lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <Pine.GSO.4.58.0510052119070.23452@kungfunix.net>
Date: Thu Oct  6 02:23:01 2005
From: sil at infiltrated.net (J. Oquendo)
Subject: Re: Careless LEO Forensics and Suicides


On Mon, 3 Oct 2005, Stefano Zanero wrote:

> I would add that in some cases even "sharing" these files on
> peer-to-peer networks can be an innocent act, for instance if you
> bulk-download them from a user, and before inspecting their content
> someone downloads them from your shared folder.

This seems to be one of the problems with P2P networks along with clueless
(l)users who end up downloading viruses, worms, malware, spyware,
scumware, INSERT_OTHER_ware. It is something that can also be used as an
excuse by someone who was actually downloading something he or she
shouldn't have been downloading. For one thing, P2P is still tip-toeing
through legal issues here and there, but to think that someone won't use
that as a defense would be moronic. In fact I wonder how many subscribers
here will be looking into the legalities of this for legal matters
pending.

> In Italy, "trading" this type of material is a distinct charge from
> "owning" it.

This is both a pro and a con as well. Supposing someone visited you, say
an old college buddy. Let's say he didn't like you much and dropped a USB
Key with 512mb of crap on it. Officials come and arrest you. It would be
difficult to prove it is not yours at least over here in the US it would
be, if that person who dropped the USB key took the time to do it right.
Consider that same person now selling those USB keys. I'd prefer to see
the seller (if proven to be guilty of selling that crap) have his weiner
lopped off. The person in possession however is more trivial. Is it really
their's? Do they have psychological problems?


> > I ask you this question: why doesn't law enforcement bother to conduct
> > an analysis of the computer evidence looking for indications of
> > third-party intrusion and malware?
>
> I have asked the same question to law enforcement personnel, but with no
> satisfactory answers for now.

It's not in their best interest to do so. Many tend to forget law
enforcement is a business just like any other. Budgets have to be met and
far too often it would be IN their best interest to 1) keep their quotas
in order, 2) keep their budgets met with "Oh my gosh, we have
10,000,000,000,000,000 more cyber child porn cases this month... We're
underfunded and need more money"

> > There is simply no way for law enforcement to know the difference
> > between innocent and guilty persons based on hard drive data
> > circumstantial evidence.

Actually there are ways it takes some time to sift through the garbage. I
will give you an example of something I KNOW happened. In a semi-recent
case concerning computer intrusion, the defendant was sentenced to prison
for "hacking into his former employer." What the feds either didn't take
time to realize - or didn't care about - was that at the time of the
alledged attack, the defendant was on a plane. Defendant even had plane
tickets to prove this. It never came out in court though. DA's shot it
down because "after all the hacker was telekinetic anyway". Appeal? Don't
bother asking.

As for people committing suicide, I believe those who did commit suicide
actually were in possession with intent. If not why commit suicide. I
would have fought tooth and nail.

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
GPG Key ID 0x97B43D89
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x97B43D89

"How a man plays the game shows something of his
 character - how he loses shows all" - Mr. Luckey

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ