On Tue, 05 Aug 2003 09:45:59 +0200, Michal Zalewski said:
> On Mon, 4 Aug 2003, Curt Purdy wrote:
>
> > Actually the traditionally accepted court evidence is real-time printouts o
f
> > data received by the syslog server.
>
> So what would stop anyone from replacing some of the printouts after th
On Tue, 5 Aug 2003, Curt Purdy wrote:
> The key here is to have the paper handled by only one person and witnessed
> by another and the access to that paper by only that person.
[...]
On Tue, 5 Aug 2003 [EMAIL PROTECTED] wrote:
> It's kind of hard to replace sheet 1,487 from a box of fanfold pa
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of
> Curt Purdy
> Sent: Wednesday, 6 August 2003 1:28 p.m.
> To: 'Michal Zalewski'
> Cc: 'Jennifer Bradley'; [EMAIL PROTECTED]
> Subject: RE: [inbox] R
y'; [EMAIL PROTECTED]
Subject: RE: [inbox] Re: [Full-Disclosure] Reacting to a server
compromise
On Mon, 4 Aug 2003, Curt Purdy wrote:
> Actually the traditionally accepted court evidence is real-time printouts
of
> data received by the syslog server.
So what would stop anyone from
On Mon, 4 Aug 2003, Curt Purdy wrote:
> Actually the traditionally accepted court evidence is real-time printouts of
> data received by the syslog server.
So what would stop anyone from replacing some of the printouts after the
fact?
It's pretty much as insecure as log files in terms of being su
> HIPAA has made it a new world. The attorneys are already salivating and
> trying to dig up any potential "victims" they can find, look to Arizona as
> an example. Since this box was used to attacke doctor's records, there is a
> good chance it's tracks will be found. This guys got two options
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Aron
Nimzovitch
Sent: Sunday, August 03, 2003 12:28 PM
To: [EMAIL PROTECTED]
Subject: [inbox] Re: [Full-Disclosure] Reacting to a server compromise
No good deed goes unpunished.
Been there, tried
al Message-
From: Michal Zalewski [mailto:[EMAIL PROTECTED]
Sent: Sunday, August 03, 2003 4:07 PM
To: Curt Purdy
Cc: 'Jennifer Bradley'; [EMAIL PROTECTED]
Subject: RE: [inbox] Re: [Full-Disclosure] Reacting to a server
compromise
On Sun, 3 Aug 2003, Curt Purdy wrote:
> Jennifer, I
Hi!
> and what if all the connections were via proxy on the charged persons
> computer???
Normally you would find traces of something like that on the system.
> lets convict innocent people, i think not.
> condider the simple tcpredirect or a proxy, running on ( Jennifers )
> system, omg look, J
On Sun, 3 Aug 2003, Curt Purdy wrote:
> Jennifer, I made a reply to someone disagreeing with your statement on
> copying the drive, supporting your contention. However, most courts
> will not accept log files on magnetic media as evidence due to the ease
> of alteration. This is why we collect a
- Original Message -
From: "Curt Purdy" <[EMAIL PROTECTED]>
To: "'Jennifer Bradley'" <[EMAIL PROTECTED]>;
<[EMAIL PROTECTED]>
Sent: Sunday, August 03, 2003 1:29 PM
Subject: RE: [inbox] Re: [Full-Disclosure] Reacting to a server co
osure] Reacting to a server compromise
Also, don't forget to document everything! You have no idea if this
box was used for truly illicit purposes, instead of just trying to
break into other machines.
If the hacker was using your box to distribute child porn, mp3s, or
warez then you will loo
OTECTED]>;
<[EMAIL PROTECTED]>
Sent: Monday, August 04, 2003 12:11 AM
Subject: RE: [inbox] Re: [Full-Disclosure] Reacting
to a server compromise
> Negative. Ghost is as capapble
of making a bitwise copy of a drive (one of> two modes it has) as is dd
in *NIX. It is perfectly admissa
CTED]
Sent: Saturday, August 02, 2003 9:33 PM
To: [EMAIL PROTECTED]
Subject: [inbox] Re: [Full-Disclosure] Reacting to a server compromise
On Sun, 3 Aug 2003 01:38 am, Jennifer Bradley wrote:
> If this happens again, I would probably make a copy of the hard drive,
> or at the very least the log
14 matches
Mail list logo