| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F033F2E13@pborolocal.rnib.org.uk> From: John.Airey at rnib.org.uk (John.Airey@...b.org.uk) Subject: Reacting to a server compromise > -----Original Message----- > From: Brad Bemis [mailto:Brad.Bemis@...borne.com] > Sent: 04 August 2003 17:26 > To: James A. Cox; Jennifer Bradley > Cc: full-disclosure@...ts.netsys.com > Subject: RE: [Full-Disclosure] Reacting to a server compromise > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > In general, digital evidence and the methods used to collect > it must stand > up to tests of 'reasonableness" as determined by the > presiding judge. > > Thank you for your time and attention, > It's a little more difficult than that. Whilst IANAL, I have taken a case to the second highest Court in England and Wales (and won). This case was referred back to a lower court for a decision. The judge hearing that case refused to allow as evidence the statements made by the defendant in the preceding appeal. She then came to the preposterous conclusion that the defendant had no reason to refuse to return my goods to me, even though after three years he still wasn't returning them. (This man told the Court of Appeal that he was keeping them "to teach me a lesson"). The one good thing that came out of that was that "arbitration" hearings are now more thorough, even though they are still supposedly informal. Getting back to the point, the admissability of evidence is entirely up to the presiding judge. We all know that digital evidence is easy to fake, but what about other evidence, like fingerprints? There's a man in prison in the UK on the basis of one fingerprint found on a vase at a crime scene. This could have gotten onto this vase without him even entering the building. The best you can do is to ensure that the data you collect isn't altered and that only one person collects the data, with a colleague to act as a witness. Even then there is no guarantee that the evidence will be accepted. The evidence of two people should carry more weight than one, but there are no guarantees in taking any kind of legal action. Of course, you are allowed to appeal this but this all costs money. - John Airey, BSc (Jt Hons), CNA, RHCE Internet systems support officer, ITCSD, Royal National Institute of the Blind, Bakewell Road, Peterborough PE2 6XU, Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@...b.org.uk The trouble with postmodernism isn't just that no-one actually believes in it, but no-one can believe in it. - NOTICE: The information contained in this email and any attachments is confidential and may be legally privileged. If you are not the intended recipient you are hereby notified that you must not use, disclose, distribute, copy, print or rely on this email's content. If you are not the intended recipient, please notify the sender immediately and then delete the email and any attachments from your system. RNIB has made strenuous efforts to ensure that emails and any attachments generated by its staff are free from viruses. However, it cannot accept any responsibility for any viruses which are transmitted. We therefore recommend you scan all attachments. Please note that the statements and views expressed in this email and any attachments are those of the author and do not necessarily represent those of RNIB. RNIB Registered Charity Number: 226227 Website: http://www.rnib.org.uk
Powered by blists - more mailing lists