Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Security Event / Customer Reporting

From: "Tyrannis Von Nettesheim" <tyrannis () wwc com>
Date: Fri, 13 Jul 2001 11:57:40 -0400
Folks:


From the battlefield trenches of dealing with the constant ebb and flow of

residential customers compromised generally due to the expected holes in
Microsoft products, I have yet to get myself or hear of a request from any
entity (with the exception of legitimate, authorized government
investigators) for forensic data analysis from their own "home" networks.

In a recent posting here, I read an opinion that people should be prepared
to provide this.

This is absolutely abhorrent, and leads us all down the slippery slope of an
Orwellian society.

Customers, unless engaged in financial business or other business with
regulatory requirements, should not be ever subjected to anything near a
requirement to store their own data, or be prepared to provide historical
data. At the surface, this violates privacy concerns. Deeper under the
surface, it would make security professionals de-facto extensions of law
enforcement in a very unregulated way. This immediately makes one think of
government "strong-arming" a security professional into providing data, but
this works the other way too - where a well-intentioned, but overzealous
security engineer discloses confidential data improperly or commits a
procedural error that leaves an employer exposed legally. This is why we
have courts, judges, magistrates, search warrants, process, and procedure,
to ensure that requests for confidential data and privacy intrusions are
well-formed and within the bounds of current law.

Stepping above the day-to-day techie mindset we're in, it's interesting to
consider the question of : "Who owns a packet once it's off your network?".
Current US law seems to view examining transit traffic like radio
interception - a no-no, for the most part. There's also the huge issue of
how to prove / maintain a chain-of-evidence, yet another slippery slope in
the digital crime era. =(

-T




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

"...Far better is it to dare mighty things, to win glorious triumphs
even though checkered by failure than to take rank with those
poor spirits who neither enjoy much nor suffer much because they
live in the gray twilight that knows neither victory nor defeat..."

                                -Theodore Roosevelt, 1899.




----------------------------------------------------------------------------


This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see:

http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: