<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2900.2722" name=GENERATOR></HEAD>
<BODY text=#000000 bgColor=#ffffff>
<DIV dir=ltr align=left><SPAN class=000330314-04092005><FONT face=Arial
color=#0000ff size=2>All,</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=000330314-04092005><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=000330314-04092005><FONT face=Arial
color=#0000ff size=2>I do find this like of discussion very interesting.
However, there has been so much discussion that it's getting difficult to
folllow. Therefore, I'd like to make the following recommendation for
future posts.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=000330314-04092005><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=000330314-04092005><FONT face=Arial
color=#0000ff size=2>1. Minimize the text you to which you are replying to
the pertinent info.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=000330314-04092005><FONT face=Arial
color=#0000ff size=2>2. Everyone use the same method of replying..
(i.e. inline, top or bottom) I don't care which but it's really getting
tough to follow.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=000330314-04092005><FONT face=Arial
color=#0000ff size=2>3. Keep the discussion going as I'm really getting
alot out of this. ;-)</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=000330314-04092005><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=000330314-04092005><FONT face=Arial
color=#0000ff size=2>Sincerely,</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=000330314-04092005><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=000330314-04092005><FONT face=Arial
color=#0000ff size=2>Chuck Fullerton</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=000330314-04092005></SPAN> </DIV><BR>
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> full-disclosure-bounces@lists.grok.org.uk
[mailto:full-disclosure-bounces@lists.grok.org.uk] <B>On Behalf Of </B>Steve
Kudlak<BR><B>Sent:</B> Sunday, September 04, 2005 1:45 AM<BR><B>To:</B> dave
kleiman<BR><B>Cc:</B> 'Craig, Tobin (OIG)'; echow@videotron.ca; 'Sadler,Connie';
jbeauford@EightInOnePet.com; 'Full-Disclosure';
security-basics@securityfocus.com<BR><B>Subject:</B> Re: [Full-disclosure] RE:
Computer forensics to uncover illegalinternet use<BR></FONT><BR></DIV>
<DIV></DIV>dave kleiman wrote:
<BLOCKQUOTE cite=mid200509040455.j844tDhR030996@ylpvm20.prodigy.net type="cite"><PRE wrap="">Steve,
Inline..
</PRE>
<BLOCKQUOTE type="cite"><PRE wrap="">Hate to play alwyer here but doesn't all of this get shot down by 3rd
Circuit Federal Court of Appeals decisions regarding the FBI's
Innocent Images project? It basicly shot down the concept of "you
clicked on a chold porn link therefore you're guilty."
</PRE></BLOCKQUOTE><PRE wrap=""><!---->
Well that applies to when it is determined that it was innocent. This could
be via pop-up, trojan, or maleware of some kind.
</PRE>
<BLOCKQUOTE type="cite"><PRE wrap="">This is all enshired in Federal
Cases. No one must admit that a good prosecutor can indioct a ham
sandwich and all that. But overall that doesn't happen.
Now Federal Prosecutors and Investigations staffs are very good at
sort of getting warrants and raiding someone's house or business and
going thru everything. But if the person doesn't scare and cop to
something they never did, then federal prosecutors generally have to
back off in cases where it is just things accumulating on disks etc.
</PRE></BLOCKQUOTE><PRE wrap=""><!---->
Well they do not usually prosecute ham sandwiches, BLT's maybe.
I love how everyone is quick to say things just magically accumulated on
their H/D. However, they tend not back of when a file structure is found
with hundreds of images, often burned to CD's.
</PRE>
<BLOCKQUOTE type="cite"><PRE wrap="">Futhermore in
states with a high privacy expectation like California there is a good
reason to say "We don't go through our customers data looking for
things out of the ordinary". One might argue it to be different it
were one's employees. However if you are offering a primo privacy
service then you can legitimately scrub disks as a part of the biz
plan.
</PRE></BLOCKQUOTE><PRE wrap=""><!---->
Well that may be, of course you missed the beginning of these threads, where
Mr. Combs suggested after discovering contraband on and employees H/D, to
make a copy of it take the copy to the companies attorney. Wipe the original
and "best course of action is to purposefully falsify the record of the
company's response to the incident"
The full threads can be read here:
<A class=moz-txt-link-freetext href="http://seclists.org/lists/security-basics/2005/Sep/subject.html">http://seclists.org/lists/security-basics/2005/Sep/subject.html</A>
<A class=moz-txt-link-freetext href="http://seclists.org/lists/security-basics/2005/Aug/subject.html">http://seclists.org/lists/security-basics/2005/Aug/subject.html</A>
</PRE>
<BLOCKQUOTE type="cite"><PRE wrap="">Much of Law Enforcement and theiir Public Providers of services
depends on scaring people and businesses into good behavior when it is
neither necessary or ethical. My suspicion is that one can ignore this
tactic if one wishes as one is reasonably careful.. I am sure that
people will be offereing "Computer Forensics Services" to find the
scary things on your compnys disks for $500 a pop but no good reason
one has to engage in such silliness.
</PRE></BLOCKQUOTE><PRE wrap=""><!---->
Yes that crazy scaring people into good behavior....... Oh wait that is
right only reasonably prudent people follow the law, criminals tend to not
care if there is law against something, they are not scared into not
committing crimes, that is why they are criminals.
Kind of like the lawlessness that is occurring in the situation you
mentioned below. Some people would say that the devastation has turned
these people into criminals. Although, the reality is the people committing
the crimes are the same ones that were committing them before the
devastation.
</PRE>
<BLOCKQUOTE type="cite"><PRE wrap="">Excuse my flipness. I just got through friends caught up in this call
people stranded and alone by the hurricane in the SOuthland and all
these other things do ring silly right now.
</PRE></BLOCKQUOTE><PRE wrap=""><!---->
Regards,
Dave
</PRE></BLOCKQUOTE>For a long time I sysop'd an open system, I dunno how much
time I ended up deleteing "girl with vaccum cleaner" pictures. This is getting
weirder and weirder because with photoshop people can create things that do not
exist in real reality. Of course you have really funny things like this one
image that was from Japanese advertizing. They had a 10 year girl with this
incredibly large pretty phallic looking squirt gun which she was squirting with
a look of bliss on her face. It was pretty funny. It was funny how when showed
this image it became a "cynicism filter". People would divide into the group
that thought this was completely enmgineerd from the get-go and those who
thought it was just some werid thing that came out and no one noticed it, or
that it was the product of the fact that much of Japanese Culture doesn't
quite go looking for all possible suggestive variants. It really became a
filter.<BR><BR>Now my suspicion about people in the US Southland is that it is a
bit of opppurtunism in the face of despair and the feeling that "whitey has been
shitting on us for centuries". Me being on the North American West Coast
doesn't notice that because there were no slave quarters and slave markets in
California, Washington, Oregon, British Columbia and we are apt to think a
"quadroon" is a small gold coin that would be nice to find in one's progentitors
coin collection. I don't think it is because there is just a massive criminal
element hidden from us. Now some of the behavior sounded like what I found in my
tenure at a small residential hotel. From the last week of the month to the
first week of the next month a number of curious items would end up for sale. It
was always curious to imagine where these items came from, some were
legitimatgely obtained, others probably not. There was always an argument among
the low rent district types that universally almost always aligned as "crazy
white guys accusing mexicans of shop lifting and reselling, whereas many of the
items they had could be seen as coming from equally questionable sources.
<BR><BR>Now if one talks to Federal Proscutors they will tell you that they feel
comfortable with their "Vacuum Cleaner" approach. They feel if they do go and
get everyone questionables stuff and go through it, then one will be able to
determine how many folks had thing accumulating on their disk and how many
actively collected it etc. Now interestingly with the Third Circuit's Decision
which is close to rock solid at this point in precdent, people like journalists
would sort of get wide descretion especially if they were working on stories and
doing investigations etc. <BR><BR>Two other things come in here. In both the US
Ninth Circuit and Upper Level Courts of British Columbia it has been held that
one can not commit crimes against "virtual children" or "animated descriptions
of children etc". This means the general belief in liberal democracies
that "thought crimes" are questionable is beginning to be enshired in code and
precedent. I am pretty sure this is well embedded in North American Culture and
is apt not to go away even with the idea, darfe I say spectre two very
conservative reversalist judges on the Supreme Court. Note I have not had time
to study how things work in the EU or even Australia. <BR><BR>Now
technoculturally want this may eventually provoke is the use of high grade
encryption by more people. Right now I know even artists who hqave become more
technologically saavy and who encrypt things even when legal code is on their
side overall. In the 1970s and 1980s there were a number of legal razzlements of
artists who used their children as nude models no matter how innocent. This went
too far and eventaully what got established is the concept that "simple nudity
is not obscene". It is interesting because artists are not usually seen as
users or consumers of secuiity products and things like
encryption.<BR><BR>Anyway this is all very interesting and we do live in
interesting times. So it will be interesting to see how this will go and whether
the bizness idea of trying to safe from all possible wrongdoing or perceived
wrongdoing will win out overall. I know lots of vendors and security consultants
have been hoping that "porn protection" would turn into a lucerative field but
so far it doesn't compare to virus and malware protection. <BR><BR>Interestingly
in artist circles the whole imaging thing has turned into "sousveillence" and
artists have been having way too much fun turning the cameras back on the people
who usually use them. It is interesting that people like Sudo Chiles House
who was one of the first people to install a "cam" which in her case was a 35mm
camera that took pictures regularly of her bedroom is all buit forgotten in the
modern installatiion of cams in various public and private spaces. Note the UK
and places in Florida have been very much into the "you are being watched"
theory of crime control. I also have heard tales of "spy camera
destroyers" who have been running around spray painting cameras but I think that
is not widespread at this point. Hmmm, indeed these are interesting times.
whether it is a blessing or a curse is an open question.<BR><BR>Have
Fun,<BR>Sends Steve<BR><BR><BR></BODY></HTML>