tag:blogger.com,1999:blog-21633793.post8085723039630236385..comments2023-12-12T03:19:42.467-05:00Comments on CYB3RCRIM3: Kyllo and "A Forensic Software Program"Susan Brennerhttp://www.blogger.com/profile/17575138839291052258noreply@blogger.comBlogger6125tag:blogger.com,1999:blog-21633793.post-70709364798207036922010-03-29T05:45:50.798-04:002010-03-29T05:45:50.798-04:00I gone through entire post. I like the point of di...I gone through entire post. I like the point of discussion and it is straight to the point.<br /><br />Thanks to be shared with us!!<br /><br />Regardssoftware systems designhttp://www.centennialcollege.ca/Programs/ProgramOverview.aspx?Program=0103&Calendar=2010-2011noreply@blogger.comtag:blogger.com,1999:blog-21633793.post-51933593185302511702010-02-26T08:52:17.975-05:002010-02-26T08:52:17.975-05:00I don't think Kyllo comparisons would be succe...I don't think <i>Kyllo</i> comparisons would be successful in this setting because none of the tools involved in the potential search are unavailable. As I read it, this case involved three programs: LimeWire, hashing, and the forensic software. That the defendant is actually running LimeWire rules it out. Hashing programs are free and widely available.<br /><br />The only tool involved that might qualify is the forensic software. The trouble I see with that is that its purpose is not to search through the captured data, but to assure that data is unmodified so that results are admissible. This sort of software is often quite expensive, but it's also narrowly targeted to a law-enforcement market (with a side of corporate computer security applications). In the thermal-imaging instance, the tool used to gather data is what was uncommon or not in general use. Here, data was gathered with common tools, but preserved by tools used only by law-enforcement.samiamthelawhttps://www.blogger.com/profile/06370481318698240885noreply@blogger.comtag:blogger.com,1999:blog-21633793.post-15819656380111944862010-02-23T10:36:20.286-05:002010-02-23T10:36:20.286-05:00This is bad characterization of how limewire works...This is bad characterization of how limewire works and how a search for a file on limewire works.<br /><br />Including the original computer there are only a tiny fraction of other computers who know what search terms the original computer is sharing. The original computer tells nobody the actual file names or hash values of the files themselves, it just shares the search terms.<br /><br />When you do a search you eventually will ask the original computer to provide you a list of the files that matches the search terms. The original computer is in no way broadcasting the files it shares.<br /><br />To use a metaphor, Its like going up to a house and asking the five your old child living there if their parents have drugs and then asking the five year old to get the drugs for you. Only on limewire you are able to do this search over millions of computers in seconds skipping over the houses that don't have five year olds or who don't have five year olds whose parents don't have drugs.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-21633793.post-58018617611198321082010-02-22T16:44:22.330-05:002010-02-22T16:44:22.330-05:00I think the consistent issue across all these (&qu...I think the consistent issue across all these ("computer crime" related) cases is the lack of understanding of how the underlying technology works, and an unfair (in terms of goose for gander) treatment of a computer user's actions.<br /><br />It seems to come down to responsibility - if a given user could have secured his system, then to have a 4th amendment claim, the courts say he should have. The problem is that this does not hold true in reverse - if you have a Windows XP system configured to share all it's files, and I access it without your permission, then in most jurisdictions I have committed a crime. I think a much more reasonable interpretation of privacy as it relates to computers would be "did the law enforcement official do something that if done by a normal citizen would be a crime". This would serve a few goals:<br />1) it would make the "goose for gander" hold true, which I always think it should.<br />2) it would encourage more thought about what computer crime is and is not<br />3) it would be a bright line (comparatively) for law enforcement to follow - especially since they, of anyone, should know the law.<br /><br />As for distinguishing Kyllo, I completely disagree. I would argue that for most people, the knowledge of how to actually secure your computer from leaking information is at least as enigmatic as how to prevent a building from radiating heat (which is not only doable, it is relatively easy - to me).<br />While it may be *easier*, from an effort standpoint, to secure your computer, that is only because people have written software, that if you trust, will do a decent job. even knowing which software to trust can be a challenge though.<br />As for the waste heat, there are even buildings today that are heat sinks - they actually draw in more heat than they produce.<br /><br />@Peter - actually LimeWire directly shares the hash of a file when listing available files. just because someone doesn't know what that means, doesn't change the fact that they have easy access to it.<br />As well, you obviously don't understand "hashmarks" - a hash is simple a computed signature for a file, that for any given hash, it is unlikely to find two sets of input that produce that hash. of course, it isn't impossible, and hash collisions are a well known attack on hash verification schemes.Lokihttps://www.blogger.com/profile/18406257117259929618noreply@blogger.comtag:blogger.com,1999:blog-21633793.post-77374582699070041562010-02-22T10:59:11.104-05:002010-02-22T10:59:11.104-05:00IE 6 is known to be horribly insecure, and suscept...IE 6 is known to be horribly insecure, and susceptible to many hacks and compromises. Yet people continue to use it, thus exposing their private files and confidential information.<br /><br />Here's an article from just a few days ago: “<a href="http://itexpertvoice.com/ad/why-you-cant-pry-ie6-out-of-their-cold-dead-hands/" rel="nofollow">Why You Can't Pry IE6 Out Of Their Cold Dead Hands</a>” (IT Expert Voice).<br /><br />So, in parallel with your argument:<br /><br />... IE 6 users have the ability to eliminate their computer’s ability to share files (and file names) via IE 6 but fail to exercise this ability.<br /><br />My point is that IE 6 users not only know they are exposing file information online, they are responsible for their computer’s ability to do just that.<br /><br />You might counter that an IE 6 compromise typically involves additional code or instructions transmitted to the user's browser. But in the case you're discussing, the government admittedly transmitted code or instructions to view the files on Borowy's computer.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-21633793.post-18631385679160454162010-02-22T10:19:57.646-05:002010-02-22T10:19:57.646-05:00If you are a computer programmer writing programs ...If you are a computer programmer writing programs that deal with disk drives at a very low level (i.e. bits and bytes), you will have software that can read the hashmarks. Otherwise the hashmarks are a technical artifact of no particular interest. So the software is easily available to the public, but the public isn't interested. An analogy might be that a home insulation contractor might have a thermal imaging camera, but the typical homeowner does not.<br /><br><br />What kind of idiot puts limewire on a computer holding CP? My guess is that Bowory used limewire to copy CP from others, and that he removed the sharing restriction to let others copy from him. Perhaps he did this only for certain others, and in this instance, didn't reset the sharing restriction. I think this puts you back to the "unauthorized access" issue you discussed a little while ago.PHVhttps://www.blogger.com/profile/17747600334514625200noreply@blogger.com