lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
From: dufresne at (Ron DuFresne)
Subject: [inbox] Re: Reacting to a server compromise

> HIPAA has made it a new world.  The attorneys are already salivating and
> trying to dig up any potential "victims" they can find, look to Arizona as
> an example.  Since this box was used to attacke doctor's records, there is a
> good chance it's tracks will be found.  This guys got two options, either
> don't touch the box, play dumb, and hope the cracker doesn't know how to
> cover his tracks (unlikely), or dd the drive, take the box offline (in that
> order in case it has a smart-bomb planted), and notify notify notify.
> We are instituting IDS and logging systems for healthcare customers every
> day and are finding attacks that they would not have even guessed at a year
> ago.  By law they must keep their logs three years, plenty of time for even
> scumbag lawyers to find it.  If you have done due diligence, you will be a
> sitting duck.

HIPAA compliance is much more then logging and IDS.  But, I trust that
this is not the limit of the services DP Solutions provides in such cases.

Of course HIPAA is not a "new world" thing, but, rather a compliance issue
for a new class of users and data.


Ron DuFresne
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
	***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.

Powered by blists - more mailing lists