lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <optid.164275184e.A876923A2C9CD44BA76505F58ECF089D0C9926@gandalf.optimum.bm>
Date: Tue, 26 Jan 2010 04:27:00 +0000
From: "Thor (Hammer of God)" <Thor@...merofgod.com>
To: Bipin Gautam <bipin.gautam@...il.com>, "E. Prom" <e3prom@...il.com>
Cc: full-disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Re: Disk wiping -- An alternate approach?

It depends on what you define "plausible deniability" as.  Sometimes it just doesn't matter.  At an industry event here in Seattle, a guy working for the state prosecutors office was speaking on this very subject - that of forensic collection of data on a system and the "presumption" of guilt.  

I posed the question of "how do you know that the data actually originated from actions of the user as opposed to someone who could have been using the system for their own means, or someone trying to plant false data?  How do you prevent one from impugning your findings?"

He said, "Well, we're not stupid."  I'm serious. I was extremely disappointed in that answer, and it basically said, "it doesn't really matter what we find on the system- we're not stupid, and if the data is there, it means you did it."  I was appalled. 

All you have is "deniability."  This method doesn't make it "plausible" to anyone but you, which doesn't matter.  If you want any level of meaningful "plausible deniability" then leave your wireless open and have your system riddled with bots. 

t

> -----Original Message-----
> From: full-disclosure-bounces@...ts.grok.org.uk [mailto:full-
> disclosure-bounces@...ts.grok.org.uk] On Behalf Of Bipin Gautam
> Sent: Monday, January 25, 2010 7:42 PM
> To: E. Prom
> Cc: full-disclosure
> Subject: Re: [Full-disclosure] Disk wiping -- An alternate approach?
> 
> ok, this all adds nothing but another layer of plausible deniability
> to ANY data found in your computer....
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ