lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Mon Feb 20 14:33:39 2006
From: barrie at reboot-robot.net (Barrie Dempster)
Subject: How we caught an Identity Thief

On Mon, 2006-02-20 at 09:15 -0500, Babak Pasdar wrote:
> 1. I had to get back to our office from the client site over an hour
> away :)  Laws of physics to New York City traffic apply no matter what.

Then notifying us of the timescale was irrelevant, as it was worded it
seemed like it was listed as an achievement.

> 2. The client or a security company's network are not the best source
> for scanning and investigation activities.  Lest you have someone who
> looks for these early signs of the investigation.  Scans have to be
> alternately sourced.

Indeed, but we had no indication of where you were. No need for a site
visit if the entire incident relates to online content. The entire
scenario could have been conducted over the phone with you in your
office.

> 3. Running a few commands by no means is an indication of a fully
> packaged and verified set of information. A forensics case has to be
> started fully documenting all actions and times for possible future
> reference in legal proceedings.  Rushing through something like this and
> not following procedure is the first step in being caught with your
> pants down later.

There was no need for any of the scanning you had done. I doubt the
results of the scans provided any evidence more compelling than the web
page. If there was grounds to contact law enforcement on that alone then
the scanning (done cautiously or not) was irrelevant and possibly even
negligent as it could have led to the suspects realising someone was
paying attention to them, putting them one step ahead of their pursuers.

If there is a case for legal action, then get the responsible legal
experts on board and stop playing around.


-- 
With Regards..
Barrie Dempster (zeedo) - Fortiter et Strenue

"He who hingeth aboot, geteth hee-haw" Victor - Still Game

blog:  http://reboot-robot.net
sites: http://www.bsrf.org.uk - http://www.security-forums.com
ca:    https://www.cacert.org/index.php?id=3
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 1859 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060220/96d53ba4/smime.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ