Full Disclosure mailing list archives
Re: How we caught an Identity Thief
From: Barrie Dempster <barrie () reboot-robot net>
Date: Mon, 20 Feb 2006 14:32:33 +0000
On Mon, 2006-02-20 at 09:15 -0500, Babak Pasdar wrote:
1. I had to get back to our office from the client site over an hour away :) Laws of physics to New York City traffic apply no matter what.
Then notifying us of the timescale was irrelevant, as it was worded it seemed like it was listed as an achievement.
2. The client or a security company's network are not the best source for scanning and investigation activities. Lest you have someone who looks for these early signs of the investigation. Scans have to be alternately sourced.
Indeed, but we had no indication of where you were. No need for a site visit if the entire incident relates to online content. The entire scenario could have been conducted over the phone with you in your office.
3. Running a few commands by no means is an indication of a fully packaged and verified set of information. A forensics case has to be started fully documenting all actions and times for possible future reference in legal proceedings. Rushing through something like this and not following procedure is the first step in being caught with your pants down later.
There was no need for any of the scanning you had done. I doubt the results of the scans provided any evidence more compelling than the web page. If there was grounds to contact law enforcement on that alone then the scanning (done cautiously or not) was irrelevant and possibly even negligent as it could have led to the suspects realising someone was paying attention to them, putting them one step ahead of their pursuers. If there is a case for legal action, then get the responsible legal experts on board and stop playing around. -- With Regards.. Barrie Dempster (zeedo) - Fortiter et Strenue "He who hingeth aboot, geteth hee-haw" Victor - Still Game blog: http://reboot-robot.net sites: http://www.bsrf.org.uk - http://www.security-forums.com ca: https://www.cacert.org/index.php?id=3
Attachment:
smime.p7s
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- How we caught an Identity Thief Babak Pasdar (Feb 20)
- Re: How we caught an Identity Thief Barrie Dempster (Feb 20)
- Re: How we caught an Identity Thief Babak Pasdar (Feb 20)
- Re: How we caught an Identity Thief Barrie Dempster (Feb 20)
- Re: How we caught an Identity Thief Babak Pasdar (Feb 20)
- Re: How we caught an Identity Thief Valdis . Kletnieks (Feb 20)
- Re: How we caught an Identity Thief Babak Pasdar (Feb 20)
- Re: How we caught an Identity Thief Valdis . Kletnieks (Feb 20)
- Re: How we caught an Identity Thief Babak Pasdar (Feb 20)
- Re: How we caught an Identity Thief Barrie Dempster (Feb 20)