| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <7018930.1134936639621.JavaMail.teamon@bda055-cell00.bisx.prod.on.blackberry>
Date: Sun Dec 18 20:11:08 2005
From: jasonc at science.org (Jason Coombs)
Subject: Re: Guidance Software Customer Database Hacked?
Guidance Software is an unethical company driven by greed.
They truly do not care that their products and their training are flawed.
Guidance cares only that its products sell, and for them to sell as widely as possible they need to convince law enforcement agencies that in order to do 'computer forensic investigations' you need to license their products.
Has this resulted in wrongful convictions of innocent persons based on Guidance Software's brand of flawed computer forensics? Absolutely, yes. Does Guidance care? Absolutely, not.
There needs to be a death penalty for corporations.
Regards,
Jason Coombs
jasonc@...ence.org
-----Original Message-----
From: "dave kleiman" <dave@...cureu.com>
Date: Sun, 18 Dec 2005 11:23:38
To:<computerforensics@...ensicfocus.com>
Cc:"'Samuel Norris'" <liusiguang@...oo.com>
Subject: RE: Guidance Software Customer Database Hacked?
Samuel,
Inline......
Dave,
> Does anyone know the if the user database at Guidance
software was
> truly hacked?
>
An associate received the same letter that you cite,
and called the phone number that was given with the
lettter. He got what he called 'grudging
confirmation'. As a side note, he was as concerned
that they had retained his credit card information for
2 years as he was about their getting hacked. It is
pretty much all over the Net. now, including the UK.
That is right they , should only keep that data at the customers request.
Additionally, under those circumstances, keep it in a separate **ENCRYPTED**
database from the customer personal information.
As for their notification letter, their headquarters
are located in Pasedena, CA. As a CA corp., they are
required by CA law to notify all those affected when a
security breach occurs - don't let them fool you, they
had to contact.
I know they had to....my big concern is... It happened in November, they did
not discover it until Dec., then they decide to notify "only" by postal mail
(as required by CA law). They are a incident response / forensic company,
you think they would know and value the importance of getting the word out
quickly.
Being an investigative kind of guy, if find it
interesting from a customer volume standpoint tnat
their 'customer base' is only 3,800+. If you buy into
their 'best thing since in-door plumbing' marketing,
one would think that those numbers would be higher.
Remember, a lot of their business is large corporations and Law Enforcement
agencies, most of which do business by P.O., I understand it was only their
CC customer database that was hacked.
> It would be nice to hear something from Guidance.
> If they are trying to be
> hush hush about it, I think it would cause more
> damage than putting the
> cards on the table.....
>
It would be totally out of character, in my opinion,
for them to make a public disclosure. They can't even
admit that their product has problems.
You mean like this... gathered from several message boards...mailing lists
etc..
----------------snip------------------
"I have a case involving a lot of deleted files, I examined the drives using
4.22a and 5.04a. Version 4 shows me dozens of deleted files and directories
in the recycle bin, version 5 only shows me a fraction of the files. I
called Guidance software and talked to some guy from England who is going to
call me back, but he had no clue why one version would show so many more
files in the recycle bin than the other....
...It isn't just pix files, there are a lot of files of all types showing in.
4 that are not showing in 5...."
According to EnCase Tech Support, any deleted file listed in V4 may or may
not be displayed in the correct place in regard to its location within the
file structure.
******* So, if you've testified or reported regarding the location of a
deleted file and it's meaning using V4, you might or might not have been
telling the truth.******
Essentially, according to Tech support, when using V4 one can not say with
any certainty regarding the location of any deleted file shown V4.
They said there was a white paper regarding the issue that they would send
me.
After several emails and phone calls the best I'm able to get out of the
EnCase geeks in regard to this issue is that the location of deleted files
within the file structure in V4 might be as shown by V4, or, it might be
incorrect in where it shows the files located in regard to the file/folder
structure.
As far as V5, it is more "accurate" in where it shows deleted files located
within the file structure but keep in mind that "certain assumptions" are
still being made in placing those files.
Oh, and there is no "White Paper" regarding this issue as I was told
originally."
Just wanted to add that we found the same problem with unreported deleted
files in Enterprise version 5 . We went back to 4 because of this problem
and the instability exhibited in 5. Calls to EnCase said they had not heard
of any problems? They seem to be getting a bit too big for their britches
and their quality control has gone out the window. I suggest you stick to
v.4 for a while.
----------------snip------------------
Regards,
Samuel Norris
Center for Digital Forensic Research, Inc.
Regards,
Dave
Forensic Focus (http://www.forensicfocus.com) email list addresses:
Post message: computerforensics@...ensicfocus.com
Help address: computerforensics-help@...ensicfocus.com
Unsubscription address: computerforensics-unsubscribe@...ensicfocus.com
.
Powered by blists - more mailing lists