[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.61.0510031336170.7303@dt26453.dstsystems.com>
Date: Mon, 3 Oct 2005 13:58:46 -0500 (CDT)
From: "L. Adrian Griffis" <agriffis@...systems.com>
To: "Lachniet, Mark" <mlachniet@...uoianet.com>
Cc: bugtraq@...urityfocus.com, htcia@...ia1.securesites.net
Subject: RE: Careless Law Enforcement Computer Forensics Lacking InfoSec
Expertise Causes Suicides
On Sat, 1 Oct 2005, Lachniet, Mark wrote:
> ML: Based on all of this, I'm not yet convinced by your arguments
> (though I look forward to clarification from you to possibly change
> this) that the system really is slanted that terribly agains the
> defendant. Unless there is some systemic problem that bypasses the
> intent of due process, I don't see how it is that much different from
> other types of crime in its prosecution.
I think you are right that ultimately, the legal system needs to
handle this sort of case within its normal processes. But in the
sort term, my fear is that most people have no idea just how vulnerable
internet exposed MS Windows systems typically are. I've explained to
many people that if they connect their new Windows systems to their
cable modems without the benefit of firewalls, that in very short
order their systems are likely to be broken into, and some sort of
malware will be installed. I've explained that the fact that their
systems continue to work just fine doesn't mean that their systems
are unmolested. I've pointed them to various documents at the Honeynet
Project to help convince them that the dangers I warn them about are
real. Most of them remain convinced that as long as they can surf and
check their email that there is no need to change what they are doing.
To these jury members who are already in denial about the dangers they
face on the internet, the defense arguments that someone else may have
downloaded the images onto the defendant's computer or that someone
might have used some other trickery to discover the defendant's credit
card number might be unconvincing, simply because they don't want to
accept the dangers that they, themselves, face.
Some jurisdictions already have rules to protect against evidence that
might not be reliable. For example, testimony from an unindicted
co-conspirator is often unacceptable unless there is some other
corroborating evidence. Perhaps there should be requirements of
evidence that the defendant actually purchased or downloaded the
images before evidence about the presence of those images on the
defendant's computer can be admitted.
Adrian
-----------------------------------------
This e-mail and any attachments are intended only for the individual or
company to which it is addressed and may contain information which is
privileged, confidential and prohibited from disclosure or unauthorized use
under applicable law. If you are not the intended recipient of this
e-mail, you are hereby notified that any use, dissemination, or copying of
this e-mail or the information contained in this e-mail is strictly
prohibited by the sender. If you have received this transmission in error,
please return the material received to the sender and delete all copies
from your system.
Powered by blists - more mailing lists