| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 3 Oct 2005 13:58:46 -0500 (CDT) From: "L. Adrian Griffis" <agriffis@...systems.com> To: "Lachniet, Mark" <mlachniet@...uoianet.com> Cc: bugtraq@...urityfocus.com, htcia@...ia1.securesites.net Subject: RE: Careless Law Enforcement Computer Forensics Lacking InfoSec Expertise Causes Suicides On Sat, 1 Oct 2005, Lachniet, Mark wrote: > ML: Based on all of this, I'm not yet convinced by your arguments > (though I look forward to clarification from you to possibly change > this) that the system really is slanted that terribly agains the > defendant. Unless there is some systemic problem that bypasses the > intent of due process, I don't see how it is that much different from > other types of crime in its prosecution. I think you are right that ultimately, the legal system needs to handle this sort of case within its normal processes. But in the sort term, my fear is that most people have no idea just how vulnerable internet exposed MS Windows systems typically are. I've explained to many people that if they connect their new Windows systems to their cable modems without the benefit of firewalls, that in very short order their systems are likely to be broken into, and some sort of malware will be installed. I've explained that the fact that their systems continue to work just fine doesn't mean that their systems are unmolested. I've pointed them to various documents at the Honeynet Project to help convince them that the dangers I warn them about are real. Most of them remain convinced that as long as they can surf and check their email that there is no need to change what they are doing. To these jury members who are already in denial about the dangers they face on the internet, the defense arguments that someone else may have downloaded the images onto the defendant's computer or that someone might have used some other trickery to discover the defendant's credit card number might be unconvincing, simply because they don't want to accept the dangers that they, themselves, face. Some jurisdictions already have rules to protect against evidence that might not be reliable. For example, testimony from an unindicted co-conspirator is often unacceptable unless there is some other corroborating evidence. Perhaps there should be requirements of evidence that the defendant actually purchased or downloaded the images before evidence about the presence of those images on the defendant's computer can be admitted. Adrian ----------------------------------------- This e-mail and any attachments are intended only for the individual or company to which it is addressed and may contain information which is privileged, confidential and prohibited from disclosure or unauthorized use under applicable law. If you are not the intended recipient of this e-mail, you are hereby notified that any use, dissemination, or copying of this e-mail or the information contained in this e-mail is strictly prohibited by the sender. If you have received this transmission in error, please return the material received to the sender and delete all copies from your system.
Powered by blists - more mailing lists