Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] Hash

from [Valdis . Kletnieks] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] Hash
Date: Fri, 27 Jul 2007 09:49:41 -0400 
On Thu, 26 Jul 2007 18:23:37 MDT, Tremaine Lea said:


Apparently you've never heard of a mail administrator tagging  
outbound email for all users. It's pretty common.  Of course, you may  
lack the experience of dealing with large companies.


The fact a large company does it doesn't make it any less stupid.  And you
think a large company could afford their own mailserver rather than making their
people use Gmail (now wrap your head around the concept of "confidential mail
anywhere *near* a Google-owned server"... ;)

To pick up on a part of the sig that Nick didn't rip into publicly:


"and delete it from your system"


Presumably, Tremaine, in his self-claimed role as "Security Consultant"
*and* "Paranoia for hire", realizes that it quite likely sat on my site's main
mail server for anywhere from several seconds to several hours (in fact, there
are probably copies on *3* different servers in our mail cluster) - and that
until some *other* piece of mail happens to land on those same blocks of 
storage,
the text is quite easy to recover by any decent computer forensics practitioner.

On the other hand, actually going in and overwriting the affected block(s) is
quite challenging, especially when it's a 10 terabyte mailstore handling
several million messages a day for 100K users.  We'll be happy to do it - *IF*
Tremaine's company is willing to indemnify us for the downtime.

So there's 2 possible outcomes here:

1) The request has zero legal standing, and Tremaine's company is relying on
the kindness of strangers rather than using PGP or S/MIME to actually secure
their mail.  This sort of thing is usually called "lack of due diligence",
and I don't think any company wants to be flaunting it.

2) The request *does* have legal standing - in which case Tremaine's company
may indeed have some liability to pick up any and all associated costs.

Particularly interesting is the legal question of what happens when a
"please delete all copies" request is attached to something that's sent to
a company that is required to retain copies of *everything* for regulatory
compliance (as is true for some financial-sector companies).....

Attachment: pgpjZYSsWdErY.pgp
Description: PGP signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Full-disclosure] FLV File Remote Code Execution Exploit, Mesut EREN
Next by Date:  Re: [Full-disclosure] Hash, Tremaine Lea
Previous by Thread:  Re: [Full-disclosure] Hash, Tremaine Lea
Next by Thread:  Re: [Full-disclosure] Hash, Tremaine Lea
Indexes:  [Date] [Thread] [Top] [All Lists]