Re: Guidance Software response to iSEC report on EnCase

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Guidance Software response to iSEC report on EnCase
From: luke.cleverley@xxxxxxxxx
Date: 16 Aug 2007 04:12:16 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Guidance, in its response to ISEC report, stated on more than one occasion:-
"Also, by corrupting the NTFS partitions, the perpetrator would likely render 
his file system dysfunctional, which calls into question both the likelihood 
and feasibility of such a tactic. Thus, the chances of this specific scenario 
occurring in the field are extremely remote;"

A perpetrator, suspecting intervention by lawful authorities, and with time to 
spare, may use just this tactic to specifically avoid detection.

Prev by Date: Release of Pass-The-Hash Toolkit for Windows v1.0
Next by Date: Re: COSEINC Linux Advisory #1: Linux Kernel Parent Process Death Signal Vulnerability
Previous by thread: RE: Re: Guidance Software response to iSEC report on EnCase
Next by thread: iDefense Security Advisory 07.26.07: IBM AIX pioout Arbitrary Library Loading Vulnerability
Index(es):
- Date
- Thread