Re: [Full-disclosure] Standing Up Against German Laws - Project HayNeedle
On Nov 11, 2007, at 1:26 PM, Duncan Simpson wrote: The signal-to-noise logic probably does work, but I am not sure the legal angle does. If you were *deliberately* ran the software that acidently downloaded that kiddie porn the suggested angle might not work. That's been an ongoing question for me with regards to things like TOR gateways. As has been recently posted on Risky Business[1] and The Age[2], TOR doesn't prevent sniffing of the traffic leaving its gateway. If a running gateway connects to a server with "information of interest" - child porn, bomb making information, a known criminal forum - that brings authorities investigating to your house, it isn't a very good way to cover ones own tracks with noise. On a similar note, randomly connecting and pushing network data may create noise that obscures important data, but it may be easily filtered out from the logs during analysis. A law requiring log data to be retained for 6 momths should be a major problem to enforce. Last time I think the UK mooted this it did not happen (disclaimer: this might have been a trial balloon designed to generate flak). My reaction at the ISP end was "OK, will you buy us the extra hardware required?" with the intention the answer would be "no" and the plan quietly killed. (Thinking that plain daft things will not be enacted is not always reliable, unfortunately). That's been my first question as well. Storage, at least for compliance purposes, has gotten cheaper. 6 months of log data for most ISPs will still be under the 500GB range of disk. The harder part of the stored logs is making it easily analyzed and relevant. There are, of course, several companies in the data retention compliance arena already, most have offerings for PCI, SOx and HIPAA. It's not a stretch to think there are smaller offerings to handle this German laws lighter retention requirement for logs. [1] http://www.itradio.com.au/security/?p=48 [2] http://www.theage.com.au/news/security/the-hack-of-the-year/ 2007/11/12/1194766589522.html
Re: [Full-disclosure] Standing Up Against German Laws - Project HayNeedle
I know this is obvious to everyone on bugtraq, but nobody seems to that told P.S.Ziegler yet. (He might or might not be aware of these facts). If the report is right and logs recoriding you connecting and obtaining an IP address are a concern then you should be terrified already. I suspect that I could reconstruct much of what you did online given access to all the asssociated logs. Getting an IP address from a DHCP server and using almost any other service whatsoever usually generates at least an IP address and timestamp. Bind 9 has logs, and they are on by default, so big brother might be able to deduce a lot just using your ISP's DNS logs. When I say that I got this spam from IP address X at time Y, and give full headers to back this up, most ISPs work out who was responsible and nuke their account. I do not think the "a virus sent that spam not me" or "nobody told me not to send spam" line is very effective. If you allowed a virus to send spam then the internet does not need your box. Period. The signal-to-noise logic probably does work, but I am not sure the legal angle does. If you were *deliberately* ran the software that acidently downloaded that kiddie porn the suggested angle might not work. A law requiring log data to be retained for 6 momths should be a major problem to enforce. Last time I think the UK mooted this it did not happen (disclaimer: this might have been a trial balloon designed to generate flak). My reaction at the ISP end was "OK, will you buy us the extra hardware required?" with the intention the answer would be "no" and the plan quietly killed. (Thinking that plain daft things will not be enacted is not always reliable, unfortunately). Of course the "hand over your keys" law is a lot less effective tbat the government thinks. If an hour has passed they can have my host private key then I no longer have one of the keys required. -- Duncan (-: "software industry, the: unique industry where selling substandard goods is legal and you can charge extra for fixing the problems."
Re: [Full-disclosure] Standing Up Against German Laws - Project HayNeedle
Hi, Am Samstag, 10. November 2007 19:53 schrieb Jan Newger: > > NO! This is totally WRONG! The only thing which is logged, in the case > of internet connectivity, is your IP you got from the ISP. Not even > connections are logged! This is important to understand since many > people are misinformed this way. Read > http://www.vorratsdatenspeicherung.de/content/view/78/86/lang,de/#Umsetzung >_in_Deutschland 1. That document is not quite up-to-date. I don't think there were any improvements in the actually passed law, though. 2. The IP is not "the only thing which is logged". Besides telephone and SMS/MMS connections the following is logged: - for internet connections (i. e. dial-in or equivalent): - IP number - connecting user (i. e. the calling phone number, ppp userid or equivalent) - Timestamp - for email - sender and recipient address of every email (logged on sending as well as receiving servers) - IP address(es) accessing a mailbox - timestamps for both of the above - for anonymizing services (!): - original and anonymized identifiers (e. g. IP or email address) - timestamps So much for "Einigkeit und Recht und Freiheit". Bye, Peter -- Peter ConradTel: +49 6102 / 80 99 072 [ t]ivano Software GmbH Fax: +49 6102 / 80 99 071 Bahnhofstr. 18 http://www.tivano.de/ 63263 Neu-Isenburg Germany
Re: [Full-disclosure] Standing Up Against German Laws - Project HayNeedle
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Paul Sebastian Ziegler wrote: > > Dear Infosec community, > > > > as most of you may have heard the German government passed a law today > > that will lead to all connections being logged for 6 months. This > > includes phone calls as well as all internet connections. NO! This is totally WRONG! The only thing which is logged, in the case of internet connectivity, is your IP you got from the ISP. Not even connections are logged! This is important to understand since many people are misinformed this way. Read http://www.vorratsdatenspeicherung.de/content/view/78/86/lang,de/#Umsetzung_in_Deutschland greetz Jan
