| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed Aug 17 08:55:23 2005 From: jasonc at science.org (Jason Coombs) Subject: Re: pnp worm unknown variant - post infectionactions Aditya Deshmukh wrote: > suppose we have VNC installed and that is used to take control of the > computer and the actions show up as done by the user - would it not be > caught by law enforcement ? What, you expect them to take an inventory of all of your installed software? You think there are "scientific standards" for "computer forensic" examinations? Are you expecting law enforcement to also be expert infosec gurus and do exhaustive searches through hundreds of gigabytes of data looking for the needle in the haystack? What about Metasploit, which will gladly inject a RAM-only WinVNC server and give complete remote control without "installing" WinVNC anywhere on the hard drive? If your Windows box gets owned by such a thing, and you end up accused of the crimes that the attacker committed while they were in control of your box, you can kiss your ass goodbye. This is what I'm trying to correct. And I'm not alone, but I am in the minority. Your help would be most welcome, but I honestly don't know what you can do... Just be aware, gather proof that "computer forensics" as it is practiced today has very serious flaws, and tell others. I predict that we will see a wave of convictions overturned, and prisoners released, based on faulty computer forensic evidence, that will make wrongful convictions based on faulty DNA evidence seem insignificant by comparison. Regards, Jason Coombs jasonc@...ence.org
Powered by blists - more mailing lists