Security Incidents mailing list archives
Re: Who's liable?
From: <hvdkooij () vanderkooij org>
Date: Sun, 14 Oct 2001 00:29:18 +0200 (CEST)
On Sat, 13 Oct 2001, Michael F. Bell wrote:
Lets change the victim from a Goverment agency to a private one. Lets say that EBAY got hacked and they launched the same sort of investigation with the same findings.. What can be done from a legal /financial standpoint if an attack is detected from your company network and there is no proof on exactly who did it? Can the victims take legal action against you, or is there some sort of protocol from a legal standpoint that hinders this?
We know (or should know) that IP addresses can and will be faked in case of a real attempt and are not enough to So once a trace is so clearly pointing to you they must have some hard evidence from your uplink. At this point the evidence is allready there and it would be a matter of sorting out the small number of employees. The likelyhood someone is not having any telltale sing is quite remote. At this point 1 cleaner disk then the other N ones would be enough lead to turn on the thumbscrews on this person. Anyone have trouble hiding his/hers IP number isn't more then a slight inconvinience. (Untill proper handling of spoofed IP's is done more seriously.) All in all I fail to see why this would be a likely scenario. I can think of some others and less friendly ones that are much more likely. Hugo. -- All email send to me is bound to the rules described on my homepage. hvdkooij () vanderkooij org http://hvdkooij.xs4all.nl/ Don't meddle in the affairs of sysadmins, for they are subtle and quick to anger. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Who's liable? Michael F. Bell (Oct 13)
- Re: Who's liable? hvdkooij (Oct 13)
- Re: Who's liable? macdaddy (Oct 14)
- RE: Who's liable? Dom Genzano (Oct 14)
- Re: Who's liable? Kelly Martin (Oct 14)
- Re: Who's liable? macdaddy (Oct 14)
- Re: Who's liable? hvdkooij (Oct 13)
- Re: Who's liable? Jay D. Dyson (Oct 13)
- Re: Who's liable? - fbi Alvin Oga (Oct 13)
- Re: Who's liable? Alvin Oga (Oct 13)
- RE: Who's liable? Chris Mason (Oct 13)
- RE: Who's liable? Liam Burrow (Oct 13)
- RE: Who's liable? Russell Berry (Oct 13)
- RE: Who's liable? Brian Taylor (Oct 14)