Mar 29 2010

Certifying lies

Tag: (i)realidad,Informática LegalJoaquim Anguas @ 7:54 pm

Packet Forensics is a firm that provides products and services to enterprises, network operators, law enforcement and defense and intelligence agencies.

It was mostly unknown, but lately it is gaining some focus because of a product of them that may be circumventing SSL.

See Wired (or Gizmodo) and arstechnica for more information. This paper from Christopher Soghoian and Sid Stamm explains the techniques they may be using.

P.S: Do not waste your time searching for the product on their website, it is not listed there.


Mar 28 2010

Evidence of obstruction

Tag: (i)realidad,Informática LegalJoaquim Anguas @ 12:24 pm

To the extent that the key players can be identified early, forensically imaging their hard drives immediately will demonstrate good faith and potentially avoid second-guessing later in the investigation.”

Karen E. Willenken, counsel specializing in white-collar criminal defense at New York-based Skadden, Arps, Slate, Meagher & Flom, makes a good point in this very interesting article.

It is focused on the importance of preserving hard drives in order to provide a strong proof support in the event of a request to produce evidence. At least in case the evidence found on them does not make you appear guilty.

Of course it does not fully apply to our legal system (Spain), but there are also mechanisms here that allow the judge to consider bad faith or to draw adverse inference from evidence (or the lack of it).

Via Forensic Focus.


Mar 24 2010

Robert M. White, RIP

Tag: 01Joaquim Anguas @ 8:07 pm

Major-general Robert M. White, the first person to fly a winged aircraft at four, five and six times the speed of sound and the first to reach the space by the same means, died last March 17th at the age of 85.

When I was a kid I spend many hours reading my elder brother’s book of planes. Man, X-15 was the speed itself.

Find this obituary at Los Angeles Times.

Via gizmodo.

I’d like to remember also Michael J. Adams, who died in 1967 flying another X-15 beast.


Mar 21 2010

Raiding Eternity

Tag: (i)realidadJoaquim Anguas @ 9:32 am

Gizmodo is putting together a series of entries related to how computers help us extend our retentiveness.

I touched the issue (laterally) here.

I recommend you reading MemoryForever.


Mar 20 2010

SecureCloud 2010: day 2 and conclusion

Tag: (i)realidad,Informática Legal,SystemsJoaquim Anguas @ 7:38 pm

SecureCloud 2010, second day:

Keynote

First session was an excellent keynote by Mrs. Pamela Jones Harbour, Commissioner at US Federal Trade Commission. She “asked the tough questions” and pointed to some “storm clouds”.

First “storm cloud” she talked about was asymmetry between users and companies: consumers may not understand when they are using cloud computing and it is hard for them to delimitate what data they are willing to share. In the offer side, providers do not offer consumers minimum choices, they present “incomprehensive privacy clauses”, they don’t “adequately disclose the scope” and hide behind “click wrapped agreements”.

Second “storm cloud” was (in)security. Cloud services are potentially unsecure and there’s a potential opportunity for providers to avoid responsibility and accountability.

Third “storm cloud” was competition. There’s a great range of choices and if the consumer’s side does not request accurate information and an adequate level of security in the competitive process, government may have to make an intervention on the market. Turbulent times are forcing companies to low cost, so they are forced by the market to lower best practices.

Fourth “storm cloud” was Incompatible jurisdiction. There is an uncertain state of the law in the USA and there’s being some lobbying at federal legislation on cloud computing. There’s a need to identify challenges and develop good practices. In any case, rules have to be process oriented, not technology oriented, not specific on technology requirements.

Final message was: ask the tough questions but don’t fear the challenge of the cloud.

Continue reading “SecureCloud 2010: day 2 and conclusion”


Mar 18 2010

Semantic Levels and Computer Evidence

Semantic Levels

As I had explained here, I consider there is a meaning construction, from magnetic fields in the surface of a disk to high level facts we can map to real world, when we talk about computer evidence. This contruction occurs in steps and every step involves a semiosis, up to high level facts.

It is in this last level in which a judge can render them into the final award applying all the arguments presented by the parties and regulations that rule the process.

There’s a state of opinion that defends that computer evidence that has been blessed by digital signature can slip into the process without the intervention of an expert witness: it can be treated as a document.

Don’t get me wrong, I am not saying that computer documents do not deserve this. But I am not talking about word processor or PDF files here, documents that have a meaning by themselves into the procedure. We are talking about something like a log file. And in general, I consider a log file a computer evidence, not a document.

In my oppinion this may lead to the following problem:

Continue reading “Semantic Levels and Computer Evidence”


Mar 16 2010

SecureCloud 2010: day 1

Tag: (i)realidad,Informática Legal,SystemsJoaquim Anguas @ 11:36 pm

Today I attended the first day at SecureCloud 2010, a two days event organized by ISACA, ENISA, CSA and IEEE centered on security on “The Cloud”.

In this first day I had the opportunity to attend to nine talks, all of them very focused and well presented.

Here’s a very concise summary of the sessions:

Continue reading “SecureCloud 2010: day 1”


Mar 14 2010

DECAF 2.0

Tag: (i)realidad,Informática LegalJoaquim Anguas @ 9:48 pm

Decafme, the guys behind DECAF, the anti-COFEE tool, have released a new version of it.

I must admit that I missed the importance of the initiative when I said it was “an exercise of posing” here, at least in the effects that this tool may have in shaping the way computer evidence is acquired.

Not that I use any tool to collect evidences while the target computer is on, but if I did I would be worried the next time I used one because the new version of DECAF can apply the same actions it did when detected COFEE to any tool it may have a signature for.

The guys at DragonJar make a brief summary here, and you may get some more information here.


Mar 10 2010

100: Ecosistema

Tag: (i)realidad,La ProfesiónJoaquim Anguas @ 12:40 pm

I understand the value of patents – offensively and, more importantly, for defensive purposes. Sun had a treasure trove of some of the internet’s most valuable patents – ranging from search to microelectronics – so no one in the technology industry could come after us without fearing an expensive counter assault. And there’s no defense like an obvious offense.”

From Jonathan Schwartz.

Esta entrada es la número 100.

Cuando cerca de tres años atrás escribí la primera entrada en este blog tenía claro que me quedaba mucho camino por recorrer hasta darle forma.

Aunque tras 99 entradas sí que creo que he conseguido centrarme un poco, aun hoy tengo esa misma sensación.

El párrafo anterior es de Jonathan Schwartz, ex-CEO y presidente  de (ex-)SUN MICROSYSTEMS Inc.

SUN ha sido fagocitada por Oracle  y es otra compañía que tenemos que ver diluirse, de la misma forma que Informix lo hizo en las fauces de IBM antes que ella. (Como nota de humor, no todos se han tomado bien la adquisición de SUN por Oracle).

Un tiempo antes SUN había cambiado su ticker de NASDAQ:SUNW a NASDAQ:JAVA. Un cambio así no podía traer nada bueno…

Volviendo al tema, el párrafo me parece muy significativo y revelador del “status quo” actual, en el que la intimidación vale tanto como la realidad.

El post de Schwartz al que pertenece el párrafo anterior tiene como título “Good Artists Copy, Great Artists Steal”. No se sabe si está citanto una frase que supuestamente pronunció Picasso o a Steve Jobs citando a Picasso.

Citando yo a Baudrillard (“Simulacra and Simulation (The Body, In Theory: Histories of Cultural Materialism)” , University of Michigan Press, 1995, p106):

There is no more hope for meaning. And without a doubt this is a good thing: meaning is mortal. But that on which it has imposed its ephemeral reign, what it hoped to liquidate in order to impose the reign of the Enlightenment, that is, appearances, they, are immortal, invulnerable to the nihilism of meaning or of non-meaning itself.

This is where seduction begins.”

Veremos qué tal se dan las siguientes 100 entradas.


Mar 07 2010

Felicitats Toni!

Tag: 01Joaquim Anguas @ 8:01 pm

Avui el meu amic Toni ha completat la seva primera marató, cursa de fons per excel·lència amb els seus 42 kilòmetres i 195 metres.

Tot i que el seu origen prové de la llegendària gesta del soldat missatger Filípides, que es diu que va recórrer la distància de la Batalla de Marató a Atenes per anunciar la victòria atenenca sobre els Perses, la distància actual es va determinar als Jocs Olímpics de Londres de 1908.

Trobo que és un exemple de que el compromís i l’esforç personal donen el seu fruit.

Felicitats Toni!


Página siguiente »