Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Highlighting Security Issues

From: "Paul D. Robertson" <paul () compuwar net>
Date: Sun, 1 Aug 2004 10:28:21 -0400 (EDT)
Saw this on Slashdot, and thought it might be worth some thought...

http://www.aldotwaste.com/

The short version is that after being frustrated for a while, the person
in question Trojaned his boss's machine, and gathered screenshots over a 7
month period that show 70% of the time, his boss was playing solitaire,
and 20% of the time, checking his stocks.  The whistle-blower was removed
from his position, though he claims policy gave him the right to monitor
and document abuses.

Some of the knee-jerk reaction from the organization looks to be "there
was IDS and it was showing hacking and obviously this got us hacked!"
balanced by an independent report that says they were up to their ears in
false positives and didn't have AV updates working.

Thoughts?  Comments?  Updates from our favorite copying place?

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
paul () compuwar net       which may have no basis whatsoever in fact."
probertson () trusecure com Director of Risk Assessment TruSecure Corporation
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: