Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: What are your opinions on this
From: Mike Messick <mikem () tridigitalenterprises com>
Date: Wed, 9 May 2007 14:03:13 -0800 (AKDT)


Hi Scott,

I'd be quite interested in reading the article you're referring to; if you
still have a link to it, please post it to the list.

Not having read the article I'm making about a 1000 assumptions here, but
from an evidence preservation standpoint, hacking into a suspects box
would be a defense attorney's dream come true as the prosecution would not
be able to prove the police didn't:

        a)  use trojaned tools that planted bad stuff on the suspect's
            machine
        b)  break any laws regarding computer intrusions.  

The last time I checked, having a search warrant did not give police any
additional powers that would allow them to break laws while carrying out
the search.  Except where specifically stated in statutes that an
affirmative defensive consists of a law enforcement officer carrying out
their official duties, police have to abide by the same laws as everyone
else.

Granted, there are cases where FBI agents have done things like plant
keystroke loggers in machines owned by the mafia to recover/preserve
decryption keys, but those actions are akin to wiretapping and
interception of data while in transit (where affirmative defenses exist
for LE and the tools used were developed by the FBI and stand up under
forensic scrutiny), not system intrusions.

Oh, and if the NSA is hacking your machine, you've got far bigger problems
to worry about.

Just my 2 cents worth...

-Mike.

On Wed, 9 May 2007, scott wrote:

Just read an article about local police being able(by law)to hack a 
suspects box from the net.

Really makes you wonder where the real problem lies.They(F-Secure)did a 
poll to gauge public response.

Take a look and say what you feel:
http://www.f-secure.com/weblog/archives/archive-022007.html#00001115
Mikko Hypponen wrote an article in SC magazine where he said,"Police are 
generally  trained in law enforcement and criminal investigation,not 
data security.".
 "Online house searches",as they are called are already happening!DUH!

But do you want your local police hacking people,or would you rather 
just leave it to the NSA?Hmmmm.

Just a thought,
   Scott

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------



------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault