[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20030805094357.F11114-100000@dekadens.ghettot.org>
From: lcamtuf at coredump.cx (Michal Zalewski)
Subject: [inbox] Re: Reacting to a server compromise
On Mon, 4 Aug 2003, Curt Purdy wrote:
> Actually the traditionally accepted court evidence is real-time printouts of
> data received by the syslog server.
So what would stop anyone from replacing some of the printouts after the
fact?
It's pretty much as insecure as log files in terms of being susceptible to
tampering with by the alleged victim (although less susceptible to remote
manipulation by the attacker after the fact, true).
--
------------------------- bash$ :(){ :|:&};: --
Michal Zalewski * [http://lcamtuf.coredump.cx]
Did you know that clones never use mirrors?
--------------------------- 2003-08-05 09:43 --
Powered by blists - more mailing lists