Digital Crime Scene Investigation
This morning we were privy to an excellent talk by Bill Oettinger, a Forensic Crime expert and detective with the Las Vegas PD. Bill also works with Internet Crimes against children.
Much to my dismay, there was no blue-radiating Luminol nor rose colored glasses involved. His talk mostly covered the means by which law enforcement agencies can either prove or disprove alleged crime covering a far broader range than I had ever supposed. The audience was polite, but could not manage to hold back on the questions and several times this drew Det. Oettinger away from his talk. But some of the questions were interesting, and as it turned out there was an employee of LexusNexus in the audience who was completely surprised at the role that the online legal database played in the Paris Hilton internet sex debacle of last year. As it turns out, that digital crime was perpetrated the the help of law enforcement officers just trying to help out an employee of LexusNexus, who was "checking on a password irregularity."
How many times have we been warned? Never give out a password, SSN, bank account or User ID, and question anyone asking for it! Some networks are going to a system of "secret questions" that only you know the answer to, or secret pass phrases. However, these are just longer versions of passwords. If you ever have to give out a secret answer, say, in order to reset a password, immediately go to the web site involved and change your secret question!
I was talking to a member of my own company's IT department while he was working through a problem with e-mail access. He is a guy that should know better, but sure enough, he asked me for my password. No one should take this more seriously than someone over an IT department for a major grocery store division. Of course I questioned him about it, and he allowed that they need to have a better system of deploying and changing passwords. I ended up giving it to him, but went ahead and changed it immediately as a matter of policy.
Much to my dismay, there was no blue-radiating Luminol nor rose colored glasses involved. His talk mostly covered the means by which law enforcement agencies can either prove or disprove alleged crime covering a far broader range than I had ever supposed. The audience was polite, but could not manage to hold back on the questions and several times this drew Det. Oettinger away from his talk. But some of the questions were interesting, and as it turned out there was an employee of LexusNexus in the audience who was completely surprised at the role that the online legal database played in the Paris Hilton internet sex debacle of last year. As it turns out, that digital crime was perpetrated the the help of law enforcement officers just trying to help out an employee of LexusNexus, who was "checking on a password irregularity."
How many times have we been warned? Never give out a password, SSN, bank account or User ID, and question anyone asking for it! Some networks are going to a system of "secret questions" that only you know the answer to, or secret pass phrases. However, these are just longer versions of passwords. If you ever have to give out a secret answer, say, in order to reset a password, immediately go to the web site involved and change your secret question!
I was talking to a member of my own company's IT department while he was working through a problem with e-mail access. He is a guy that should know better, but sure enough, he asked me for my password. No one should take this more seriously than someone over an IT department for a major grocery store division. Of course I questioned him about it, and he allowed that they need to have a better system of deploying and changing passwords. I ended up giving it to him, but went ahead and changed it immediately as a matter of policy.
posted by Michael Moore @ 11:38 AM
0 Comments:
Post a Comment
<< Home