[funsec] Police blotter: Web cookies become defendant's alibi
Dr. Neal Krawetz
hf at hackerfactor.com
Fri Oct 27 12:00:07 CDT 2006
On Fri Oct 27 07:07:56 2006, Richard M. Smith wrote:
> A few quick comments. a). An IE cookie files contains an internal time stamp
> which is much harder to fake than file timestamps. b). Regardless of the
> timestamp of the cookie files, it is unknown who was at the keyboard whent
> the cookies files were made or accessed. c). A more complete investigation
> may have found other files on the hard drive in the timeframe of interest.
Granted, I only know what I read in the news article. (And we know how
thorough and accurate news reporters generally are... No offense Larry. ;-)
Based on what I read, this seems pretty shoddy as far as defense goes.
- Cookies have lots of timestamps. Some are set by the browser, some
(e.g., expiration) are set by the server, and some can be embedded in
the cookie itself.
Since servers usually use a static expiration offset (e.g., expire in
30 minutes or in 7 days), they can use that to correlate the date.
(Still can be forged, but not as well known.)
- I agree with you -- why not get the web logs?
- He said he was shopping online. Did he buy anything?
If so, then his credit card transaction will have a timestamp that he
cannot forge. (Does not mean "he" used the credit card, but does
- Was his car engine warm? Driving 27 miles has a warm engine; parked
for 30 minutes (reportedly according to timestamps) is a cool engine.
Then again, he said he doesn't own that type of car. Did they check
if any of his friends have that kind of car?
- Most major traffic intersections have cameras. Did any camera pick
up the vehicle? Can you see the driver -- is it him?
- Was the entire conviction based on witness accounts? Witnesses are
known to be unreliable and inconsistent. And a police officer said
he saw nobody in the area matching the description -- was "anybody"
seen in the area (regardless of match)?
Was there any physical evidence showing he was there?
Way too many holes... At least from the news report.
However, if the court case actually addressed these items, then maybe the
ruling was accurate.
Neal Krawetz, Ph.D.
Hacker Factor Solutions
Author of "Introduction to Network Security" (Charles River Media, 2006)
More information about the funsec