Security Event / Customer Reporting

From: Tyrannis Von Nettesheim (tyrannisat_private)
Date: Fri Jul 13 2001 - 08:57:40 PDT

  • Next message: Bojan Zdrnja: "RE: strange qmail actions"

    Folks:
    
    From the battlefield trenches of dealing with the constant ebb and flow of
    residential customers compromised generally due to the expected holes in
    Microsoft products, I have yet to get myself or hear of a request from any
    entity (with the exception of legitimate, authorized government
    investigators) for forensic data analysis from their own "home" networks.
    
    In a recent posting here, I read an opinion that people should be prepared
    to provide this.
    
    This is absolutely abhorrent, and leads us all down the slippery slope of an
    Orwellian society.
    
    Customers, unless engaged in financial business or other business with
    regulatory requirements, should not be ever subjected to anything near a
    requirement to store their own data, or be prepared to provide historical
    data. At the surface, this violates privacy concerns. Deeper under the
    surface, it would make security professionals de-facto extensions of law
    enforcement in a very unregulated way. This immediately makes one think of
    government "strong-arming" a security professional into providing data, but
    this works the other way too - where a well-intentioned, but overzealous
    security engineer discloses confidential data improperly or commits a
    procedural error that leaves an employer exposed legally. This is why we
    have courts, judges, magistrates, search warrants, process, and procedure,
    to ensure that requests for confidential data and privacy intrusions are
    well-formed and within the bounds of current law.
    
    Stepping above the day-to-day techie mindset we're in, it's interesting to
    consider the question of : "Who owns a packet once it's off your network?".
    Current US law seems to view examining transit traffic like radio
    interception - a no-no, for the most part. There's also the huge issue of
    how to prove / maintain a chain-of-evidence, yet another slippery slope in
    the digital crime era. =(
    
    -T
    
    
    
    
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    
    "...Far better is it to dare mighty things, to win glorious triumphs
    even though checkered by failure than to take rank with those
    poor spirits who neither enjoy much nor suffer much because they
    live in the gray twilight that knows neither victory nor defeat..."
    
    				-Theodore Roosevelt, 1899.
    
    
    
    
    ----------------------------------------------------------------------------
    
    
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see:
    
    http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Fri Jul 13 2001 - 15:24:53 PDT