lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Wed, 27 Jan 2010 17:39:23 -0600
From: Rohit Patnaik <quanticle@...il.com>
To: Bipin Gautam <bipin.gautam@...il.com>
Cc: full-disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Re: Disk wiping -- An alternate approach?

I think you're confusing legal theory with legal practice.  Yes, in theory,
you're presumed innocent, and therefore the jury is required to consider
whether your box could have been infected with a virus or worm, leading to
the incriminating evidence planted on your system.  In practice, most such
theories fail Occam's razor.  What's less complex: incriminating words or
phrases are evidence of incriminating activity, or incriminating words and
phrases are planted as a way to cover up activity that wasn't
incriminating.  Even after reading this discussion, I'd have a hard time
believing that the latter was the case.

Its true that the legal system (in the USA) should find you not guilty if
there's any reasonable doubt about your guilt.  In practice, however, people
tend to think not guilty == innocent, and will convict you unless you can
make a case that is equally as strong as the prosecutor's.  Planting large
amounts of other evidence that may be incriminating, in an effort to cover
up the small amount of actually incriminating evidence does not strengthen
your case, and in fact weakens it in many ways.

-- Rohit Patnaik

On Tue, Jan 26, 2010 at 10:08 PM, Bipin Gautam <bipin.gautam@...il.com>wrote:

> Enough noise, Lets wrap up:
>
> Someone said: "Forensics requires more than merely finding a phrase or
> file on a hard drive - it requires establishing the context. If a
> court accepts evidence without that context, then the defendant should
> appeal on the basis of having an incompetent lawyer."
>
> So, any evidence/broken-text/suspicious phrases etc found in a
> computer "without meta-data" maybe USELESS........... REMEMBER.
>
>
> Having a normal OS with forensic signature ZERO would be a simple yet
> powerful project. Programmers??? it isnt difficult work..... few
> months, 1 person project.
>
> Worm defense is smart as well as deadlock at times, the prospective i
> presented can be used as a FALLBACK at times.
>
>
> Maybe something like Alice/chatterbox run through the
> free/slack/etc... space of your 1 TB harddisk is a intellectual dDoS!
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ