RE: guilty until proven innocent?

[Blanchard_Michael () emc com]

 are we all missing something?  The school is running Web blocking software, lets assume that someone manages this 
product and they are blocking all the "naughty" sites students aren't supposed to go to.  With this being the case, any 
site he can get to is fair game for him to view, because all the "bad" sites are being blocked by this software.  

  He could have gone to that site simply to say, "Hmmmm, this site isn't being blocked...".

  I myself se no problem with him seeing how to build a bomb.  The Encyclopedia Britannica has diagrams on how to build 
a nuclear bomb, so what?  It's interesting reading if you ask me :-) 

Information isn't harmful.... Just because he read how to make a bomb, doesn't mean he's going to go out and create one 
and blow up the world.   Heck, most of us have studied many different kinds of viruses/worms/torjans... How many of us 
have actually created one?  Close to none of us I would say...


  Of course, with that said, he could be lying through his teeth about never using IE.... :-)

 Mike b


Michael P. Blanchard 
Antivirus / Security Engineer, CISSP, GCIH, MCSE, MCP+I 
Office of Information Security & Risk Management 
EMC ² Corporation 
4400 Computer Dr. 
Westboro, MA 01580 
email:  Blanchard_Michael () EMC COM 

-----Original Message-----
From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Mary Landesman
Sent: Monday, January 23, 2006 12:41 PM
To: FunSec [List]
Subject: Re: [funsec] guilty until proven innocent?

It's true that Blogger composing can't be done on Safari - it's why I
wondered in the first place.

> but _at home_ he may generally prefer
> Firefox _on his Windows machine

In another post 'Josh' says he has no computer access outside of school. And
he says he disabled mail-to-blog posting. A number of his blog posts are
during the week, during normal school hours, and not on a date you would
expect there to be a school holiday - including his senior picture post
which he says he scanned at school (and the post date/time is during school
hours). It also appears that he is using his local time zone, vs. GMT, so
it's not an error being introduced that way.

So on the surface it appears that at least some of the time he is composing
at school. Using 'something' other than Safari.

FWIW, blogger authoring can be done on Firefox, Mozilla, and Netscape - so
it doesn't HAVE to be IE. Just not Safari or AOL. It seems to me that if he
were a Firefox and Safari user, he would create a template that played
nicely with those browsers. Instead, it is "Designed on and best viewed with
Microsoft Internet Explorer 6." All of which leads me to think he quite
possibly IS using IE, and almost certainly at school, at least part of the
time.

Of course, even if he is using IE at school, it doesn't mean he is looking
at ways to blow up his classmates. But it also seems to me that if the
school is bothering to use screencapturing monitoring to spy on their
students, they can correlate those captures with the user logged in.

I also don't think that just because he viewed a website that pertained to
the subject (abhorrent and appalling as it is), that it's necessarily a sign
of any guilt. He could have landed there accidentally after clicking a link
in a search engine, realized what it was, and backed out immediately.

So I in no way mean to imply I think this kid is brewing bombs.

But I do doubt his claim that he never uses IE in school. And if that should
turn out to be a lie, then I start doubting more of his story.

-- Mary


----- Original Message ----- 
From: "Nick FitzGerald" <nick () virus-l demon co uk>
To: "FunSec [List]" <funsec () linuxbox org>
Sent: Monday, January 23, 2006 5:51 AM
Subject: Re: [funsec] guilty until proven innocent?


Mary Landesman wrote:

> Hmm... well, a real quick look shows one little wrinkle in his story:
>
> Josh claims: "This is a screenshot from Internet Explorer.  I never use
> Internet Explorer; I use Safari."
>
> His website says: "Designed on and best viewed with Microsoft Internet
> Explorer 6."
>
> So you might think it's because he uses a stylesheet from someone else.
But
> no, according to the source:
> -------------------------------------------
> Blogger Template Style
> Name:     Christmas (v J.1.0090)
> Designer: Josh Clark [jgclark123(at)gmail(dot)com]
> URL:      http://jgclark123.blogspot.com
> Date:     23 Dec 2005
> -------------------------------------------
>
> So, at least as of 23 Dec 2005, Josh not only used Internet Explorer, he
> apparently could only design for it as well.

I noticed that too, but...

We know nothing about Josh's _home_ computing environment.

We do know that _at aschool_, _on the Macs_ he claims to only use
Safari (which is quite plausible, at least assuming he does not also
have Firefox as an option...), but _at home_ he may generally prefer
Firefox _on his Windows machine_ (for much the same reasons he claims
to prefer Safari over IE on the Macs at school) _BUT_ perhaps he "must"
use IE for his blog-authoring?

A quite conceivable _and consistent with what we can assume we know_
position _that is not contradictory of anything claimed by Josh_ is
quite possible...


Regards,

Nick FitzGerald

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.