Full Disclosure mailing list archives
RE: [inbox] Re: Reacting to a server compromise
From: Michal Zalewski <lcamtuf () coredump cx>
Date: Wed, 6 Aug 2003 10:07:17 +0200 (CEST)
On Tue, 5 Aug 2003, Curt Purdy wrote:
The key here is to have the paper handled by only one person and witnessed by another and the access to that paper by only that person.
[...] On Tue, 5 Aug 2003 Valdis.Kletnieks () vt edu wrote:
It's kind of hard to replace sheet 1,487 from a box of fanfold paper. :)
That's different. You're suddenly introducing certain additional circumstances that render the approach more reliable. However, I was arguing only with the original statement that claimed that logs on read-write media are not admissable in the court, whereas read-only media is. Period. Once again, IANAL, maybe that is the case, although it is contrary to what I've heard. I don't believe that would be reasonable. I don't think there's an essential difference between storing logs on, say, cd-r as opposed to cd-rw or magnetic tapes (or even a trusted monitoring system, in some cases), as long as the material is handled the same way and there is no integrity protection - be it the relative difficulty of replacing a single sheet in a bulk amount of fanfold paper, yes, or some cryptographic signatures on every recorded CD that are backed by a trusted hardware and OS. *If* there is a difference in how the media is handled, or if there is a physical or cryptographical method of ensuring the integrity and authenticity of every piece, it would be different, I'm not arguing with that. -- ------------------------- bash$ :(){ :|:&};: -- Michal Zalewski * [http://lcamtuf.coredump.cx] Did you know that clones never use mirrors? --------------------------- 2003-08-06 09:57 -- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: [inbox] Re: Reacting to a server compromise, (continued)
- RE: [inbox] Re: Reacting to a server compromise Curt Purdy (Aug 04)
- RE: [inbox] Re: Reacting to a server compromise Ron DuFresne (Aug 04)
- RE: [inbox] Reacting to a server compromise Curt Purdy (Aug 03)
- Re: Reacting to a server compromise Jennifer Bradley (Aug 02)
- RE: [inbox] Re: Reacting to a server compromise Curt Purdy (Aug 03)
- RE: [inbox] Re: Reacting to a server compromise Michal Zalewski (Aug 03)
- RE: [inbox] Re: Reacting to a server compromise Curt Purdy (Aug 04)
- RE: [inbox] Re: Reacting to a server compromise Michal Zalewski (Aug 05)
- RE: [inbox] Re: Reacting to a server compromise Curt Purdy (Aug 05)
- RE: [inbox] Re: Reacting to a server compromise Bojan Zdrnja (Aug 06)
- RE: [inbox] Re: Reacting to a server compromise Michal Zalewski (Aug 06)
- Re: [inbox] Re: Reacting to a server compromise Valdis . Kletnieks (Aug 05)
- RE: [inbox] Re: Reacting to a server compromise Curt Purdy (Aug 03)
- Re: [inbox] Re: Reacting to a server compromise morning_wood (Aug 03)
- Re: [inbox] Re: Reacting to a server compromise Peter Busser (Aug 04)
- Re: Reacting to a server compromise SecuresDotComs (Aug 02)
- Re: Reacting to a server compromise madsaxon (Aug 02)
- RE: [inbox] Re: Reacting to a server compromise Curt Purdy (Aug 03)
- Re: [inbox] Re: Reacting to a server compromise Gaurav Kumar (Aug 03)
- Re: Reacting to a server compromise Alexandre Dulaunoy (Aug 03)
- RE: [inbox] Re: Reacting to a server compromise Curt Purdy (Aug 04)