Full Disclosure mailing list archives
RE: [inbox] Re: Reacting to a server compromise
From: "Curt Purdy" <purdy () tecman com>
Date: Mon, 4 Aug 2003 13:34:47 -0500
HIPAA has made it a new world. The attorneys are already salivating and trying to dig up any potential "victims" they can find, look to Arizona as an example. Since this box was used to attacke doctor's records, there is a good chance it's tracks will be found. This guys got two options, either don't touch the box, play dumb, and hope the cracker doesn't know how to cover his tracks (unlikely), or dd the drive, take the box offline (in that order in case it has a smart-bomb planted), and notify notify notify. We are instituting IDS and logging systems for healthcare customers every day and are finding attacks that they would not have even guessed at a year ago. By law they must keep their logs three years, plenty of time for even scumbag lawyers to find it. If you have done due diligence, you will be a sitting duck. Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA Information Security Engineer DP Solutions cpurdy () dpsol com 936.637.7977 ext. 121 ---------------------------------------- If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked. -- White House cybersecurity adviser Richard Clarke -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com]On Behalf Of Aron Nimzovitch Sent: Sunday, August 03, 2003 12:28 PM To: full-disclosure () lists netsys com Subject: [inbox] Re: [Full-disclosure] Reacting to a server compromise No good deed goes unpunished. Been there, tried that, nearly got hit with a lawsuit (IMMEDIATE threat from the suit involved). If the suits running the place had half a brain between them, your "info" would be unnecessary. If you cannot prove 'beyond a reasonable doubt' that you did not conduct the attacks yourself and then post this BS as a coverup, you will be overrun, no matter how "white" you might be. Better have deep pockets to proceed, or get the noobs here telling you to "tell all" to pony up to your defense fund. Ask Randall Schwartz about it sometime. Welcome to the real America! _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Reacting to a server compromise Mark (Aug 01)
- Re: Reacting to a server compromise Peter Busser (Aug 02)
- RE: Reacting to a server compromise Wayne Chang (Aug 02)
- Re: Reacting to a server compromise SecuresDotComs (Aug 02)
- RE: Reacting to a server compromise Edward W. Ray (Aug 02)
- Re: Reacting to a server compromise Aron Nimzovitch (Aug 03)
- RE: [inbox] Re: Reacting to a server compromise Curt Purdy (Aug 04)
- RE: [inbox] Re: Reacting to a server compromise Ron DuFresne (Aug 04)
- RE: Reacting to a server compromise Edward W. Ray (Aug 02)
- <Possible follow-ups>
- Re: Reacting to a server compromise Jennifer Bradley (Aug 02)
- RE: [inbox] Re: Reacting to a server compromise Curt Purdy (Aug 03)
- RE: [inbox] Re: Reacting to a server compromise Michal Zalewski (Aug 03)
- RE: [inbox] Re: Reacting to a server compromise Curt Purdy (Aug 04)
- RE: [inbox] Re: Reacting to a server compromise Michal Zalewski (Aug 05)
- RE: [inbox] Re: Reacting to a server compromise Curt Purdy (Aug 05)
- RE: [inbox] Re: Reacting to a server compromise Bojan Zdrnja (Aug 06)
- RE: [inbox] Re: Reacting to a server compromise Michal Zalewski (Aug 06)
- RE: [inbox] Re: Reacting to a server compromise Curt Purdy (Aug 03)