Security Incidents mailing list archives

Re: backdoor

From: "Mike Lewinski" <mike () rockynet com>
Date: Sun, 23 Jun 2002 14:50:57 -0600

"Hugo van der Kooij" wrote Sunday, June 23, 2002 3:07 AM

However leaving a compromised system online makes you guilty of criminal
neglect. (Aiding and embedding criminals and all that sort of thing.)


IANAL, but my understanding is that if you want to prosecute the offender,
you shouldn't touch the box again after discovering the compromise (i.e.
could be construed as tampering w/ evidence).

Just one of many legal catch-22's I've run into on the job.

Personally, I'd prefer the risks of not being able to prosecute over my own
criminal neglect liability.

Mike


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

Re: backdoor, (continued)
- Re: backdoor steveg (Jun 23)
  - Re: backdoor Ken Fischer (Jun 25)
- Re: backdoor Hugo van der Kooij (Jun 23)
  - Re: backdoor Jonas M Luster (Jun 23)
    - Re: backdoor Kyle R. Hofmann (Jun 24)
    - Message not available
    - Re: backdoor Jonas M Luster (Jun 24)
    - Re: backdoor Hugo van der Kooij (Jun 26)
    - Re: backdoor Greg A. Woods (Jun 26)
    - Message not available
    - Re: [incidents] Re: backdoor Jonas M Luster (Jun 25)
    - RE: [incidents] Re: backdoor Don Weber (Jun 26)
  - Re: backdoor Mike Lewinski (Jun 23)
    - Re: backdoor Eric Rostetter (Jun 26)
- RE: backdoor Rob Keown (Jun 23)
- Re: backdoor Christopher L Calvert (Jun 25)
  - Re: backdoor Valdis . Kletnieks (Jun 26)
- RE: backdoor Liam Grant (Jun 26)