Chris Calabrese wrote:
> > > * Logs are immutable.
> >
> > Immutable implies unchangable, which is impractical. (Relatively)
> > unchangable without detection?
>
> Ok, not perfectly immutable. Immutable without one of the following being true:
>
> * The mutation is detected (this gets into meta arguments of the log entry for
> the detection being changed, etc., but...) OR
> * The Trusted Computing Base of the machine the logs are deposited on is
> compromised.
>
You can have both. So i'll change that OR for a 'Even if'.
--
===================[ CORE Seguridad de la Informacion S.A. ]=======================
Emiliano Kargieman [EMAIL PROTECTED]
Director de Investigacion www.core-sdi.com
Corelabs
Pte. Juan D. Peron 315 Piso 4 UF 17
Buenos Aires, (1038). Argentina. Tel/Fax : +(54.11)43.31.54.02
===================================================================================
"When I was younger, I could remember anything, whether it had happened or not;
but my faculties are decaying now and soon I shall be so I cannot remember any
but the things that never happened. It is sad to go to pieces like this but we all
have to do it." -- Mark Twain
"La maxima adquisicion psicologica del mundo portenio es la absoluta insumision de
las
nuevas generaciones" -- Florencio Escardo
--- For a personal reply use [EMAIL PROTECTED]
