Re: Re: Guidance Software Customer Database Hacked?

["J.A. Terranson" <measl () mfn org>]

Jason,

        While I agree that Guidance's products suck (I have converted a fair
number of people and agencies to Access Data's FTK product), that's a
totally separate issue from your multi-topic tirade.

        So, lets address these sequentially:

(1) Yes, it is widely believed that they lost control of their database
(couldn't have happened at a worse time either - their product line is
losing ground every day, and now their corporate security posture is shown
to be as fragile as their software! ROFL!);

(2) Greed?  They are ALL driven by greed Jason.  That's what companies
*do*!

(3) Yes, they only care that their products sell.  Again, thats what
companies are formed for.  Yes, they succeeded for several years in
convincing LEAs that theirs was the only thing that existed.  Thats
rapidly changing.

(4) The wrongful convictions you're talking about are from many things:
incompetent examiners, improper proceedings, (yes, we could go on and on
and on here).  It's interesting to note that the [clearly improper use of
computer forensic evidence] can be described as specific to individual
Courts.  For instance, in the 8th Ct., such misuse is very rare, while
over in California-ville, it's an everyday event.  Eventually, the
Supremes need to look at this and clamp down.  Until then, we all better
hope that we're in a place that really knows which way is up!

(5) There IS a "Death Penalty" for Corporations: revocation of their State
Charter.  Anyone can start the process: get going!

Loveya!

//Alif

(Yes, I am a forensic examiner.  Yes, I do defense work.  Yes, Jason is
almost always right on this stuff, but he's starting to get a little
frayed at the edges...)



On Sun, 18 Dec 2005, Jason Coombs wrote:

> Date: Sun, 18 Dec 2005 20:07:57 +0000 GMT
> From: Jason Coombs <jasonc () science org>
> To: computerforensics () forensicfocus com
> Cc: Full-Disclosure <full-disclosure () lists grok org uk>,
>      Bugtraq <bugtraq () securityfocus com>,
>      'Samuel Norris' <liusiguang () yahoo com>
> Subject: [Full-disclosure] Re: Guidance Software Customer Database Hacked?
>
> Guidance Software is an unethical company driven by greed.
>
> They truly do not care that their products and their training are flawed.
>
> Guidance cares only that its products sell, and for them to sell as widely as possible they need to convince law 
> enforcement agencies that in order to do 'computer forensic investigations' you need to license their products.
>
> Has this resulted in wrongful convictions of innocent persons based on Guidance Software's brand of flawed computer 
> forensics? Absolutely, yes. Does Guidance care? Absolutely, not.
>
> There needs to be a death penalty for corporations.
>
> Regards,
>
> Jason Coombs
> jasonc () science org
>
>
> -----Original Message-----
> From: "dave kleiman" <dave () isecureu com>
> Date: Sun, 18 Dec 2005 11:23:38
> To:<computerforensics () forensicfocus com>
> Cc:"'Samuel Norris'" <liusiguang () yahoo com>
> Subject: RE: Guidance Software Customer Database Hacked?
>
> Samuel,
>
> Inline......
>
>
>      Dave,
>
>      > Does anyone know the if the user database at Guidance
>      software was
>      > truly hacked?
>      >
>
>      An associate received the same letter that you cite,
>      and called the phone number that was given with the
>      lettter.  He got what he called 'grudging
>      confirmation'.  As a side note, he was as concerned
>      that they had retained his credit card information for
>      2 years as he was about their getting hacked.  It is
>      pretty much all over the Net. now, including the UK.
>
>
> That is right they , should only keep that data at the customers request.
> Additionally, under those circumstances, keep it in a separate **ENCRYPTED**
> database from the customer personal information.
>
>
>
>      As for their notification letter, their headquarters
>      are located  in Pasedena, CA.  As a CA corp., they are
>      required by CA law to notify all those affected when a
>      security breach occurs - don't let them fool you, they
>      had to contact.
>
>
> I know they had to....my big concern is... It happened in November, they did
> not discover it until Dec., then they decide to notify "only" by postal mail
> (as required by CA law).  They are a incident response / forensic company,
> you think they would know and value the importance of getting the word out
> quickly.
>
>
>
>      Being an investigative kind of guy, if find it
>      interesting from a customer volume standpoint tnat
>      their 'customer base' is only 3,800+.  If you buy into
>      their 'best thing since in-door plumbing' marketing,
>      one would think that those numbers would be higher.
>
>
> Remember, a lot of their business is large corporations and Law Enforcement
> agencies, most of which do business by P.O., I understand it was only their
> CC customer database that was hacked.
>
>
>      > It would be nice to hear something from Guidance.
>      > If they are trying to be
>      > hush hush about it, I think it would cause more
>      > damage than putting the
>      > cards on the table.....
>      >
>
>      It would be totally out of character, in my opinion,
>      for them to make a public disclosure.  They can't even
>      admit that their product has problems.
>
>
> You mean like this... gathered from several message boards...mailing lists
> etc..
>
>
> ----------------snip------------------
>
> "I have a case involving a lot of deleted files, I examined the drives using
> 4.22a and 5.04a. Version 4 shows me dozens of deleted files and directories
> in the recycle bin, version 5 only shows me a fraction of the files. I
> called Guidance software and talked to some guy from England who is going to
> call me back, but he had no clue why one version would show so many more
> files in the recycle bin than the other....
>
> ...It isn't just pix files, there are a lot of files of all types showing in.
> 4 that are not showing in 5...."
>
>
> According to EnCase Tech Support, any deleted file listed in V4 may or may
> not be displayed in the correct place in regard to its location within the
> file structure.
>
> ******* So, if you've testified or reported regarding the location of a
> deleted file and it's meaning using V4, you might or might not have been
> telling the truth.******
>
> Essentially, according to Tech support, when using V4 one can not say with
> any certainty regarding the location of any deleted file shown  V4.
>
> They said there was a white paper regarding the issue that they would send
> me.
>
> After several emails and phone calls the best I'm able to get out of the
> EnCase geeks in regard to this issue is that the location of deleted files
> within the file structure in V4 might be as shown by V4, or, it might be
> incorrect in where it shows the files located in regard to the file/folder
> structure.
>
> As far as V5, it is more "accurate" in where it shows deleted files located
> within the file structure but keep in mind that "certain assumptions" are
> still being made in placing those files.
>
> Oh, and there is no "White Paper" regarding this issue as I was told
> originally."
>
> Just wanted to add that we found the same problem with unreported deleted
> files in Enterprise version 5 . We went back to 4 because of this problem
> and the instability exhibited in 5. Calls to EnCase said they had not heard
> of any problems? They seem to be getting a bit too big for their britches
> and their quality control has gone out the window. I suggest you stick to
> v.4 for a while.
>
>
> ----------------snip------------------
>
>
>      Regards,
>
>      Samuel Norris
>      Center for Digital Forensic Research, Inc.
>
>
> Regards,
>
> Dave
>
>
>
> Forensic Focus (http://www.forensicfocus.com) email list addresses:
>
> Post message: computerforensics () forensicfocus com
> Help address: computerforensics-help () forensicfocus com
> Unsubscription address: computerforensics-unsubscribe () forensicfocus com
>
>
> .

-- 
Yours,

J.A. Terranson
sysadmin () mfn org
0xBD4A95BF


        Just once, can't we have a nice polite discussion about
        the logistics and planning side of large criminal enterprise?

        - Steve Thompson


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/