AW: OK, I've been hacked, now what?

[Peter.Kunz () sega ch]

> -----Ursprüngliche Nachricht-----
> Von:  dbell [SMTP:dbell () bway net]
> Gesendet am:  Dienstag, 11. Mai 1999 19:57
> An:   firewall-wizards () nfr net
> Betreff:      RE: OK, I've been hacked, now what?            
>
> On Tue, 11 May 1999 kevin.sheldrake () baedsl co uk wrote:
>
> > These two activities are expensive.  It is naive to assume that
> > because the
> > hacker knows that (s)he is not malicious that the victim will
> > also.  It would
> > be careless of the victim to ever assume that a hacker is not
> > malicious.
>
> I don't believe that there is an obvious distinction between "malicious" 
> cracking and "harmless" cracking. If someone has compromised your system
> and altered files, you are really not in any position to assume anything
> about that person's intentions (or competence; they may have caused damage
> accidentally).
        [Kunz, Peter]  That's probably a major issue: evenif it's just a
script kiddie that just foudn a hole, not knowing the system, s/he could
wreak havoc without intention or even knowing it.

> Even if the intention was only to deface a web page, you probably don't
> know whether or not the first thing the cracker did was to install a back
> door. Detecting such modifications (assuming you have cryptographic
> checksums of your original binaries available...) or reinstalling your
> system is likely to require a lot of time/money. 
        [Kunz, Peter]  Not if you've set up your logging/detection properly
:-)
>  
        Heuer's Law: Any feature is a bug unless it can be turned off.

        [Kunz, Peter]  :-))

        cu
        -pete
>