Security Incidents mailing list archives
Re: backdoor
From: Eric Rostetter <eric.rostetter () physics utexas edu>
Date: Sun, 23 Jun 2002 23:53:24 -0500
Quoting Mike Lewinski <mike () rockynet com>:
"Hugo van der Kooij" wrote Sunday, June 23, 2002 3:07 AMHowever leaving a compromised system online makes you guilty of criminal neglect. (Aiding and embedding criminals and all that sort of thing.)IANAL, but my understanding is that if you want to prosecute the offender, you shouldn't touch the box again after discovering the compromise (i.e. could be construed as tampering w/ evidence). Just one of many legal catch-22's I've run into on the job.
You can touch, as long as you document appropriately what you touch and have a valid chain/record of custody for everything including your notes. There are many sites on the web which try to teach how to do this (document, date/sign everything, chain of custody, how to work on copies rather than the original, etc). The problem of course is how exactly to do these things changes from area to area, so you should always check with local legal folks if possible before, during, and after you touch anything ;) -- Eric Rostetter The Department of Physics The University of Texas at Austin "TAD (Technology Attachment Disorder) is an unshakable, impractical devotion to a brand, platform, product line, or programming language. It's relatively harmless among the rank and file, but when management is afflicted the damage can be measured in dollars. It's also contagious -- someone with sufficient political clout can infect an entire organization." --"Enterprise Strategies" columnist Tom Yager. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Re: backdoor, (continued)
- Re: backdoor Ken Fischer (Jun 25)
- Re: backdoor Hugo van der Kooij (Jun 23)
- Re: backdoor Jonas M Luster (Jun 23)
- Re: backdoor Kyle R. Hofmann (Jun 24)
- Message not available
- Re: backdoor Jonas M Luster (Jun 24)
- Re: backdoor Hugo van der Kooij (Jun 26)
- Re: backdoor Greg A. Woods (Jun 26)
- Re: backdoor Jonas M Luster (Jun 23)
- Message not available
- Re: [incidents] Re: backdoor Jonas M Luster (Jun 25)
- RE: [incidents] Re: backdoor Don Weber (Jun 26)
- Re: backdoor Eric Rostetter (Jun 26)
- Re: backdoor Valdis . Kletnieks (Jun 26)