| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun Sep 4 05:55:35 2005 From: dave at isecureu.com (dave kleiman) Subject: RE: Computer forensics to uncover illegal internet use Steve, Inline.. > > Hate to play alwyer here but doesn't all of this get shot down by 3rd > Circuit Federal Court of Appeals decisions regarding the FBI's > Innocent Images project? It basicly shot down the concept of "you > clicked on a chold porn link therefore you're guilty." Well that applies to when it is determined that it was innocent. This could be via pop-up, trojan, or maleware of some kind. >This is all enshired in Federal > Cases. No one must admit that a good prosecutor can indioct a ham >sandwich and all that. But overall that doesn't happen. > Now Federal Prosecutors and Investigations staffs are very good at >sort of getting warrants and raiding someone's house or business and >going thru everything. But if the person doesn't scare and cop to >something they never did, then federal prosecutors generally have to >back off in cases where it is just things accumulating on disks etc. Well they do not usually prosecute ham sandwiches, BLT's maybe. I love how everyone is quick to say things just magically accumulated on their H/D. However, they tend not back of when a file structure is found with hundreds of images, often burned to CD's. > Futhermore in > states with a high privacy expectation like California there is a good > reason to say "We don't go through our customers data looking for > things out of the ordinary". One might argue it to be different it > were one's employees. However if you are offering a primo privacy > service then you can legitimately scrub disks as a part of the biz > plan. Well that may be, of course you missed the beginning of these threads, where Mr. Combs suggested after discovering contraband on and employees H/D, to make a copy of it take the copy to the companies attorney. Wipe the original and "best course of action is to purposefully falsify the record of the company's response to the incident" The full threads can be read here: http://seclists.org/lists/security-basics/2005/Sep/subject.html http://seclists.org/lists/security-basics/2005/Aug/subject.html > > Much of Law Enforcement and theiir Public Providers of services > depends on scaring people and businesses into good behavior when it is > neither necessary or ethical. My suspicion is that one can ignore this > tactic if one wishes as one is reasonably careful.. I am sure that > people will be offereing "Computer Forensics Services" to find the > scary things on your compnys disks for $500 a pop but no good reason > one has to engage in such silliness. Yes that crazy scaring people into good behavior....... Oh wait that is right only reasonably prudent people follow the law, criminals tend to not care if there is law against something, they are not scared into not committing crimes, that is why they are criminals. Kind of like the lawlessness that is occurring in the situation you mentioned below. Some people would say that the devastation has turned these people into criminals. Although, the reality is the people committing the crimes are the same ones that were committing them before the devastation. > Excuse my flipness. I just got through friends caught up in this call > people stranded and alone by the hurricane in the SOuthland and all > these other things do ring silly right now. > Regards, Dave
Powered by blists - more mailing lists