I spotted an interesting article on ZDnet Australia today: “Fraudsters escape as laws bind AusCERT“.

AusCERT head Graham Ingram said the logs were previously viewable in plain text, but are now stored in a protected MySQL format.

“They are encrypted and we can’t break that by law,” he told an audience at the National Security Australia conference in Sydney yesterday.

This was the part that caught my eye. Is this a new trend? Is this a legal issue limited to Australia? At least I hope so. There have been many examples on police getting exempt from certain security laws like the “police trojans” (Germany). I have mixed feelings about such actions but I totally support a CERT or forensics team bypassing “protected” parts of a system if crimeware is involved. I’m just wondering if the malware writers had this legal issue in mind when they ‘protected’ the info or if they were just protecting their assets against competitors?

Speaking of CERTs, CERT Polska published a really interesting article today on the new Zeus malware involving banking trojans that infect Blackberries and Android phones. Check it out here. Now that banks are gearing towards dual authentication through phones and/or mobile apps, the threat landscape just followed. Where there is money, there is…..

*** This is a Security Bloggers Network syndicated blog from Security4all - Dedicated to digital security, enterprise 2.0 and presentation skills authored by Bkay. Read the original post at: http://feedproxy.google.com/~r/Security4all/~3/6BfqEin2Vlc/when-cert-has-to-break-law.html