"The Natural Philosopher" wrote in message
...
Bernard Peek wrote:
On 26/02/12 20:58, The Natural Philosopher wrote:

Well thats uyouir knowelege limits and I have mine.

I know.

Let's say that if anyone has broken in they have left no trace and
altered nothing. Or I would *know*. Which makes it 'not compromised'

Absence of evidence is not evidence of absence.


Hint: there is no such thing as an undetectable change.

I'd like to see evidence for that assertion.

Are you really stupid?

If a change makes no difference to anything, ipso facto, it is not a
change. All changes therefore must make a difference, and are therefore
detectable.



I think it's probably true
but it's not relevant here because the issue at hand isn't undetectable
change, but undetected change. The two are different.



Right. Given two computers, how can you use one to tell if the others
disk content has changed?


Fascinating watching the sophisticated cut and thrust of intellectual
debate.

IIRC there used to be a standard security feature in Linux where you could
run a full system checker which scanned the complete filestore to identify
any changes.
I never ran it because I couldn't work out how you knew if any of the
zillion changes made each day was good or bad.
Also, I did wonder what would happen if the system checker was compromised.
Also, I did wonder if the system did a bit by bit comparison of every single
file or relied on things like date, time, size in the indexes which can be
changed if you get deep enough into the entrails of the system.
However this should identify if you have just received 1,000 incoming emails
to your root account telling you that you aare a plonker :-)

Cheers

Dave R
--
No plan survives contact with the enemy.
[Not even bunny]

Helmuth von Moltke the Elder

(\__/)
(='.'=)
(")_(")