’ve ever been misfortunate enough to be tricked into staying.

In short: Filter flies, ants, a frog and a loud tiki bar outside my door, people screaming obscenities until well after midnight

I will spare you the narrative and just make a list of all the problems of this “resort.” Make no mistake – this is a motel. It is not a resort by any stretch of the imagination. It is not “modest” – it is a hole in the ground. These items are listed in no particular order:

1. Filter flies in the bathroom
2. We actually woke up one morning to a giant tree frog in the toilet
3. No 24 hr reception
4. ants in the room (the real little ones)
5. bare bulb fixtures
6. Weak security (mechanical key, doorknob based with door swinging outward (hinges on the outside and an easy-pry latch)
7. The “tikki” bar is less than 100 feet from the rooms at the one end of the motel, and it is LOUD.
8. 80 – 99 Db noise from bar until 11:15 PM on the weekends, 10 pM weeknights.
9. If you come in at the wrong time, parking is non-existent because this is a local bar hangout. So you have sit and wait for someone to leave. The only other option is to park illegally on the highway.
10. The bathroom sink had a very, very slow drain,
11. The shower floor had not been cleaned prior to our use of the room. It was slippery, and had a nice big wad of hair in the drain.

The Food:

We didn’t try the food. That seemed like a bad idea.

The overall hotel ambiance:

This hotel is disgusting. It is a pit, and it is NOT a place for children. The band plays music with “F* you” in the lyrics and they play it loud, and repeatedly, and long, and the bar-goers scream it at the top of their lungs, right along with the band. Here is the really frightening part: These guys have a SCUBA shop attached to their motel, and offer “resort” dives. If this is how they take care of their rooms, how well do you think they are taking care of their dive equipment?

The room looked nice on the Internet. The Internet is a liar.

The Solution:

The problems I found here could easily be repaired by a few big yellow bulldozers, new ownership and management, and a new building.

Key West is not too far away. The Yankee ferry ride out to the Dry Tortugas was great, and yielded the most awesome snorkeling you could want.

How to transmit passwords, securely

Put it in a text document, zip it with encryption, print out the binary data, send it via morse code, type it into a raw file and saved as a zip, then repeat the same procedure (with a new password) to get the password to the zip file.  now you have two zip files, and the second zip file has, in it, the password to the first zip file.  Keep doing this for all eternity, until the universe contracts to a single point.  Continue until arriving at the first password you entered.  Now, reverse time and, with the password in possession, travel backward through the beginning of time, through to the end of the previous universe, all the way back to when the first password was sent to you.  The password you have in hand should open the file.

I have commenced construction of a box that will do this, but it might take me five or six universal cycles to completely debug.

Now, the complexities of time travel aside, why wouldn’t this procedure work?

How to be [mostly] Secure

I often wonder about security. Recent news, where people are saying things about breaches like “it can’t be prevented”, “you will be hacked” and “If you want to be connected, you need to be protected” makes me really ponder whether or not certain devaluation tactics might not be the best thing to do.  After all, if having knowledge of what you are about to do is enough to destroy you, then you might be in the wrong line of work.  Clearly, then, these tactics won’t work for those whose lives are founded upon cowardice and sneakiness.

  1. Dismantle your email systems.  Use Jabber or some other point-to-point secure chat for all communications. Smash your phone.
  2. Use a secure file drop to securely draft and share documents.  Let security be their problem.
  3. Publish all previous emails from everyone in your company.
  4. Publish all salaries.  Be truthful.  If you lie, eventually someone will talk.
  5. Refresh your computer every hour.  Do not store ANY data locally.
  6. reset your password at the beginning of every hour. Heck, write a code that will refresh it every 10 minutes.  You don’t need to know it, you are resetting everything in an hour.
  7. Change operating systems every day.
  8. Perform any sensitive work at the beginning of the hour, right after a refresh and password reset.
  9. Publish all of your financial information.
  10. Post your credit report online.
  11. Any computer that is not in use for more than 15 minutes should power down and auto-air gap (lest the hackers hack WOLAN).
  12. Make multiple videos of yourself in compromising situations and post them online.  Better yet, get a distant friend to do it for you – someone who nobody can connect to you (I happily volunteer myself for this).
  13. Expose your desktop.  Broadcast a live feed of your desktop.  Let everyone see what you are doing.
  14. Expose your self and publish on the internet.  This will of course only work if EVERYONE does it.  Let’s face it, if every hollywood actress posted nudes on the internet, nobody would care anymore.

Does all of this seem ridiculous?  What if everyone did this?  What would there be left to litigate, I wonder…it should be obvious I am being somewhat tongue in cheek.  There are of course things I do online that I don’t want anyone to know.  But if the world did find out, frankly I doubt they would mind.

If I ever start my own company, I may try this out.  I may keep all systems completely public and all conversations would be mandatory public, even salary negotiations.

 

Bonus materials

When I wrote the line about smashing your phone, it reminded me of this.  Here is a fun little email exchange I had once with someone about phones:

To: several coworkers:

Subject: I understand that you all look to me for leisurership in these technical matters, so here it goes…

Body:

I apologize for the confubulation earlier when we were chattering  by the waker upperer maker.  Allow me to clarsify. The thinga majobber doodad on the squawk box is connected to the whirly curly doodad, which attaches to the bobble doohicky, on which there is a dipswitch thingamajigger.  This attaches to the ringer thinger dinger.  You push the little numerified bicker tickers on the thinga majobber doodad to yackify a whatsit to some whosit on their blinking squawk box. Once you are yackified to the whosit, you yack into the ringer thinger dinger or get yacked at, depending on whether you are a dooz-its or a says-its.

 

Thanks you,

Scott

Whatsit Architect