| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon Feb 20 14:41:59 2006 From: bpasdar at igxglobal.com (Babak Pasdar) Subject: How we caught an Identity Thief Barrie, Thank you for your advise. Will note for next time. Babak On Mon, 2006-02-20 at 14:32 +0000, Barrie Dempster wrote: > On Mon, 2006-02-20 at 09:15 -0500, Babak Pasdar wrote: > > 1. I had to get back to our office from the client site over an hour > > away :) Laws of physics to New York City traffic apply no matter what. > > Then notifying us of the timescale was irrelevant, as it was worded it > seemed like it was listed as an achievement. > > > 2. The client or a security company's network are not the best source > > for scanning and investigation activities. Lest you have someone who > > looks for these early signs of the investigation. Scans have to be > > alternately sourced. > > Indeed, but we had no indication of where you were. No need for a site > visit if the entire incident relates to online content. The entire > scenario could have been conducted over the phone with you in your > office. > > > 3. Running a few commands by no means is an indication of a fully > > packaged and verified set of information. A forensics case has to be > > started fully documenting all actions and times for possible future > > reference in legal proceedings. Rushing through something like this and > > not following procedure is the first step in being caught with your > > pants down later. > > There was no need for any of the scanning you had done. I doubt the > results of the scans provided any evidence more compelling than the web > page. If there was grounds to contact law enforcement on that alone then > the scanning (done cautiously or not) was irrelevant and possibly even > negligent as it could have led to the suspects realising someone was > paying attention to them, putting them one step ahead of their pursuers. > > If there is a case for legal action, then get the responsible legal > experts on board and stop playing around. > > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 827 bytes Desc: This is a digitally signed message part Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060220/c8abc2e7/attachment.bin -------------- next part -------------- _________________________________ igxglobal utilizes state of the art technology from PGP to ensure the safeguard of all electronic correspondences. This message could have been secured by PGP Universal. To secure future messages from this sender, please click this link and contact your representative at igxglobal for further information: https://keys.igxglobal.com/b/b.e?r=full-disclosure%40lists.grok.org.uk&n=4Njq7juzEf1Yn9MHjRn9Ow%3D%3D
Powered by blists - more mailing lists