lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <Law11-OE41ljYWDuNeP00001473@hotmail.com>
From: se_cur_ity at hotmail.com (Hotmail)
Subject: Break-in discovery and forensics tools

> It would be quite simple for an attacker to modify or delete the logs on
> most operating systems.  That being said, some organizations take steps
> to protect the integrity of their logs.  A central syslog server is
> typically used and in some cases I have even seen logfiles on that
> central server digitally signed, encrypted and stored on some sort of
> write once/read only (ie: CDR) media.  I have even seen some go as far
> as tunneling this traffic over SSH.
>
you can alter logs as simply as using a proxy to cache and inserting ann ip
before it gets logged even on a syslog server. What I am saying is no
electronic data capture evidence can be used.. period.  It's not even "real"
facts. Thats the isue here
wood
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ