lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
From: Michael.Simpson at inveresk.com (Michael Simpson)
Subject: AV companies better hire good lawyers soon.

http://www.theregister.co.uk/2003/10/17/teen_hacker_is_not_guilty/

>Neil Barrett, an expert witness for the prosecution, said that Caffrey's 
machine showed no trace of the tell-tale signs that would be left by such 
an >attack but today's verdict, shows that this did not persuade the jury. 


http://www.theregister.co.uk/2003/10/28/suspected_paedophile_cleared_by_computer/

suppose the problem is yet again due to difficulties in transferring tech 
concepts into non-tech peoples' understanding
but in view of precedents set

if one was to be undertaking some action that may be illegal wherever then 
presumably, at least in uk, by running open axs wifi network node one 
could use the "h4x0rs made my windoze boxen do it through the magic of 
mysteriously vanishing trojans helpfully installed through the wide open 
access point that i failed to secure coz i'm a tard" defence

reminds me of my fist time through first year at university
i was in the pub for about 10 months solid that year and would have been 
kicked out after failing one of my resits BUT through total serendipity i 
had managed to acquire an active Epstein-Barr infection (glandular fever 
or infectious mononucleosis /"mono") at some point from kissing some girl 
and thus was provided with another chance for medical reasons. Hadn't 
suffered any symptoms from it but had proof of both it's existence within 
me and of recent infecton so the uni council had no option but to let me 
back in just becoz i was stupid enough to catch a passing infection that 
was in the wild

crazy world

>"Physician, do no harm"

you've got to be joking
the actual line is either physician, heal thyself (which is a joke and a 
bad one at that)
or 
primum non nocere - first not pain (give em a big whack of the good stuff 
before starting the damage)
but nowhere in the any ethics i was taught did they mention "no harm"
"least harm" yes, even "least harm for society"
but not "no harm", god no
stay away from all health professionals as they are all dangerous to your 
wellbeing, except for physiotherapists
cf Ivan Illich : medical nemesis 1976

mikie




Frank Knobbe <frank@...bbe.us> 
Sent by: full-disclosure-admin@...ts.netsys.com
14/09/2004 18:11

To
full-disclosure@...ts.netsys.com
cc

Subject
Re: [Full-Disclosure] AV companies better hire good lawyers soon.






> * Jason Coombs PivX Solutions:
> > I work as an expert witness in addition to being an infosec
> > researcher, etc. and you would not believe how terrible the quality of
> > computer forensics is in the real world today. To begin with, are you
> > aware that people are going to prison in the U.S. for nothing more
> > than having a compromised Windows box in their possession?

Could you please cite a case and precedent where this has happened? 

As far as I remember, someone got acquitted in the UK _because_ he was
in possession of a compromised Windows box. I would assume the same
could be argued here in the States.

Which side were you on? Did you testify for the prosecution and put the
guy away for his compromised box? Or did you fail to defend him?

BTW: If you are in IT forensics, why are you complaining about the
quality of it? Are you trying to improve it but struggle with it, or hit
road-blocks? Or is this just frustration in dealing with these issues on
a daily basis?

Cheers,
Frank
(having testified on forensics in a court of law myself)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/octet-stream
Size: 193 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040915/d3337ae5/signature.obj

Powered by blists - more mailing lists