Session recording

Bill McGonigle bill at bfccomputing.com
Sun Apr 6 02:27:55 EDT 2008 

From: Paul Lussier
> Not knowing the letter of the standard, or the standard for that
> matter, I can not speak definitively on the matter.

It's OK - nobody really does except the people who want $300/hr to  
give you evasive answers on the matters.

> This may or may not suffice for the current needs depending upon the
> definition of 'tamper-proof'.  I.e., if tamper-proof means 'once
> written to disk they can never be changed' then it will work.  If
> tamper-proof means 'there can be no possible way the data could be
> intercepted between memory and writing to disk, then obviously it
> won't work.  Since, if you're writing to a remote file system over the
> network, there is ample opportunity to intercept the log data.

See you're thinking logically here, doing reasonable risk  
assessment.  Remember these are the guys who wanted me to dump md5  
password hashes because it wasn't encryption, and they read  
encryption==security!  Any of these methods are one PHP bug and one  
vmsplice() bug away from being tampered anyway, so hanging things by  
multiple chains is clearly advised.

From: "Ben Scott"
>   A standards specification document can't provide security.  It can
> provide a list of good ideas -- like protecting your logs against
> tampering -- to help you implement good security practices, but
> running through a checklist isn't a substitute for doing it with the
> right attitude.

People whose lives are made difficult by bad security understand  
these things.  People who are trying to duck and run for cover like  
to create distractions and threaten rate surcharges.

>   BTW, Bill -- you have comment spam in that blog entry.  How  
> ironic.  :-)

Eh, I left it because it was was at least on-topic even if it was a  
bit self-promoting.  I figured the guy must've typed it by hand since  
he misspelled his own URL.  No help on this PageRank there. :)

-Bill
-----
Bill McGonigle, Owner           Work: 603.448.4440
BFC Computing, LLC              Home: 603.448.1668
bill at bfccomputing.com           Cell: 603.252.2606
http://www.bfccomputing.com/    Page: 603.442.1833
Blog: http://blog.bfccomputing.com/
VCard: http://bfccomputing.com/vcard/bill.vcf

More information about the gnhlug-discuss mailing list