Re: [Full-disclosure] Re: pnp worm unknown variant - post infectionactions

• Previous message: Aditya Deshmukh: "RE: [Full-disclosure] Re: pnp worm unknown variant - post infectionactions"
• In reply to: Aditya Deshmukh: "RE: [Full-disclosure] Re: pnp worm unknown variant - post infectionactions"
• Next in thread: Morning Wood: "Re: [Full-disclosure] Re: pnp worm unknown variant - postinfectionactions"
• Reply: Morning Wood: "Re: [Full-disclosure] Re: pnp worm unknown variant - postinfectionactions"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 16 Aug 2005 21:56:11 -1000
To: adityad2005@users.sourceforge.net

Aditya Deshmukh wrote:
> suppose we have VNC installed and that is used to take control of the
> computer and the actions show up as done by the user - would it not be
> caught by law enforcement ?

What, you expect them to take an inventory of all of your installed
software? You think there are "scientific standards" for "computer
forensic" examinations? Are you expecting law enforcement to also be
expert infosec gurus and do exhaustive searches through hundreds of
gigabytes of data looking for the needle in the haystack?

What about Metasploit, which will gladly inject a RAM-only WinVNC server
and give complete remote control without "installing" WinVNC anywhere on
the hard drive?

If your Windows box gets owned by such a thing, and you end up accused
of the crimes that the attacker committed while they were in control of
your box, you can kiss your ass goodbye.

This is what I'm trying to correct. And I'm not alone, but I am in the
minority. Your help would be most welcome, but I honestly don't know
what you can do...

Just be aware, gather proof that "computer forensics" as it is practiced
today has very serious flaws, and tell others.

I predict that we will see a wave of convictions overturned, and
prisoners released, based on faulty computer forensic evidence, that
will make wrongful convictions based on faulty DNA evidence seem
insignificant by comparison.

Regards,

Jason Coombs
jasonc@science.org
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

• Previous message: Aditya Deshmukh: "RE: [Full-disclosure] Re: pnp worm unknown variant - post infectionactions"
• In reply to: Aditya Deshmukh: "RE: [Full-disclosure] Re: pnp worm unknown variant - post infectionactions"
• Next in thread: Morning Wood: "Re: [Full-disclosure] Re: pnp worm unknown variant - postinfectionactions"
• Reply: Morning Wood: "Re: [Full-disclosure] Re: pnp worm unknown variant - postinfectionactions"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]