I've been covering the Duronio trial in which my friend Keith Jones is testifying as the government's star forensic witness. Today's story describes how Keith explained his findings while being attacked by defense attorneys. This excerpt is priceless:
At one point, [defense attoryney] Adams laid out a scenario in which someone could have created a backdoor in the UBS system, and then deleted it before a backup was done to capture it. When he asked Jones if he, personally, could do such a thing, Jones replied, "I could do a lot of things. That's why I'm hired to do the investigation."
Bamm! Nice response Jones.
It has been crucial to the prosecution's case that Jones is not a self-proclaimed "hacker." This report shows how the defense pursued Karl Kasper, aka "John Tan," ex-@Stake, ex-L0pht "hacker," for signing official documents as "John Tan" instead of using his real name. UBS hired @Stake to perform forensics before bringing Foundstone onto the case, thereby getting Keith involved.
All the wanna-be hacker kiddies should remember that grown-ups don't trust the opinions of "hackers" in courts of law.
Incidentally, I don't think Keith is a CISSP; at least he is not listed in the organization's member directory.
Update: Keith told me he is a CISSP. He must be a stealth one like me.