Ethical Hacking Training at InfoSec Institute

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Computer Forensics Computer-Forensics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Ever seen a dead-man switch?

from [Javier Otero De Alba] Network Security [Permanent Link]
Subject: RE: Ever seen a dead-man switch?
Date: Tue, 19 Oct 2004 14:58:18 -0500 
This term comes from the old steaming machines, the operator must always be 
pushing a handle, if the operator dies for any rason the push ends and the 
machine stops.

Ing. Fco. Javier Otero De Alba
Diplomado en Seguridad Informática ITESM CEM 
ITStrap
Product Manager 
Juniper Secure Access SSL

5243-4782 al 84 Ext.300
México, D.F. 



-----Mensaje original-----
De: steven@pollards.us [mailto:steven@pollards.us]
Enviado el: Martes, 19 de Octubre de 2004 01:07 p.m.
Para: Lachniet, Mark
CC: William Bressler; t. elam; Victor Hugo Menegotto;
forensics@securityfocus.com
Asunto: Re: Ever seen a dead-man switch?


A dead man's switch is a device that must be reset every so often. If someone 
fails to reset it, it's assumed the operator is dead and the device starts a 
process. In the case of a computer, it emails certain people, deletes and 
encrypts specific files and directories, and other such stuff it's nothing more 
then a BAT file.

Steven




"Lachniet, Mark" <mlachniet@sequoianet.com> wrote ..

Out of curiosity, has anyone *ever* seen one (a dead man switch) in the
field?  I know its something that can be done, and a risk, but I can't
say I've ever heard a report of finding one.  Just curious.  Seems like
every time your DSL or cable modem flaked out, your hard drive would get
formatted :)  Considering my local service, that would mean a lot of OS
re-installs.

Thanks,

Mark Lachniet


-----Original Message-----
From: William Bressler [mailto:William.Bressler@gnostech.com]=20
Sent: Thursday, October 14, 2004 9:27 AM
To: 't. elam'; 'Victor Hugo Menegotto'
Cc: forensics@securityfocus.com
Subject: RE: RFC 3227 - Evidence Collection
=20
One danger in removing a network cable is the potential for a=20
"dead man"
switch, which could encrypt/delete data if the network=20
connection or other shutdown trigger happens.
=20
William Bressler
Senior Systems Engineer
Gnostech Inc.
215-443-8660 x11
-----Original Message-----
From: t. elam [mailto:tee@speakeasy.net]
Sent: Wednesday, October 13, 2004 3:10 PM
To: Victor Hugo Menegotto
Cc: forensics@securityfocus.com
Subject: Re: RFC 3227 - Evidence Collection
=20
=20
hi victor,
=20
my best guess would be general evidence preservation techniques which
could as specific as removing network cables from a system to a more
general approach to evidence handling that involves a locked storage
facility, loggin procedures, sealed evidence, etc.  in other words,
doing your best to control access to the evidence such that it isn't
altered.
=20
i am sure other have ideas as well ... :).
=20
cheers,
t
=20
=20
On Wed, 13 Oct 2004, Victor Hugo Menegotto wrote:
=20

Does anyone know what the phrase "Remove external avenues=20

for change"
mean?

This phrase is located on chapter 2 of the RFC 3227
http://www.faqs.org/rfcs/rfc3227.html

Thanks in advance.


Att.

Victor Hugo Menegotto,
Axur Information Security
Porto Alegre - RS - Brasil
Tel.: +55 (51) 3222 2874
www.axur.com.br <http://www.axur.com.br/>

=20
-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management=20
and tracking system please see: http://aris.securityfocus.com
=20
=20
-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management=20
and tracking system please see: http://aris.securityfocus.com
=20
=20


-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com



-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
[More with this subject...]


<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Ever seen a dead-man switch?, Lang, Matthew J
Next by Date:  e-crime and computer evidence conference 2005 - programme now online, Angus Marshall
Previous by Thread:  RE: Ever seen a dead-man switch?, Lang, Matthew J
Next by Thread:  RE: Ever seen a dead-man switch?, Glenn_Everhart
Indexes:  [Date] [Thread] [Top] [All Lists]