Saturday, 29 November 2008

Anton Piller (Civil Search)

An Anton Piller order is a civil court order providing for the right to search premises and seize evidence without prior warning. In the US, the Business Software Alliance has used these orders as a remedy when they are attempting to stop illegal software use (termed Software Piracy) and Copyright Infringement to achieve the recovery of property.

Ormrod LJ in Anton Piller KG v. Manufacturing Processes Limited in 1976 (UK) defined the three-step test for granting this order:

  1. There is an extremely strong prima facie case against the respondent,
  2. The damage, potential or actual, must be very serious for the applicant, and
  3. There must be clear evidence that the respondents have in their possession incriminating documents or things and that there is a real possibility that they may destroy such material before an inter parties application is able to be in court.
In the UK, Anton Piller orders have been (for the most part) outmoded by the introduction of a statutory Search order under the Civil Procedure Act 1997. These applications are still common in many places such as Canada and France.

Friday, 28 November 2008

The “P vs. NP” problem

One of the most contentious issues in not only computer science, but mathematics as a whole is the “P vs. NP” problem. The progress made on this problem is thus far limited to demonstrating that certain processes such as diagonalsation do not work. It is unlikely that any ``natural proof'' in the substance of Razborov & Rudich’s, ``Natural Proofs,'' (1997) will solve the issue.

The class P is defined as the class of decision problems solvable deterministically in polynomial time. The class NP is the class of decision problems solvable non-deterministically in polynomial time. This is important as polynomial differences in running time are considered small, exponential differences large. All reasonable deterministic computational models are polynomial equivalent. However, some solutions need to be determined through “brute force”.

We define this by stating that “P is the class of languages that are decidable in polynomial time on a single-tape Turing machine”. NP conversely is “the class of languages that have polynomial time verifiers”. The distinction is thus P is a class of languages for which membership may be decided quickly and NP is the class of languages which may be verified quickly.

The N v NP conjecture and the question as to whether one-way functions exist invites speculation due to the importance of the P and NP classes in a variety of fields (not least of which includes complexity studies). If it may indeed be demonstrated that P = NP is true, all complexity classes based on NP would collapse to P.

P is contained in NP by definition. The containment is believed to be proper in that there are problems where finding a short proof is super-polynomially more difficult than verifying the proof. It could be the case that P = NP is true, though the algorithms for solving NP-difficult problems in polynomial time are computationally intractable.

Most important to online commerce and the security of online systems, if P = NP is demonstrated, most of the cryptosystems currently in use would be rendered ineffective. This is directly due to the assumption that certain problems are difficult and computationally expensive to solve.

If P = NP, factoring could be done in deterministic polynomial time. This would be an advantage to many within the scientific community. The existence of an efficient factoring algorithm does not in any deterministic manner imply P = NP. Thus the factoring problem parts with NP-complete efforts.

It is known that P = NP if any one NP-complete problem is in P. Thus if there is found any P which does not equal NP, there may be no NP-complete problem in P. Some theorists hypothesize that the problem of P versus NP might be independent of the axioms of set theory and hence in principle not resolvable. So far, no single language in NP that is not in P has been proved to exist.

Cook and Levin discovered certain problems in NP where the individual complexity of the problem is related to the entire NP class. These are known as NP-Complete. If it is found that a polynomial time algorithm exists for any of the NP-Complete class, than all problems in the class NP will be solvable in polynomial time.

Thursday, 27 November 2008

Consider sitting a GSE

I have just had my GIAC Certified Intrusion Analyst (GCIA) Gold paper accepted. This is a paper on DNS Security issues that remain to plague us all. I shall link this when it is formally available in the preceding days.

This is the paper I wanted to complete before I sit my GSE exam next year. I have the GSE-Malware and the GSE-Compliance, but I wish to obtain the final of the three. I am still the only person with the Compliance stream GSE, so I WOULD lobve to see another person sit and pass this.

For GSE, the certificatuions that SANS/GIAC offer that are required are the GSEC, GCIA, and GCIH with 2 of 3 gold. I now have completed a Gold paper for all three of these certifications.

The GSE [GIAC Security Expert] certification is well worth considering and I heartily recomend it to anybody in the IT security field.

Now to completing my GCUX paper: "100 UNIX Commands"

100 UNIX commands to issue on other people's systems. This paper will analyse and present the top 100 commands in Unix/Linux that an attacker (and most crucially, a security tester) can use. These will range from commands to gain access to a system or extend access, to altering logs and other files (including the kernel) and to monitoring what is going on. The paper will also provide scripting techniques and examples based on these commands to provide the basics needed by any budding *NIX security professional.

Wednesday, 26 November 2008


My literature recommendation for the year.

The Brothers Karamazov

By Fyodor Dostoyevsky

It is a long book (960 pages in 4 sections and an epilogue), but well worth the time to read. Dostoevsky has a subtlety and insight into the human condition that is unparalleled.,,0_9780140449242,00.html

The story is a treatise on religion, politics and human nature.

Tuesday, 25 November 2008

eDiscovery and the US Federal Rules of Civil Procedure (FRCP)

In December 2006 number of amendments to the Federal Rules of Civil Procedure (FRCP) were introduced which simplified process of managing electronic records associated with the litigation process. In order to allow a simplified process of accessing “electronically stored information”, revisions and additions were introduced into Rules 16, 26, 33, 34, 37, 45, and Form 35. The U.S. Court’s Federal Court website ( contains additional information concerning these amendments.

The amendments to the FRCP incorporate five aspects of the discovery:

  1. The FRCP includes a definition of discoverable material;
  2. The amendments incorporate processes concerning the timely consideration of issues relating to electronic discovery. This includes provisions for the format of the documents that are produced;
  3. Provisions are made for instances where the discovery of electronically stored information would be difficult due to requirements to access sources that are not practically available;
  4. The amendments have included a course of action that allows a party to assert a claim of privilege or work product protection subsequent to the production of the documents; and
  5. Protection of organizations who are attempting to act in good faith through a “safe harbor” limit on sanctions under Rule 37. The section protection organization against the loss of electronically stored information that has occurred due to a routine process from computer systems.
Eric Rosenberg, former litigator with Merrill Lynch & Company stated, “Basically what has happened in this country [the US] is that discovery of documents which takes place as part of civil litigation and a part of criminal investigations has come to routinely include electronic documents”. E-record and E-mail retention is no longer simply about storing records. It is about managing risks. The risks of not properly managing e-mail and other electronic documents are significant and increasing with time.

Unfortunately, the Australian courts are still lagging. The planned updates to the evidence rules of the Australian Federal court are past due and have again been postponed.