lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <6a5e46471001252036m716330f8maca87ea504b812ba@mail.gmail.com>
Date: Mon, 25 Jan 2010 22:36:50 -0600
From: Rohit Patnaik <quanticle@...il.com>
To: "Thor (Hammer of God)" <Thor@...merofgod.com>
Cc: full-disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Re: Disk wiping -- An alternate approach?

Yep, that's precisely what I was trying to get across.  If the data is on
your machine, its presumed to be yours unless you can prove that there's
cause to believe that someone else put it there.  This dovetails nicely with
what I was saying above, i.e. the prosecutor is out to convict you.  He or
she is going to whatever data he or she can find in order to do that.  The
solution do this is not to plant more incriminating data, but to wipe out as
much data as possible, giving the prosecutor no hooks to hang a case on.

--Rohit Patnaik

On Mon, Jan 25, 2010 at 10:27 PM, Thor (Hammer of God) <Thor@...merofgod.com
> wrote:

> It depends on what you define "plausible deniability" as.  Sometimes it
> just doesn't matter.  At an industry event here in Seattle, a guy working
> for the state prosecutors office was speaking on this very subject - that of
> forensic collection of data on a system and the "presumption" of guilt.
>
> I posed the question of "how do you know that the data actually originated
> from actions of the user as opposed to someone who could have been using the
> system for their own means, or someone trying to plant false data?  How do
> you prevent one from impugning your findings?"
>
> He said, "Well, we're not stupid."  I'm serious. I was extremely
> disappointed in that answer, and it basically said, "it doesn't really
> matter what we find on the system- we're not stupid, and if the data is
> there, it means you did it."  I was appalled.
>
> All you have is "deniability."  This method doesn't make it "plausible" to
> anyone but you, which doesn't matter.  If you want any level of meaningful
> "plausible deniability" then leave your wireless open and have your system
> riddled with bots.
>
> t
>
> > -----Original Message-----
> > From: full-disclosure-bounces@...ts.grok.org.uk [mailto:full-
> > disclosure-bounces@...ts.grok.org.uk] On Behalf Of Bipin Gautam
> > Sent: Monday, January 25, 2010 7:42 PM
> > To: E. Prom
> > Cc: full-disclosure
> > Subject: Re: [Full-disclosure] Disk wiping -- An alternate approach?
> >
> > ok, this all adds nothing but another layer of plausible deniability
> > to ANY data found in your computer....
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ