Ethical Hacking Training at InfoSec Institute

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Computer Forensics Computer-Forensics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Ever seen a dead-man switch?

from [Lang, Matthew J] Network Security [Permanent Link]
Subject: RE: Ever seen a dead-man switch?
Date: Wed, 20 Oct 2004 08:16:36 -0400 
Mark,
Actually I have seen a setup such as you describe.  It was established for a 
laptop.  In the event the user did not enter the proper access codes the hard 
drive for the laptop was wiped to delete any relevant information.  It worked 
rather well according to the user since he had to rebuild the hard drive 
several times before he got used to remembering that he only had a few seconds 
to enter the commands.  Just my .02cents on the subject
Matt


-----Original Message-----
From: steven@pollards.us [mailto:steven@pollards.us]
Sent: Tuesday, October 19, 2004 2:07 PM
To: Lachniet, Mark
Cc: William Bressler; t. elam; Victor Hugo Menegotto;
forensics@securityfocus.com
Subject: Re: Ever seen a dead-man switch?


A dead man's switch is a device that must be reset every so often. If someone 
fails to reset it, it's assumed the operator is dead and the device starts a 
process. In the case of a computer, it emails certain people, deletes and 
encrypts specific files and directories, and other such stuff it's nothing more 
then a BAT file.

Steven




"Lachniet, Mark" <mlachniet@sequoianet.com> wrote ..

Out of curiosity, has anyone *ever* seen one (a dead man switch) in the
field?  I know its something that can be done, and a risk, but I can't
say I've ever heard a report of finding one.  Just curious.  Seems like
every time your DSL or cable modem flaked out, your hard drive would get
formatted :)  Considering my local service, that would mean a lot of OS
re-installs.

Thanks,

Mark Lachniet


-----Original Message-----
From: William Bressler [mailto:William.Bressler@gnostech.com]=20
Sent: Thursday, October 14, 2004 9:27 AM
To: 't. elam'; 'Victor Hugo Menegotto'
Cc: forensics@securityfocus.com
Subject: RE: RFC 3227 - Evidence Collection
=20
One danger in removing a network cable is the potential for a=20
"dead man"
switch, which could encrypt/delete data if the network=20
connection or other shutdown trigger happens.
=20
William Bressler
Senior Systems Engineer
Gnostech Inc.
215-443-8660 x11
-----Original Message-----
From: t. elam [mailto:tee@speakeasy.net]
Sent: Wednesday, October 13, 2004 3:10 PM
To: Victor Hugo Menegotto
Cc: forensics@securityfocus.com
Subject: Re: RFC 3227 - Evidence Collection
=20
=20
hi victor,
=20
my best guess would be general evidence preservation techniques which
could as specific as removing network cables from a system to a more
general approach to evidence handling that involves a locked storage
facility, loggin procedures, sealed evidence, etc.  in other words,
doing your best to control access to the evidence such that it isn't
altered.
=20
i am sure other have ideas as well ... :).
=20
cheers,
t
=20
=20
On Wed, 13 Oct 2004, Victor Hugo Menegotto wrote:
=20

Does anyone know what the phrase "Remove external avenues=20

for change"
mean?

This phrase is located on chapter 2 of the RFC 3227
http://www.faqs.org/rfcs/rfc3227.html

Thanks in advance.


Att.

Victor Hugo Menegotto,
Axur Information Security
Porto Alegre - RS - Brasil
Tel.: +55 (51) 3222 2874
www.axur.com.br <http://www.axur.com.br/>

=20
-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management=20
and tracking system please see: http://aris.securityfocus.com
=20
=20
-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management=20
and tracking system please see: http://aris.securityfocus.com
=20
=20


-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com



-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
[More with this subject...]


<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Ever seen a dead-man switch?, Jerry Shenk
Next by Date:  RE: Ever seen a dead-man switch?, Javier Otero De Alba
Previous by Thread:  RE: Ever seen a dead-man switch?, Altheide, Cory B. (IARC)
Next by Thread:  RE: Ever seen a dead-man switch?, Javier Otero De Alba
Indexes:  [Date] [Thread] [Top] [All Lists]