lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
From: John.Airey at (
Subject: Reacting to a server compromise

> -----Original Message-----
> From: Brad Bemis []
> Sent: 04 August 2003 17:26
> To: James A. Cox; Jennifer Bradley
> Cc:
> Subject: RE: [Full-Disclosure] Reacting to a server compromise
> Hash: SHA1
> In general, digital evidence and the methods used to collect 
> it must stand
> up to tests of 'reasonableness" as determined by the 
> presiding judge.   
> Thank you for your time and attention,

It's a little more difficult than that. Whilst IANAL, I have taken a case to
the second highest Court in England and Wales (and won). This case was
referred back to a lower court for a decision. The judge hearing that case
refused to allow as evidence the statements made by the defendant in the
preceding appeal. She then came to the preposterous conclusion that the
defendant had no reason to refuse to return my goods to me, even though
after three years he still wasn't returning them. (This man told the Court
of Appeal that he was keeping them "to teach me a lesson").

The one good thing that came out of that was that "arbitration" hearings are
now more thorough, even though they are still supposedly informal.

Getting back to the point, the admissability of evidence is entirely up to
the presiding judge. We all know that digital evidence is easy to fake, but
what about other evidence, like fingerprints? There's a man in prison in the
UK on the basis of one fingerprint found on a vase at a crime scene. This
could have gotten onto this vase without him even entering the building.

The best you can do is to ensure that the data you collect isn't altered and
that only one person collects the data, with a colleague to act as a
witness. Even then there is no guarantee that the evidence will be accepted.
The evidence of two people should carry more weight than one, but there are
no guarantees in taking any kind of legal action. Of course, you are allowed
to appeal this but this all costs money.

John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 

The trouble with postmodernism isn't just that no-one actually believes in
it, but no-one can believe in it.


NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227


Powered by blists - more mailing lists