funsec mailing list archives
Re: Holy Crap: Using a Command Prompt is 'SuspiciousBehavior'
From: "Andre' M. DiMino" <adimino () shadowserver org>
Date: Wed, 15 Apr 2009 07:49:36 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The cop talks about his experience as that is the requirement for an affiant in a Probable Cause statement. Also, the PC statement is not there to accuse or charge, but to state the reasons for requesting the warrant. Depending on they type of case, consent to search is usually requested first, and if denied, the PC process begins. Often, a great deal is learned about other parties and individuals by examining the initial suspect's computer. Many times also, that suspect is cleared and the investigation follows another trail. Andre' Andre' M. Di Mino - SemperSecurus The Shadowserver Foundation http://www.shadowserver.org Skype: sempersecurus AIM: sempersecurus "Make sure that nobody pays back wrong for wrong, but always try to be kind to each other and to everyone else." 1 Thessalonians 5:15 quispiam lepidus wrote:
On Wed, Apr 15, 2009 at 1:47 PM, Larry Seltzer <larry () larryseltzer com> wrote:I read the whole warrant and I think Paul has a point. The point about using 2 operating systems is strange and irrelevant, but there's a lot more in there than just accusing him of being technically sophisticated. And while there's definitely the accusation in there of evidence of crimes, I'm still not sure what he's accused of. Is it the outing incident? Is it the accusation that he hacked into the BC grading system to fix grades? Is it his "cache of approximately 200+ illegally downloaded movies as well as music from the internet"? That he "jail breaks" cell phones ("possibly stolen ones")? I suppose the lines about how sophisticated he is (the guy's name is Riccardo F. Calixte) are in there to tell the Judge that he's capable of the mass-e-mailing. Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blogs.pcmag.com/securitywatch/ Contributing Editor, PC Magazine larry.seltzer () ziffdavisenterprise comI wondered the same thing. The EFF appear to be alluding to the fact he's being charged for the gay profile + emailing to campus mailing list of said profile. I don't get how they think someone who's capable of changing grades would leave behind all of the evidence he did. They also stated he worked for the IT dept. Surely he'd be aware of the type of logging enabled on the campus network? Maybe the room mate in question is behind it all, they had a falling out, he accessed the accused PC, and did the rest himself. It'd explain all of the logs left behind ;) I love how the cop talks about his experience in the warrant application :) Also the justification on what they should take (people write down passwords you know!), "anything that can be used to store computer data, CPU's, scanners, books, yada yada". The central processing unit isn't somewhere i'd usually store data, especially when my pc is turned off. Scanner? Please. Books? Better take all the pens and paper in the house too. It reminds me of when a certain skiddie got busted a few years ago, and they took his alarm clock (non digital!). Anyways, I'll be interested to see how this one plays out. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEUEARECAAYFAknlycoACgkQPJaIJoADD64dFQCXQ0SDwcGiPdrHxarit+SNCq6k fwCgj8zXVAE8rMlR/lvmDg0jLvjFmV0= =Y4jk -----END PGP SIGNATURE----- _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Holy Crap: Using a Command Prompt is 'Suspicious Behavior', (continued)
- Re: Holy Crap: Using a Command Prompt is 'Suspicious Behavior' Paul M. Moriarty (Apr 14)
- Re: Holy Crap: Using a Command Prompt is 'Suspicious Behavior' Paul Ferguson (Apr 14)
- Re: Holy Crap: Using a Command Prompt is 'Suspicious Behavior' Paul M. Moriarty (Apr 14)
- Re: Holy Crap: Using a Command Prompt is 'Suspicious Behavior' Paul Ferguson (Apr 14)
- Re: Holy Crap: Using a Command Prompt is 'Suspicious Behavior' Paul M. Moriarty (Apr 14)
- Re: Holy Crap: Using a Command Prompt is 'Suspicious Behavior' Paul Ferguson (Apr 14)
- Re: Holy Crap: Using a Command Prompt is 'SuspiciousBehavior' Larry Seltzer (Apr 14)
- Re: Holy Crap: Using a Command Prompt is 'SuspiciousBehavior' Paul Ferguson (Apr 14)
- Re: Holy Crap: Using a Command Prompt is 'SuspiciousBehavior' quispiam lepidus (Apr 15)
- Re: Holy Crap: Using a Command Prompt is'SuspiciousBehavior' Larry Seltzer (Apr 15)
- Re: Holy Crap: Using a Command Prompt is 'SuspiciousBehavior' Andre' M. DiMino (Apr 15)
- Re: Holy Crap: Using a Command Prompt is 'Suspicious Behavior' Paul Ferguson (Apr 14)
- Re: Holy Crap: Using a Command Prompt is 'Suspicious Behavior' Paul M. Moriarty (Apr 14)
- Re: Holy Crap: Using a Command Prompt is 'Suspicious Behavior' Richard Golodner (Apr 14)
- Re: Holy Crap: Using a Command Prompt is'Suspicious Behavior' Larry Seltzer (Apr 15)
- Re: Holy Crap: Using a Command Prompt is 'Suspicious Behavior' Paul Vixie (Apr 14)