NetSecLaw: Dedicated to events, news and trends in technology law. XML Feed

29.9.05

Incident Response and the Law: Monitoring and Disclosure

18 U.S.C. § 2511 - (2)(i) It shall not be unlawful under this chapter for an operator of a switchboard, or an officer, employee, or agent of a provider of wire or electronic communication service, whose facilities are used in the transmission of a wire or electronic communication, to intercept, disclose, or use that communication in the normal course of his employment while engaged in any activity which is a necessary incident to the rendition of his service or to the protection of the rights or property of the provider of that service, except that a provider of wire communication service to the public shall not utilize service observing or random monitoring except for mechanical or service quality control checks.

...

(c) It shall not be unlawful under this chapter for a person acting under color of law to intercept a wire, oral, or electronic communication, where such person is a party to the communication or one of the parties to the communication has given prior consent to such interception.

(d) It shall not be unlawful under this chapter for a person not acting under color of law to intercept a wire, oral, or electronic communication where such person is a party to the communication or where one of the parties to the communication has given prior consent to such interception unless such communication is intercepted for the purpose of committing any criminal or tortious act in violation of the Constitution or laws of the United States or of any State."

28.9.05

CSIRT Case Classification (Example for Enterprise CSIRT)

Checking Microsoft Windows Systems for Signs of Compromise

Checking UNIX/LINUX Systems for Signs of Compromise

27.9.05

Eighth Circuit Affirms Dismissal Of Invasion Of Privacy Claims Arising Out Of Search Of Employee's Office Computer, Gerald Biby v. Board of Regents of the University of Nebraska at Lincoln, et al., No. 04-3878 (8th Cir., August 22, 2005). The Eighth Circuit, affirming the court below, dismisses invasion of privacy claims brought by an employee of a state university under the Fourth and Fourteenth Amendments arising out of the search of his office computer by University employees. The University undertook the search in connection with a discovery request in a pending arbitration. As a result of documents discovered in this search, the University terminated plaintiff. The Eighth Circuit held that plaintiff's claims failed, both because plaintiff had no reasonable expectation of privacy in his computer in light of the University's computer policy, and because the search was reasonable given its scope and motivation.

26.9.05

The Changing Face of Expert Evidence from TR

14.9.05

Headlines:
If this ain't asking for it... New Microsoft portal will help cops
Dutch ISPs sue government for wiretapping costs
OK, so you know computers but not enough to hide you IP. Hmmm... Expert charged in computer hacking
Ex-student sentenced in UT computer hacking case

13.9.05

Digital Investigation - The International Journal of Digital Forensics & Incident Response - Articles of the Year

According to South Korea and Thailand, Google Earth threatens democracy - Perhaps they should read "The Open Society Paradox: Why the 21st Century Calls for More Openness, Not Less"? If you are curious, check out Chapter 1.

WIPO Gives Bill Cosby Rights to Fat Albert Domain Name

12.9.05

It's all evil!!

Okay, you NETSEC Law students. What did this guy get wrong? Five points for each correct answer. Warning: you'll need your aspirin on-hand while you read the article.

10.9.05

DFRWS2005 Forensic Challenge Results

Chris Betz developed memparser to reconstruct process list and extract information from process memory.

George M. Garner Jr & Robert-Jan Mora developed kntlist to interpret structures in memory and maintain an audit log and integrity checks.

8.9.05

DDOS for Hire Perpetrator Admits Guilt

6.9.05

New free software license takes aim at patents

3.9.05

EFF: The Customer Is Always Wrong: A User's Guide to DRM in Online Music (in plain English)

There is an increasing variety of options for purchasing music online, but also a growing thicket of confusing usage restrictions. You may be getting much less than the services promise.

Many digital music services employ digital rights management (DRM) — also known as "copy protection" — that prevents you from doing things like using the portable player of your choice or creating remixes. Forget about breaking the DRM to make traditional uses like CD burning and so forth. Breaking the DRM or distributing the tools to break DRM may expose you to liability under the Digital Millennium Copyright Act (DMCA) even if you're not making any illegal uses... (Click for full guide.)

1.9.05

Special Guest Speaker - Joe Klein - Tuesday, September 6th 7:30pm - Room 2038 - Chesapeake Campus

Joe Klein, senior security analyst at the aerospace electronic systems division for Honeywell Technology Solutions, will be in town next week and has offered to speak. Topics include war stories, tales from the trenches and insights into old, new and emerging security threats. Joe Klein routinely presents at security conferences around the nation including the Blackhat Briefings and Defcon. He is a leader of the IPv6 forum and an NSA-IAM (National Security Agency - Information Security Assessment Methodologist). His specializations include security assessments, auditing and social engineering.

This is a great opportunity and I hope to see you there. Feel free to bring interested friends and co-workers.