funsec mailing list archives
Re: Police blotter: Web cookies become defendant's alibi
From: "Dr. Neal Krawetz" <hf () hackerfactor com>
Date: Fri, 27 Oct 2006 11:00:07 -0600 (MDT)
Hi Richard, On Fri Oct 27 07:07:56 2006, Richard M. Smith wrote:
A few quick comments. a). An IE cookie files contains an internal time stamp which is much harder to fake than file timestamps. b). Regardless of the timestamp of the cookie files, it is unknown who was at the keyboard whent the cookies files were made or accessed. c). A more complete investigation may have found other files on the hard drive in the timeframe of interest. Richard _____ http://news.com.com/Police+blotter+Web+cookies+become+defendants+alibi/2100- 1047_3-6129993.html?tag=nefd.top
Granted, I only know what I read in the news article. (And we know how thorough and accurate news reporters generally are... No offense Larry. ;-) Based on what I read, this seems pretty shoddy as far as defense goes. - Cookies have lots of timestamps. Some are set by the browser, some (e.g., expiration) are set by the server, and some can be embedded in the cookie itself. Since servers usually use a static expiration offset (e.g., expire in 30 minutes or in 7 days), they can use that to correlate the date. (Still can be forged, but not as well known.) - I agree with you -- why not get the web logs? - He said he was shopping online. Did he buy anything? If so, then his credit card transaction will have a timestamp that he cannot forge. (Does not mean "he" used the credit card, but does lend credibility.) - Was his car engine warm? Driving 27 miles has a warm engine; parked for 30 minutes (reportedly according to timestamps) is a cool engine. Then again, he said he doesn't own that type of car. Did they check if any of his friends have that kind of car? - Most major traffic intersections have cameras. Did any camera pick up the vehicle? Can you see the driver -- is it him? - Was the entire conviction based on witness accounts? Witnesses are known to be unreliable and inconsistent. And a police officer said he saw nobody in the area matching the description -- was "anybody" seen in the area (regardless of match)? Was there any physical evidence showing he was there? Way too many holes... At least from the news report. However, if the court case actually addressed these items, then maybe the ruling was accurate. -Neal -- Neal Krawetz, Ph.D. Hacker Factor Solutions http://www.hackerfactor.com/ Author of "Introduction to Network Security" (Charles River Media, 2006) http://www.charlesriver.com/Books/BookDetail.aspx?productID=126130 _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Police blotter: Web cookies become defendant's alibi Richard M. Smith (Oct 27)
- Re: Police blotter: Web cookies become defendant's alibi Dr. Neal Krawetz (Oct 27)